domingo, julho 04, 2021

Sitecore Xconnect - Forbidden

 I had an issue with XConnect on Sitecore installation, I have checked the Sitecore logs and found this:

StatusCode: 403, ReasonPhrase: 'Forbidden',

I reviewed the permissions of the Certificate. I was using for xconnect (A valid certificate) and everything was fine so I decided to check the IIS logs and found this (Xconnect Reference Data and XConnect Website):

2021-07-04 19:26:22 10.242.28.71 PUT /refdata/definitiontype/ensure - 443 - 10.242.28.68 - - 403 13 2148081683 5792

The IIS was show 403 13 this means:
HTTP 403.13 Forbidden: Client certificate revoked.

This article helped me understand what was going on:

https://techcommunity.microsoft.com/t5/iis-support-blog/client-certificate-revisited-how-to-troubleshoot-client/ba-p/348053

The environment that I was working is a Sitecore 10 without internet access, this means that server could not retrieve a CRL(Certificate revocation list).

I use the netsh command to check if "Verify Client Certificate Revocation" was enabled, and it was. 

>netsh http show sslcert

I have two bidings for that Website:

Then I disabled using the netsh command, first you need to delete then you need to add again.

Delete:

>netsh http delete sslcert hostnameport=website.contoso.com:443

Add with Verify Client Certificate Revocation Disabled

On cmd

>netsh

>http

>add sslcert hostnameport=website.contoso.com:443 certhash=yourcerthash appid={appid} certstorename=My verifyclientcertrevocation=disable

   

After that I was able to access Sitecore Analytics.

I disabled the check for Xconnect Collection and Reference Data.

Nenhum comentário: