Closed paususe closed 4 years ago
I figured it out.
A few Microsoft root certificates were missing, so I downloaded authrootstl.cab
, extracted it and copied all the PEM certificates to /usr/share/pki/trust/anchors/
.
Another way is use openssl s_client -connect sws.update.microsoft.com:443 -showcerts
then save the cert content of Microsoft Update Secure Server CA 2.1
and trust it
upsync
works fine on Windows but it fails on Linux.I have tried with Ubuntu 18.04, openSUSE Leap 15.1 and others. I have tried with .NET Core 2.2 and 3.0. It always fails with:
$ dotnet run -p src/sync-tool/upsync-tool.csproj pre-fetch --master --destination master.zip Creating compressed metadata store master.zip Fetching categories ... Acquiring new access token... Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'sws.update.microsoft.com'. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Net.Security.SslState.ThrowIfExceptional() at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult) at System.Net.Security.SslStream.<>c.b47_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactoryb0(IAsyncResult asyncResult)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.UpdateServices.Client.ClientAuthenticator.GetAuthenticationInfo() in /home/pagarcia/dev/wsus/update-server-server-sync/src/library/Client/ClientAuthenticator.cs:line 181
at Microsoft.UpdateServices.Client.ClientAuthenticator.Authenticate() in /home/pagarcia/dev/wsus/update-server-server-sync/src/library/Client/ClientAuthenticator.cs:line 155
at Microsoft.UpdateServices.Client.ClientAuthenticator.Authenticate(ServiceAccessToken cachedAccessToken) in /home/pagarcia/dev/wsus/update-server-server-sync/src/library/Client/ClientAuthenticator.cs:line 107
at Microsoft.UpdateServices.Client.UpstreamServerClient.RefreshAccessToken(String accountName, Nullable`1 accountGuid) in /home/pagarcia/dev/wsus/update-server-server-sync/src/library/Client/UpstreamServerClient.cs:line 95
at Microsoft.UpdateServices.Client.UpstreamServerClient.GetCategories(IMetadataSink destination) in /home/pagarcia/dev/wsus/update-server-server-sync/src/library/Client/UpstreamServerClient.cs:line 140
at Microsoft.UpdateServices.Tools.UpdateRepo.MetadataSync.FetchUpdates(QueryFilter queryToRun, CompressedMetadataStore destinationResult) in /home/pagarcia/dev/wsus/update-server-server-sync/src/sync-tool/MetadataFetch.cs:line 167
at Microsoft.UpdateServices.Tools.UpdateRepo.MetadataSync.FetchCategories(FetchCategoriesOptions options) in /home/pagarcia/dev/wsus/update-server-server-sync/src/sync-tool/MetadataFetch.cs:line 98
at Microsoft.UpdateServices.Tools.UpdateRepo.Program.<>c.b 0_2(FetchCategoriesOptions opts) in /home/pagarcia/dev/wsus/update-server-server-sync/src/sync-tool/Program.cs:line 28
at CommandLine.ParserResultExtensions.WithParsed[T](ParserResult
1.FromAsyncCoreLogic(IAsyncResult iar, Func
2 endFunction, Action1 endAction, Task
1 promise, Boolean requiresSynchronization) --- End of stack trace from previous location where exception was thrown --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) at System.Threading.Tasks.ValueTask1.get_Result() at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Threading.Tasks.ValueTask
1.get_Result() at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask1 creationTask) at System.Threading.Tasks.ValueTask
1.get_Result() at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at System.ServiceModel.Channels.HttpChannelFactory
1.HttpClientRequestChannel.HttpClientChannelAsyncRequest.SendRequestAsync(Message message, TimeoutHelper timeoutHelper) --- End of inner exception stack trace --- at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>cDisplayClass1_0.1 result, Action
1 action) at Microsoft.UpdateServices.Tools.UpdateRepo.Program.Main(String[] args) in /home/pagarcia/dev/wsus/update-server-server-sync/src/sync-tool/Program.cs:line 15I have tried all the workarounds described in the .NET Core GitHub issue tracker but none of them work for me :-?