BizTalk SFTP – Open SFTP connection error

I was asked to set up some interfaces connecting a on premise FTP server and to send and receive files from two SFTP servers using BizTalk 2013 R2 (CU6).

The first one used a username & password combination and worked without any issues.  The other that used a username & public key however is throwing errors as below.

I can connect with FileZilla from the BizTalk server using the same username & .ppk file that are configured in BizTalk.

I’ve tried various things including the below.

• Set Accept Any SSH Server Host Key = True 
• Change Encryption Cipher from Auto to AES (same error), TripleDES (Cipher error)
• Setting the Folder Path to / or .
• Changing the Connection Limit = 1
• Setting Polling Interval = 5 minutes
• Making sure that it is running on a 64 bit host
• Googling to try and find others that have encountered this and found a solution

I’ve posted about this on the thread Initialize error for SFTP adapter in BizTalk 2013 R2 which was very similar and on Open SFTP connection error which looks to be an identical error.  There was one fix FIX: “Open SFTP connection” error when you use the SFTP adapter in BizTalk Server, which was part of CU1, so either the issue has regressed, or it is a different issue that throws the same error.

Any clues as to what the cause might be and how to resolve this apart from?

• Upgrading to BizTalk 2016
• Using the bLogical adapter
• Raising an issue with Microsoft (which will have to do if this cannot be resolved)

Receive Location:

The Messaging Engine failed to add a receive location "{ReceiveLocation}" with URL "sftp://{SERVER}:{PORT}/{FILEMASK}*.xml" to the adapter "SFTP". Reason: "Microsoft.BizTalk.Adapter.SftpInvoker.SftpException: Open SFTP connection error.
   at Microsoft.BizTalk.Adapter.SftpInvoker.SftpInvoker.Open()
   at Microsoft.BizTalk.Adapter.Sftp.SftpConnection.OpenUnderlyingConnection(SftpConnectionProperties connectionProperties)
   at Microsoft.BizTalk.Adapters.CommonHelpers.Connection`3.ConnectionPool`3.GetConnection(T1 connectionProperties, TimeSpan timeout)
   at Microsoft.BizTalk.Adapters.CommonHelpers.Connection`3.GetConnection(T connectionProperties, TimeSpan timeout)
   at Microsoft.BizTalk.Adapter.Sftp.SftpRLConfig.ValidateConfiguration(SftpReceivePropertyBag receivePropertyBag)
   at Microsoft.BizTalk.Adapter.Sftp.SftpRLConfig.CreateBinding(RHConfig rhConfig)
   at Microsoft.BizTalk.Adapter.Wcf.Runtime.BtsServiceHostBase.InitializeRuntime()
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfReceiveEndpoint.Enable()
   at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfReceiveEndpoint..ctor(BizTalkEndpointContext endpointContext, IBTTransportProxy transportProxy, ControlledTermination control)


Send Port:

The adapter failed to transmit message going to send port "{SENDPORT}" with URL "sftp://{SERVER}:{PORT}/%SourceFileName%". It will be retransmitted after the retry interval specified for this Send Port. Details:"Microsoft.BizTalk.Adapter.SftpInvoker.SftpException: Open SFTP connection error.

Server stack trace: 
   at Microsoft.BizTalk.Adapter.SftpInvoker.SftpInvoker.Open()
   at Microsoft.BizTalk.Adapter.Sftp.SftpConnection.OpenUnderlyingConnection(SftpConnectionProperties connectionProperties)
   at Microsoft.BizTalk.Adapters.CommonHelpers.Connection`3.ConnectionPool`3.GetConnection(T1 connectionProperties, TimeSpan timeout)
   at Microsoft.BizTalk.Adapters.CommonHelpers.Connection`3.GetConnection(T connectionProperties, TimeSpan timeout)
   at Microsoft.BizTalk.Adapter.Sftp.SftpOutputChannel.Send(Message message, TimeSpan timeOut)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

Exception rethrown at [0]: 
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)

Exception rethrown at [1]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.Channels.IOutputChannel.EndSend(IAsyncResult result)
   at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendCallback(IAsyncResult result)".

 

As we were getting no were fast resolving this, we also tried the nSoftware adapter from a BizTalk 2010 server.  Unfortunately this also didn’t work, but at least gave a meaningful error.

