UPS Worldship
- From: "Michael Weber" <mweber@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 20 Jan 2004 11:38:58 -0500
Hi all,
I know that this has been reviewed before; however, I still cannot
connect with the UPS Worldship software through my ISA Server. I'm not
an expert on ISA but I think I have set up everything correctly for the
software to have direct access to www.uoss.ups.com. And when I examine
the ISA logs I don't get an entry in the web proxy file, and I do get
one in the Firewall log.
The firewall log file and the ups trace file are given below, hopefully,
somebody can see something that will help me out.
I have connected successfully with Worldship on a computer without ISA.
The only difference in the log files is that I don't get the "Peer's
certificate has an invalid signature" error on the SSL_ForceHandshake,
and everything connects correctly.
My only guess is that ISA is still somehow messing with the SSL
certificate, but I don't know why.
Thanks,
Michael Weber
mweber@xxxxxxxxxxxx
---------------------------------
FIREWALL log
---------------------------------
192.168.0.26, <user>, getHostIP.exe:3:5.1, N, 1/20/2004, 11:21:23,
fwsrv, XTSERVER, -, www.uoss.ups.com, 153.2.72.100, 0, -, 0, 0, -, -,
GHBN, -, -, -, 0, 0, -, Allow rule, 39, 0
192.168.0.26, <user>, ShipUps.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv,
XTSERVER, -, -, 153.2.72.100, 443, 31, 0, 0, 443, TCP, Connect, -, -, -,
0, 0, Internal access, Allow rule, 31, 109
192.168.0.26, <user>, ShipUps.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv,
XTSERVER, -, -, 153.2.72.100, 443, 94, 52, 1752, 443, TCP, Connect, -,
-, -, 20000, 0, Internal access, Allow rule, 31, 109
---------------------------------
UPS log
---------------------------------
Transact Version 2.0.12.0 NSS 2.7.1 Thread 1764
01/20/2004 11:15:34.944 appMsgId=TNT_REQ clientType=1 nPort=443
dwFlags=1
01/20/2004 11:15:34.944 reqInfoLen=251 reqAppDataLen=0
rcvTimeout=120, SndTimeout=30,DNSTimeout=5
01/20/2004 11:15:34.944 Connect: locked.
01/20/2004 11:15:34.944 Socket SetUp entered.
01/20/2004 11:15:34.944 Initializing NSS.
01/20/2004 11:15:34.944 Verifying security databases located at
C:\WINDOWS\System32.
01/20/2004 11:15:34.991 SSL_ClearSessionCache completed.
01/20/2004 11:15:34.991 Connecting to : www.uoss.ups.com at port 443
01/20/2004 11:15:34.991 certdir = (C:\WINDOWS\System32)
01/20/2004 11:15:34.991 pszCommandLine = (www.uoss.ups.com 443
C:\WINDOWS\System32 99 GetHostIP1764.dat) ; pszImageModule =
(C:\WINDOWS\System32/getHostIP.exe).
01/20/2004 11:15:35.412 Process getHostIP Successfully.
01/20/2004 11:15:35.412 PR_GetHostByName() succeed.
01/20/2004 11:15:35.412 Host IP address = (153.2.72.100)
01/20/2004 11:15:35.553 Error in function SSL_ForceHandshake: -8182
- Peer's certificate has an invalid signature.
01/20/2004 11:15:35.553 Connect: Unlocked.
01/20/2004 11:15:35.553 Total Elapsed Time=640,Time to process
transaction=0,Time to resolve HOST IP =421,Time to make connection to
HOST=484,Time to make handsake=78,Time to send HTTP request=0,Time to
wait for HOST response=0,Time to receiving response message=0
01/20/2004 11:15:35.553 Transact API exited with return code 610,
status code 3010. Elapsed time = 0:01
Other related posts: