Unity 1.0 and SSL SecureChannelFailure errors

Jun 3, 2010 at 7:53 PM

We removed ObjectFactory and replaced it with Unity 1.0 in our Feb 2010 release. Ever since then we have had a intermittent problem with SSL/TLS errors.  We have investigated all the usual suspects and have come up empty handed.  I am reaching out to anyone that may have experienced a similar problem.

We have 2 wcf endpoints that consume services from external sources as needed.  Our services are written with .Net 3.5 and IIS7 hosted on WS2008 (non R2) and also use various Enterprise Library 4.1 app blocks.  We call a variety of web services from other external partners (both .SVC and .ASMX).  Each day our production logs are recording multiple occurrences of the following error:

     Exception: WebException
        Message: The request was aborted: Could not create SSL/TLS secure channel.
        Status: SecureChannelFailure
        Response: null
        Data collection
        TargetSite: DynamicModule.ns.Wrapped_IBasWebServiceAdapter_1b467ca988b24f90b3998a8ba1519124::AuthorizeSubscription
         StackTrace:    at DynamicModule.ns.Wrapped_IBasWebServiceAdapter_1b467ca988b24f90b3998a8ba1519124.AuthorizeSubscription(String applicationID, Int32 localeID, String domainLogin, String idType, String id,      String subscriptionProgramCode, String emailAddress, String product, String domain, String premierAgreement)
           at Microsoft.IT.RelationshipManagement.ServiceBroker.DataAccess.AgreementDA.ConsumptionSubscriptionsFor(ConsumptionSubscriptionsRequest request)
        HelpLink: null
        Source: Unity_ILEmit_InterfaceProxies

This error is being logged on multiple servers and is also being logged when trying to access multiple different external web services.  So this implies that it is not an enviroment issue, but a client code issue.

We suspect that the Unity container is not correctly cleaning something up after we finish with the wrapped object (IBasWebServiceAdapter) used to make the SSL calls to external web services.  The problem acts like a resource leak of some sort.  The calls work fine for some period of time and then start happening frequently after a one or more hours and are only resolved by an app pool recycle.

Does this ring any bells with anyone?