The adapter “nsoftware.SFTP v3” raised an error message. Details “Transmission failed for message “f99728a0-8791-42d7-b27e-c1d53feabd3e”: Error uploading SFTP file: Could not negotiate key exchange algorithm. Remote host supports the following algorithms: “diffie-hellman-group-exchange-sha256″.”.

According to the nSoftware documentation, this is supported (in V4), however the client only has V3 of that adapter (for which I cannot find the documentation so cannot confirm what is has to say about supporting that).  I’ve confirmed it does work with V4 now.

 

Advertisements

BizTalk 2016, TLS 1.2 only, Service Bus Relay Error. The client and server cannot communicate, because they do not possess a common algorithm. — Integration Insights

This error occurs on webservices exposed via Service Bus Relay on servers that are TLS 1.2 only.

via The client and server cannot communicate, because they do not possess a common algorith. — Integration Insights

How to fix BizTalk Server 2016 SSO Administration Console with PowerShell — SANDRO PEREIRA BIZTALK BLOG

Have you ever noticed that your SSO Administration Console tool doesn’t open in BizTalk Server 2016? Fortunately for Microsoft BizTalk Server team this tool is not heavily used by the customer, nevertheless, this is an existing and valid tool that needs to be working properly. What is this tool? You can install the Enterprise Single Sign-On…

via How to fix BizTalk Server 2016 SSO Administration Console with PowerShell — SANDRO PEREIRA BIZTALK BLOG

Cost saving tip for Azure VMs — Trying to be different

Everyone knows two things about saving money on Azure VMs: 1, chose a smaller size and 2, turn it off when you are not using it. It turns out that the second one has an additional demand: you need to not use premium disks. What are premium disks? These are great! Great for performance and…

via Cost saving tip for Azure VMs — Trying to be different

BizTalk Administration Console: An internal failure occurred for unknown reasons (WinMgmt) fixed by July 30, 2018 Microsoft Security Updates — SANDRO PEREIRA BIZTALK BLOG

Last month I wrote a blog post regarding the “An internal failure occurred for unknown reasons (WinMgmt)” error in the BizTalk Server Administration Console caused by the July 10, 2018 Microsoft Security Updates, you can see the entire blog post here: July 10, 2018 Microsoft Security Updates cause errors on the BizTalk Administration Console: An…

via BizTalk Administration Console: An internal failure occurred for unknown reasons (WinMgmt) fixed by July 30, 2018 Microsoft Security Updates — SANDRO PEREIRA BIZTALK BLOG

Updated rules for BizTalk Health Monitor #msbts

There have been some new rules released for BHM that are of interest.

There are two rules to check for the issues caused by the July patches, (626 & 627 below) and one that checks to see if one of the pre-requisite for making BizTalk use TLS 1.2 only is installed (628 below).

Thanks to Wagner Silveira for the tip about the update.

Microsoft July patches re-issued #msbts

Microsoft have re-issued the July patches that caused issues in BizTalk, SharePoint and .Net Applications using impersonation calling COM components.

For full details see their blog post .NET Framework July 2018 Update

Microsoft IIS issue after July patches: The service did not respond to the start or control request in a timely fashion. (2147943453, 8007041d).”

After the July security patches from the 10th, not only did we have BizTalk issues we also hit the error the following error after doing a IIS Reset. “The service did not respond to the start or control request in a timely fashion. (2147943453, 8007041d).”

See this thread IISRESET results in W3SVC stuck in stopping status after July 2018 patches that has some details about it.

According to that thread, it looks like Microsoft already has Mitigation patches for this issue already (released on the 17^th).

Windows Server 2008 SP2 KB4345397

Windows Server 2008 R2, KB4345459

Windows Server 2012 KB4345425.

