Knowledge Base

Scenario

During enrollments, users recieve a Service_Internal_Error A901

Error Message

ERROR 2017-04-04 12:30:15.003 10.45.54.121 5680004791 A901 XXXXXXXXXXXX 'text=An exception occurred in the PKI Enterprise Gateway., class.method=_Default.?'  14
System.ServiceModel.FaultException: A failure occurred in the PKI Enterprise Gateway.

Server stack trace:

atSystem.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Common.Core.Generated.STS.SecurityTokenService.RequestSecurityToken(RequestSecurityToken request)
at Common.Core.Generated.STS.SecurityTokenServiceClient.Common.Core.Generated.STS.SecurityTokenService.RequestSecurityToken(RequestSecurityToken request)
at Common.Core.Generated.STS.SecurityTokenServiceClient.RequestSecurityToken(RequestSecurityTokenType RequestSecurityToken1)
at Common.Core.WebserviceClient.STWebServiceClient.RequestSecurityToken(RequestSecurityToken request)
at IdentityProvider._Default.Page_Load(Object sender, EventArgs e)

Cause

When this message is being seen in the Authentication log file on the EGW, there is a proxy installed in the network. The customer said they were bypassing the proxy but that was not the case here.

Solution

The solution here is to configure the proxy on the EGW. If this is a new installation, uninstall the EGW and re-install with the proxy parameters. See pg 19 in the Configuring HTTP Proxy Access for guidence.

If it is not possible to uninstall the EGW and re-install, Call support for assistance.

It is possible to edit the RAService web.config file make the changes to use the proxy.

</log4net>
    <!-- This section contains the configuration settings for PKI Enterprise Gateway -->
    <!-- CUSTOMIZABLE -->
    <pgwConfigSection>
        <add key="STExpiryTime" value="1200"/>
        <add key="RASubjectName" value="Registration Authority 1490824778338"/>
        <add key="proxyUrl" value=""/>
        <add key="proxyUser" value=""/>
        <!-- This properties needs to be manually edited for Signer API feature -->
        <!-- Set this value to the Signer Certificate Common Name from the Subject Name-->
        <add key="SignerCertSubjectName" value="Replace with your Signer Cert"/>
        <!-- Set this value to false if you want to turn off OCSP check-->
        <add key="EnableOCSPCheck" value="true"/>
        <!-- Set this value for appropriate version of Signer API-->
        <add key="SignerAPIVersion" value="1.0"/>
    </pgwConfigSection>
    <pgwSecuredConfigSection configProtectionProvider="RsaProtectedConfigurationProvider">