question

91139169 avatar image
0 Votes"
91139169 asked AnuragSingh-MSFT commented

"Authentication failed because the remote party has closed the transport stream" Connecting to management.azure.com

I have an application that tries to utilize Azure API using Azure SDK for .NET.

First, it uses login.microsoftonline.com to obtain access_token.
I can't see details in Wireshark .pcapng because TLS data is encrypted but it seems that everything is OK.

I have a problem with the next step when the application actually tries to get some data from management.azure.com
It sends Client Hello to management.azure.com but right after this management.azure.com returns [FIN, ACK].
Here is a screenshot from Wireshark:

140244-image.png


So everything is fine with TLS handshake for login.microsoftonline.com,
but for management.azure.com Azure closes the connection right after Client Helo.

What could be the reason?
It does not look like a problem with an access token as TLS handshake does not use it as I know.



azure-monitorwindows-platform-network
image.png (226.5 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AnuragSingh-MSFT avatar image
0 Votes"
AnuragSingh-MSFT answered AnuragSingh-MSFT commented

Hi @NechyporenkoOleksandr-9360

Welcome to Microsoft Q&A! Thanks for posting the question.

Apologies for the delayed response. The TLS handshake is completed after server responds with “Server hello” along with the negotiated specifications - most importantly Cypher algorithm to use. This link has a good explanation of the complete TLS handshake process. Most common causes for unsuccessful handshake process are:
- Server endpoint does not support the TLS version (which should not be the case here as the version is 1.2)
- Security software (antivirus/malware etc.) blocking OR intercepting the communication.
- None of the Cypher algorithms or other specifications presented by client in Client Hello packet is supported by the Server.

In Wireshark, to be able to get an overview of complete packet exchange for a particular conversation, please right click on the line with “Client Hello” message --> Conversation filter --> IP4. From here, the following troubleshooting guide would help you gain more insight of the handshake process and troubleshoot the failure.
- TLS connection common causes and troubleshooting guide – Part 1
- TLS connection common causes and troubleshooting guide – Part 2
- Troubleshooting TLS / SSL communication problems

In case, the steps and troubleshooting guide above does not help with the issue, you can enable Schannel event logging on your machine to get more details on the error. Please let me know if you have any questions.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnuragSingh-MSFT avatar image AnuragSingh-MSFT ·

@NechyporenkoOleksandr-9360, I wanted to check if you had a chance to review my answer above. Please let me know if you have any queries or concerns.
Please 'Accept as answer' if it helped so that it can help others in the community looking for help on similar topics.

0 Votes 0 ·