Windows Server 2012 R2 KB4345424

Windows Server 2016 KB4345418

 

July Microsoft Security Updates cause BizTalk Admin Console errors: An internal failure occurred for unknown reasons (WinMgmt) #msbts

New Update:   As this issue re-occurred, we applied to fix as per Randy Ridgely in this thread: Microsoft Security Updates cause BizTalk Admin Console errors: An internal failure occurred for unknown reasons (WinMgmt) 

 

Update: This issue is supposedly resolved in August 2018 .NET Framework Security and Quality Rollup

An update on my earlier blog post An internal failure occurred for unknown reasons (WinMgmt)

Below are the KB numbers for the monthly rollups and security only patches that have impacted or could impact various version of BizTalk Admin Console on different operating systems as per the Technet thread, Sandro’s blog, Stack Overflow and Twitter.

Sandro’s blog also describes the steps for uninstalling.

Monthly Rollup	Security Only	.Net	OS	BizTalk
KB4338415	KB4338600	.NET Framework 4.5.2	Windows 8.1, RT 8.1, and Server 2012 R2	BT2010-2013R2
KB4338416	KB4338601	.NET Framework 4.5.2	Windows Server 2012	BT2010-2013R2
KB4338417	KB4338602	.NET Framework 4.5.2	Windows 7 SP1, Server 2008 R2 SP1, and Server 2008	BT2010-2013R2
KB4338815		.NET Framework 4.5.2	Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2	BT2010-2013R2
KB4284833		OS Build 14393.2339	Windows Server 2016	BT2016
KB4338419	KB4338605	.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2	Windows 8.1, RT 8.1, and Server 2012 R2	BT2016
KB4338814		OS Build 14393.2363	Windows 10,  (but also reported on Windows Server 2016 on twitter/technet)	BT2016
KB4345418		OS Build 14393.2368	Windows Server 2016	BT2016
Also reported but probably not an issue
	KB4338613	.NET Framework 3.5 SP1	Windows 8.1, RT 8.1, and Server 2012 R2
	KB4338614	?	Probably a Typo for 4338814, as does not exist
KB4338424		NET Framework 3.5 SP1	Windows Server 2016	BT2016

The CVE’s in question which these KBs are addressing are:

• CVE-2018-8356

Microsoft has published a blog post Advisory on July 2018 .NET Framework Updates and the following KB about the issue. “Access Denied” errors and applications with COM activation fail after installing July 2018 Security and Quality Rollup updates for .NET Framework

An internal failure occurred for unknown reasons (WinMgmt)

New Update:   As this issue re-occurred, we applied to fix as per Randy Ridgely in this thread: Microsoft Security Updates cause BizTalk Admin Console errors: An internal failure occurred for unknown reasons (WinMgmt) 

Note: An update with all the KBs is here 

After applying this months security patches we get the below errors in the BizTalk Admin Console when either refreshing the Group Overview or trying to view any of the Platform Settings on both BizTalk 2010 (CU9) and BizTalk 2013 R2 (CU6).

1) Failed to load Group [dbhost:BizTalkMgmtDb] data providers. (Microsoft.BizTalk.Administration.SnapIn)

Additional Information:

Failed to load Group [dbhost:BizTalkMgmtDb] data providers.
(Microsoft.BizTalk.Administration.SnapIn)
An internal failure occurred for unknown reasons. (WinMgmt)

2) Failed to create a BizTalkdDBVersion COM component installed with a BizTalk server.

Class not registered (WinMgmt)

3) An internal failure occurred for unknown reasons. (WinMgmt)

We tried restarting Windows Management Instrumentation and also rebooting the server, no change.

To resolve it we uninstalled all the KBs via Add Remove Programs (or Programs and Features) –> View “Installed Updates” and it resolved the issue.  We then uninstalled just one KB on another environment and identified the one causing the failure. Looks the culprits are

BizTalk 2013 R2

KB4338600  Description of the Security Only update for .NET Framework 4.5.2 for Windows 8.1 and Server 2012 R2

and

BizTalk 2010

KB4338602 Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1 and Server 2008

And then I would be wary off the below as well if you have BizTalk on Windows Server 2012

KB4338601 Description of the Security Only update for .NET Framework 4.5.2 for Windows Server 2012

The below KB didn’t cause an issue on the BizTalk 2013 R2 environment (as BizTalk uses .Net 4.5.x)
KB4338605 Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1 and Server 2012 R2

Also reported on this thread An internal failure occurred for unknown reasons (WinMgmt)  and on Twitter it also impacted BizTalk 2016 with KB4338419  Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, RT 8.1, and Server 2012 R2