ENS: SSL TLS error to Cloud Notification Service (CNS)

Error/Symptom

This error is observed post the configuration of the Email Notification Service(ENS) in the ENS logs. This is caused when we cannot receive email notifications on IOS devices when using the AirWatch Inbox.

A sample of the error is as below

2015/12/23 16:58:42.611 AW-ENS 7891861c-4d64-4411-a902-00fff5953d75 [0000000-0000000] (9) Error AW.Mail.Notification.Service.BusinessImpl.NotificationForwarder Call to Notification Cloud failed System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)

This error is usually observed in an On Premise instance of AirWatch. The reason being, in an On premise instance of AirWatch, the ENS downloaded from the client's AirWatch Admin Console needs to trust the CNS (Cloud Notification Service) located in our data centers.

In a Saas instance of AirWatch, the ENS is downloaded from the Saas AirWatch Admin Console which by default trusts the CNS (Cloud Notification Service) located in our data centers.

 

Cause

The reason we have this error is because the Email Notification Service Does not trust the Cloud Notification Service located in our data centers.

 

Resolution

Download the Linux Secure Channel Certificate from the Clients AirWatch Admin Console and upload it to our DataCenters which host the Cloud Notification Service.

The image below shows the point in the Admin Console of AirWatch where the Secure Channel certificate can be downloaded.

1.png

 

Once the certificate has been downloaded an AirWatch support ticket needs to be created to get this certificate added to the CNS data centers.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.