This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 28.000000000000004%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi,
I have two Azure App Service running in Window Container Plan which push from ACR using User Managed Identity with Reader role for accessing Azure key Vault.
The first app is working fine, but the second is not working. They have the exactly same code as below which using .Net Core 3.1:
After deploying the second App Service, I keep getting following error:
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - Unhandled exception. System.AggregateException: Retry failed after 4 tries. Retry settings can be adjusted in ClientOptions.Retry. (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.) (The SSL connection could not be established, see inner exception.)
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - ---> Azure.RequestFailedException: The SSL connection could not be established, see inner exception.
02/06/2022 09:26:26.115 WARNING - Site: sea-app-uat-dcoadmin-01 - Container producing too many logs. Suspending temporarily.
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - --- End of stack trace from previous location where exception was thrown ---
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - at System.Net.Security.SslStream.ThrowIfExceptional()
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
02/06/2022 09:26:26.115 STDERR - Site: sea-app-uat-dcoadmin-01 - [7ae78f9bc29451e8029f9caa7861ee2aa55aadba6fffa529a5f25dbd8f67d658] - at System.Net.Security.SslStream.<>c.
@ronkit
Thank you for your post!
I'm not familiar with Azure Container Registries, but from your logs it looks like it could be related to an SSL issue. However, to gain a better understanding of your environment and to add the correct community tags, can you share any documentation that you're following?
#From your logs, it looks like the app could be running into an SSL connection issue.
02/06/2022 09:26:26.115 WARNING - Site: sea... - Container producing too many logs. Suspending temporarily.
02/06/2022 09:26:26.115 STDERR - Site: sea... - [7ae...] - ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
02/06/2022 09:26:26.115 STDERR - Site: sea... - [7ae...] - ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
#Because of the SSL issue, there's a cancel/end auth log which could be causing the "Azure.Core.Pipeline.RetryPolicy.ProcessAsync" to be triggered.
System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
02/06/2022 09:26:26.115 STDERR - Site: sea... - [7ae...] - at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
02/06/2022 09:26:26.115 STDERR - Site: sea... - [7ae...] - at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
I hope this helps!
If you have any other questions, please let me know.
Thank you!
Hi @JamesTran-MSFT , im referring this current doc
https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-3.1
Section "Using Managed Identities for Azure Resources"
Hi @ronkit
The problem is when the program is released and restarted. So please use the diagnostic tool to check your App Service.
You will find some useful information, if you need further help, please let me know.
Best Regards,
Jason
@ronkit
Thank you for following up on this!
Based off the warnings and STDERR's within your logs, it doesn't look like this is directly an issue with the managed identity or Key Vault. However, this could be more related to the SSL connection as I mentioned earlier, so I've added the .NET community support tags to this thread so their experts can look into this issue as well.
Potential Issues:
02/06/2022 09:26:26.115 WARNING - Site: sea... - Container producing too many logs. Suspending temporarily.
02/06/2022 09:26:26.115 STDERR - Site: sea... - [7ae...] - ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
02/06/2022 09:26:26.115 STDERR - Site: sea... - [7ae...] - ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
When it comes the SSL messages, I found a few Stack Overflow threads that might help point you in the right direction.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception:
System.IO.IOException: Authentication failed because the remote party has closed the transport stream:
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Hi @JamesTran-MSFT ,
Yea, I have also look through quite some online resources. Added the security protocol thingy as below too. FYI, I am using .Net Core 3.1
Both of the application is under the same solution
Anyway, thanks for your insight. I will keep investigate on this, so far still no luck
Thanks
Ron
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 52%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
@ronkit Did you ever figure this out?