locked
Plugins external web service access- sandbox RRS feed

  • Question

  • Hope someone can shed some light on behaviour I have noticed - our solution includes plugins that call an external rest web service. It was developed using sandbox plugins on a single full server environment and works fine.

    However the live environment consists of multiple servers (2 x frontend in DMZ and 2 x backend inside). The specified ports are opened from DMZ but the sandbox plugins now report a faulted condition on the external web service calls. Only by switching plugins to isolation NONE can the system operate as designed.

    The external web service is hosted in the DMZ and uses SSL and is accessible from inside, even via browser on the backend servers.

    Any ideas? Many thanks.

    Saturday, June 18, 2016 1:32 PM

Answers

  • The fact that it's timing out indicates either a firewall issue, or a missing component, or maybe a config issue. The communication is on port 808, which is used by the sandbox service (and which explains why it works when not registered in isolation).

    The error is when trying to connect to net.tcp://uk-sb-cfe01/CrmSandboxSdkListener-w3wp , which resolves to 192.168.4.36:808 (over TCP). Possible issues are:

    • The sandbox service is not installed or running on that server
    • The firewall's blocking the traffic
    • Something else is listening on port 808 on that server

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by Chris_Cohen Monday, July 4, 2016 8:45 AM
    Wednesday, June 22, 2016 3:05 PM
    Moderator

All replies

  • Do you have more details on the error message ? There are 2 main possibilities:

    1. A Code Access Security error. This is most likely, as code access security is only applied in the sandbox. You should get more information from the error message about what code access permission causes the problem
    2. It might be due to your firewall or other network settings, which would give different error messages

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Tuesday, June 21, 2016 8:03 AM
    Moderator
  • Here is a trace log extract. The plugin is calling a web service in DMZ (from inside) over SSL but port 443 is open and this works fine from a browser on the backend server. Obviously IIS is not installed on the backend server but I'm wondering if the CRM backend server install should have added a feature? The firewall monitor is not reporting any attempts on blocked ports. Note: To be clear, when isolation is set to none the plugin runs on the frontend server without any problem.

    [2016-06-22 14:00:28.386] Process:Microsoft.Crm.Sandbox.WorkerProcess |Organization:00000000-0000-0000-0000-000000000000 |Thread:  168 |Category: Sandbox |User: 00000000-0000-0000-0000-000000000000 |Level: Error |ReqId: 00000000-0000-0000-0000-000000000000 | ExceptionConverter.ConvertMessageAndErrorCode  ilOffset = 0x208
    >System.ServiceModel.EndpointNotFoundException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #DD7CA803: System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://uk-sb-cfe01/CrmSandboxSdkListener-w3wp. The connection attempt lasted for a time span of 00:00:21.0314419. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.4.36:808.  ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.4.36:808
    >   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
    >   at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
    >   at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
    >   --- End of inner exception stack trace ---
    >
    >Server stack trace: 
    >   at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
    >   at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
    >   at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
    >   at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
    >   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
    >   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
    >   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
    >
    >Exception rethrown at [0]: 
    >   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    >   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    >   at System.ServiceModel.ICommunicationObject.Open()
    >   at Microsoft.Crm.Sandbox.SandboxClientBase`1.Open()
    >   at Microsoft.Crm.Sandbox.SandboxClientBase`1.get_Proxy()
    >   at Microsoft.Crm.Sandbox.SandboxOrganizationService.Execute(String operation, Byte[] serializedRequest)
    [2016-06-22 14:00:28.386] Process:Microsoft.Crm.Sandbox.WorkerProcess |Organization:00000000-0000-0000-0000-000000000000 |Thread:  168 |Category: Sandbox |User: 00000000-0000-0000-0000-000000000000 |Level: Info |ReqId: 00000000-0000-0000-0000-000000000000 | ExceptionConverter.ToSingleFaultOther  ilOffset = 0x21
    >exit: ConvertMessageAndErrorCode: errorCode: 0x80040216; message: F2C70D83

    Wednesday, June 22, 2016 2:21 PM
  • The fact that it's timing out indicates either a firewall issue, or a missing component, or maybe a config issue. The communication is on port 808, which is used by the sandbox service (and which explains why it works when not registered in isolation).

    The error is when trying to connect to net.tcp://uk-sb-cfe01/CrmSandboxSdkListener-w3wp , which resolves to 192.168.4.36:808 (over TCP). Possible issues are:

    • The sandbox service is not installed or running on that server
    • The firewall's blocking the traffic
    • Something else is listening on port 808 on that server

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    • Marked as answer by Chris_Cohen Monday, July 4, 2016 8:45 AM
    Wednesday, June 22, 2016 3:05 PM
    Moderator
  • Thanks David, yes, unblocking port 808 from inside to DMZ allowed isolated mode
    Monday, July 4, 2016 8:47 AM