Notifications
Clear all
Topic starter
I am having an issue connecting to CPS. I keep getting a security error upon login. I work for an off site auditing company so we so we connect remotely to the clients system. I am trying to determine whether this error is something caused by our network/systems side or the clients CHUG server. Any help will greatly appreciated.
Error:
Error occurred in class WebServiceClientBase, method CallWebService SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'server1.xxx.xxxxxxx.int:9443'. Server stack trace: at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream() at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at GEHC.Centricity.Common.Application.ServiceLayer.Proxy.CommonWebservice.Login() at GEHC.Centricity.Common.Application.ServiceLayer.Proxy.CommonWebserviceClient.Login() at GEHC.Centricity.Common.Application.ServiceLayer.WebServiceClientBase`2.<>c__DisplayClass3.<CallWebService>b__2() at GEHC.Centricity.Common.Application.ServiceLayer.WebServiceClientBase`2.CallWebService[TReturn](Func`1 webServiceCall) WebException: The request was aborted: Could not create SSL/TLS secure channel. at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()
Posted : June 27, 2016 8:34 am
From GE, even though our error wasn't 100% identical we did see the SSL/TSL error with that KB installed.
We have just become aware of a potential conflict between a just released Windows Update and Centricity Practice Solution and Centricity EMR. This conflict causes the following error and stops client users from logging into the application:
Error occurred in class WebServiceClientBase, method CallWebService
Unable to make service calls: server is down or unavailable. Contact Administrator for assistance. Please check server port configuration; see the installation/upgrade guide for your system for details.
Our engineering teams have engaged and we are working towards a resolution. In the meantime, we recommend removing the Windows update causing the conflict.
To remove the Windows update KB3161608
Step 1: Click Start, Control Panel, locate and click on “Programs and Features"
Step 2: Once the List populates on the right, locate and click on “View Installed Updates” on the blue vertical banner to the left of the Program list.
Step 3: Click on Organize to sort by type.
Step 4: Scroll down to “Microsoft Windows”. Locate the Hotfix or update with (KB3161608).
Step 5. Right click on the update to select it. Choose “Uninstall”. Then, click “Yes” for the prompt to confirm uninstall
Step 6. Reboot workstation and attempt to log back into the application.
We will keep you updated with a resolution as soon as we have discovered root cause.
Thank you
Posted : June 27, 2016 8:41 am
Topic starter
After looking into it, the computers that are having the issue haven't installed that update yet. Maybe it's installed on one of the the remote servers or it's a different update. I will report back if I figure anything out. Thanks for the quick response.
Posted : June 27, 2016 9:26 am
I would try putting server1.xxx.xxxxxxx.int:9443 in a web browser and, assuming the server is listening, inspecting the certificate also. Perhaps the cert is expired or has a problem.
Posted : June 28, 2016 6:35 am
Topic starter
It's working now! It was the windows update KB3161608 like you said but it was installed on the remote virtual instance that we didn't access to so we asked them to remove it and everything went back to normal. Thx again!
Posted : June 28, 2016 4:40 pm
Good deal. Others have found out that the actual problem is KB3161639, which is included in the KB3161608 update rollup. It changes the priority and utilization of cipher suites.
Posted : June 29, 2016 3:42 am
This is a known issue that can be resolved by modifying the jboxx server.xml file, which is what corrected the same issue my environment was experiencing. GE actually recommends making this change regardless if your environment is currently having the issue.
https://engage.gehealthcare.com/docs/DOC-226197
Easy test is to take the server URL mentioned in the error and browse to it in a non-IE browser - if a certificate warning appears, but it does not when accessing in IE, then the GE-recommended fix should be what you need to do.
Posted : August 8, 2016 6:52 am
