This message is to inform you of SELECTserver OnLine maintenance scheduled for Friday 29 July 2011. At 9:00 PM (21:00) US EDT, SELECTserver OnLine will be put into maintenance mode whilst we complete routine maintenance. License updates, administration, and reporting functionality will be suspended during this maintenance window lasting approximately three hours. All Bentley products will continue to license without interruption. SELECTserver OnLine will return to a fully functional state Saturday 30 July 2011 once the maintenance is complete.
Thank You for your patience and understanding while we run this routine maintenance,
The SELECTserver OnLine Team
Hi,
after Bentley OnLine Maintenance (Friday 29 July 2011 to Saturday 30 July 2011) we are receiving
the following mail from our local Select Server:
"The following is a list of errors that have occurred in the services running on SELECTserver: ENSV1GEF
• Data Update Service - WARNING with status code 2 - service start time: 8/3/2011 10:10:48 AM - An error occurred retrieving the license from Bentley.com: - A server certificate could not be validated.
• Usage Log Posting - ERROR with status code -1 - service start time: 8/3/2011 10:05:34 AM - An error occurred while sending logs to bentley.com
This is an automated message from SELECTserver. Do not reply to this message. If you do not wish to recieve this message, use the SELECTserver administration site to remove yourself from the notifications list."
We are receiving one mail a day starting from Saturday 30 July 2011.
We are working on Select Server v08.11.07.25
Looking inside SS-DataUpdateService.log:
07-30-11 10:11:36 INFO - LicenseManager - USING BENTLEY LICENSE SERVER: appsnet.bentley.com/.../licensing.asmx
07-30-11 10:11:36 ERROR - LicenseManager - License Request processed in: System.Diagnostics.Stopwatch
07-30-11 10:11:36 ERROR - LicenseManager - WEB EXCEPTION requesting License File:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
Some error inside SS-UsageLogPostingService.log
On the log, we have the same error, for each day, starting from 30/07.
Can you help us to solve the problem?
Thank you
Massimiliano
Hi Massimiliano,
During the maintenance we also upgraded the SSL certificate. It is trusted by windows if updates have been run on the server (unfortunately our new certificate is not on the original list your server is most likely looking at). We do have this as a known issue and can be found in our knowledge base. I have included it in its entirety here:
Problem (63358):
"Server certificate could not be validated" error for Data Update Service and Request/Update License
The same issue may affect SS Gateway only against hosted, in this case in SS GW log:
Error checking SELECTserver version: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Happens only if SS or SS GW are configured to talk with bentley.com in HTTPS.
Solution (500000083178):
This may happen when user's system does not trust the Certification Authority that issued *.bentley.com certificate (for example a system that has not been updated for a long time as the list of Certification Authorities is being kept up-to-date by Windows Update).
To resolve use Windows Update or manually install the Certification Authority's (that issued certificate for Bentley) certificate into the Trusted Certification Authorities Store on the SS or SS GW machine (for the computer).
Root Certificates [March 2011] (KB931125)
www.google.com/url
Comodo CA
The comodo CA (and its parent CA AddTrust/USERTrust) is widely known/trusted, so most likely affected users may simply be able to run windows updates and/or browser updates to get the proper CA certificates installed. users could also download and manually install the CA certificate from comodo onto the affected SELECTServer as follows (see attached for screenshots):
Part 1 - download the CA certificates from comodo.com
1) use a web browser to navigate to http://support.comodo.com
2) click on Downloads in the top section of the page
3) click on Root & Intermediate Certificates at the top left of the page
4) click on InstantSSL/EnterpriseSSL/IntranetSSL at the top right of the page
5) click on AddTrustExternalCARoot at the top of the page
6) click on the Download button, save the AddTrustExternalCARoot.crt file to disk
7) click Back in the browser
8) click on Comodo High-Assurance Secure Server CA near the top of the page
9) click on the Download button, save the COMODOHigh-AssuranceSecureServerCA.crt file to disk
Part 2 - install the CA certificates to local machine
1) open a blank MMC - click on Start menu > Run > type MMC <enter>
2) click File > Add/Remove Snap-in, click Add
3) click the Certificates snap-in, click Add
4) choose Computer Account certificate store, click Next/Finish
5) expand the Certificates snap-in, right-click on Trusted Root Certification Authorities, click All Tasks > Import
6) in the Certificate Import Wizard, click Next and Browse to the location where the AddTrustExternalCARoot.crt file is saved (from Part 1, step 6 above)
7) select Automatically select the certificate store based on the type of certificate, click Next/Finish
8) expand the Certificates snap-in, right-click on Trusted Root Certification Authorities, click All Tasks > Import
9) in the Certificate Import Wizard, click Next and Browse to the location where the COMODOHigh-AssuranceSecureServerCA.crt file is saved (from Part 1, step 9 above)
10) select Automatically select the certificate store based on the type of certificate, click Next/Finish
after completing the above process, restart the SELECTServer.
The installercertificate zip file can be found at:
communities.bentley.com/.../installcertificates.zip.aspx