We just upgraded to v12.5.1 and couldn't get the Forgot Login button in the client to send a credential email. When we click the Forgot Login we get this error from .NET:
A .NET Framework error occurred during execution of user-defined routine or aggregate "TXP_SEND_CREDENTIALS":
System.Exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
System.Security.Authentication.AuthenticationException:
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.
...
System.Exception:
at TessituraSQLServices.StoredProcedures.SendCredentials(SqlString sAPIAddress, SqlStr
We have been using a local SMTP relay server in IIS 6.0 since v11 to send credential emails and order confirmations and it has worked just fine. I have taken the SMTP relay out of the equation and done this directly with Google Apps SMTP server, who is our email provider. Like I mentioned, this setup works just fine for sending credential emails from the web, but not from the client - I made sure the settings used by the Tessitura Web parent table settings match the ones in the Impresario parent table from T_DEFAULTS .
It seems that it might not like the certificate that Google is providing and maybe the client is looking for a mauiarts.org (our domain) certificate instead; I'm not 100% certain. There isn't any way for me to get Google's SMTP servers to use our domain certificate, so that won't happen. I've submitted a ticket in TASK , but want to know if anyone else has run into something like this?
Henry
Your web site talks direct to the SOAP API to send the credentials and order confirmation emails. Your internal clients, however, run a Stored Procedure on the Database that runs a .Net cli that connects to the SOAP API.
Also is the SOAP API url the same when accessing internally and externally? Just the domain name on the certificate will need to match the url you are calling.
It is worth checking that your DB server has access to the SOAP API and that it has all the relevant certificates installed on it to verify the cert being passed from the SOAP API.
Try logging on to the DB server and running IE and see if you can connect to the SOAP API over https and see if that throws any cert errors.
Mark
Thanks for the response, Mark. Tessitura Support mentioned almost exactly what you said. That explanation makes a lot of sense and identifies why it all works with our cart but not the internal client.
The URL for our SOAP services is an external address, but our SMTP relay server has a local certificate bound to it, as it is a local server. I've been connecting to the SMTP relay server internally, but I think TXP_SEND_CREDENTIALS wants to see a server that is the same name as the domain I'm trying to send mail from.
What I'm going to do is create a second SMTP server that is set up as having the same domain name as our email service, bind our domain cert to it, add an external DNS record for it, and create a 1-to-1 NAT to forward SMTP to my internal SMTP relay server. This way, everything seems to be in line with mauiarts.org and not a mix of mauiarts.org and macc.local addresses and certificates.