SP List - The remote server returned an error: (403) Forbidden

Apr 19, 2012 at 9:01 PM

Hi,

I connect to our sharepoint server with the sharepoint list source adapter. It works fine until I set IIS Client Certificates from Ignore to Required. I use the latest sharepoint list adapter release and I connect to a sharepoint 2010 server. IIS authentication is set to NTLM (standard), require SSL is checked. SSIS package is build in BIDS 2008. The Client Certificate is already installed within IE8. The Sharepoint site works perfectly if I use the IE8 browser.

I get the following error if I change the Client Certificates to Required:

Error        1        Validation error. SPList1: SPList1: System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Ntlm'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.     at System.Net.HttpWebRequest.GetResponse()     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)     --- End of inner exception stack trace ---    Server stack trace:      at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory factory)     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.Samples.SqlServer.SSIS.SharePointUtility.ListsService.ListsSoap.GetListAndView(GetListAndViewRequest request)     at Microsoft.Samples.SqlServer.SSIS.SharePointUtility.ListsService.ListsSoapClient.ListsService_ListsSoap_GetListAndView(GetListAndViewRequest request)     at Microsoft.Samples.SqlServer.SSIS.SharePointUtility.ListsService.ListsSoapClient.GetListAndView(String listName, String viewName)     at Microsoft.Samples.SqlServer.SSIS.SharePointUtility.Adapter.ListsAdapter.GetSharePointList(String listName, String viewId)     at Microsoft.Samples.SqlServer.SSIS.SharePointUtility.Adapter.ListsAdapter.GetSharePointFields(String listName, String viewId)     at Microsoft.Samples.SqlServer.SSIS.SharePointUtility.ListServiceUtility.GetFields(Uri sharepointUri, NetworkCredential credentials, String listName, String viewName)     at Microsoft.Samples.SqlServer.SSIS.SharePointListAdapters.SharePointListSource.GetAccessibleSharePointColumns(String sharepointUrl, String listName, String viewName)     at Microsoft.Samples.SqlServer.SSIS.SharePointListAdapters.SharePointListSource.ValidateSharePointColumns()     at Microsoft.Samples.SqlServer.SSIS.SharePointListAdapters.SharePointListSource.Validate()     at Microsoft.SqlServer.Dts.Pipeline.ManagedComponentHost.HostValidate(IDTSManagedComponentWrapper100 wrapper)        Sharepoint_Sync.dtsx        0        0 

Thanks in advance.

Jens

Apr 20, 2012 at 11:42 PM

Get same error when connecting to O365. Any ideas yet?

Apr 21, 2012 at 3:56 PM

Request a feature for this.

Found this relevant Url http://ksmuraleedharan.blogspot.com/2011/10/accessing-web-service-in-sharepoint.html

May 2, 2012 at 11:03 PM

Does this mean that the current adapter will not work for site with https:\\ security ???

 

Jan 18, 2013 at 8:05 PM
Edited Jan 18, 2013 at 8:14 PM

Does anyone have an answer to the question above?  We have been using it with SP2007 but recently upgraded to SP2010 with ssl and we are having problems getting the adapter to work with it.  

This is the beginning of the error we are encountering...I hope its just a stupid mistake on my part. 

The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that theIsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '

Thanks in advance!

Wendy

Jan 23, 2013 at 1:51 PM

The adapters work with https - if you are getting errors about text/html coming back, and not xml, that means you have a server issue that is returning an invalid webpage (instead of xml data)

Jan 23, 2013 at 1:53 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Jan 23, 2013 at 8:03 PM

Kevin,

Thanks for your response.  I'm rather new, so I dont understand what you are saying and how to fix it.  Could you expand on your response?  

As to the link in the "work item" I saw that in my research, but again, I wasnt sure what to do.  

I also spoke with our server people and they said the certificate is on the load balancer.  I hope you understand what they mean.  

Thanks!

Wendy

Jan 24, 2013 at 12:20 AM

Can you try again with the beta version I just published?

Jan 24, 2013 at 1:13 AM
kevinidzi,

I downloaded and tried to just "change" the current installation, then tested by adding a new List Source (to make sure I was using the latest), didnt work, same error. So I uninstalled the list adapter and tried to modify the existing package, didnt work, same error. Then tried to create a new package using the list adapter and still same error. Sorry! I hope I'm doing things correctly. Like I said it used to work with SP2007 without SSL but now that we have SSL in 2010 it doesnt work.

Any other ideas you have would be greatly appreciated. Thank you so much for your prompt attention in this matter!

Wendy


From: [email removed]
To: [email removed]
Date: Wed, 23 Jan 2013 16:21:08 -0800
Subject: Re: SP List - The remote server returned an error: (403) Forbidden [SQLSrvIntegrationSrv:352892]

From: kevinidzi
Can you try again with the beta version I just published?
Read the full discussion online.
To add a post to this discussion, reply to this email (SQLSrvIntegrationSrv@discussions.codeplex.com)
To start a new discussion for this project, email SQLSrvIntegrationSrv@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com
Jan 24, 2013 at 1:39 AM
kevinidzi,

Sorry, I downloaded the wrong version. Just downloaded the beta. Sorry! Uninstalled the old version and re-installed the new version.

Now I get a different error and the old connection that does work, I get the same error. So I tried it two ways as noted below, tried to modify the existing package and create a new package just to see if I could at least connect up. But get the error below.

Error at Extract from SP List [SharePoint List Source [214]]: System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate". The authentication header received from the server was 'NTLM'. --- > System.Net.WebException: The remote server returned an error: (401) Unauthorized.

In the interim, we are going to try testing on our Dev 2010 just to see if I can at least connect up, our Dev 2010 doesnt have SSL but at least we'll know that its SSL for sure thats causing the problem.

I spoke with our server guys, on the server, windows authentication is set to NTLM. Is there a way to set it to that in the list adapter?

Thank you so much! I'll keep you posted on my progress. If you could let me know if we can force it to NTLM that would be awesome!
Wendy

From: [email removed]
To: [email removed]
Subject: RE: SP List - The remote server returned an error: (403) Forbidden [SQLSrvIntegrationSrv:352892]
Date: Wed, 23 Jan 2013 15:13:21 -1000

From: kevinidzi
Can you try again with the beta version I just published?
Read the full discussion online.
To add a post to this discussion, reply to this email (SQLSrvIntegrationSrv@discussions.codeplex.com)
To start a new discussion for this project, email SQLSrvIntegrationSrv@discussions.codeplex.com
You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.
Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com
Jan 24, 2013 at 7:32 AM

It was set to NTLM in the list adapter. A user posted an issue to this project saying it should be Windows to make it friendlier with NTLM and Kerberos. I can revert the change.  SSL has always worked before, that's a bummer it is broken. Thanks.

Feb 1, 2013 at 5:04 PM
Just to let you know I'm following this topic with a lot of interest. I'm more or less in the same spot as Wendy. We're running SQL server 2012 on Windows Server 2012 and our SharePoint version is SPO 2010 (we didn't get move to 2013 yet). I started out by having the 403 error and, after installing the beta solution, now have the 401 one.

Thanks a lot for the support, it's really appreciated!
Fred