Server Verification Warning

nono02p
Participant

Server Verification Warning

nono02p
Participant
Participant

Hi,

 

I encounter an error message from some months, I already searched on the forum and internet but didn't find any solution.

nono02p_0-1645364617253.png

 

- I'm not using any proxy

- The date/time is ok on my laptop

- I tried to disable my anti-virus (and firewall)

- I tried to use the google DNS (8.8.8.8 - 8.8.4.4) instead of my ISP DNS

- I tried to make updates

 

If somebody have an idea.

 

Thanks

0 Likes
Reply
Accepted solutions (1)
1,715 Views
21 Replies
Replies (21)

hamid.sh.
Advisor
Advisor

Occasionally I see this too, but it have never done me harm. So far.

Hamid
0 Likes

nono02p
Participant
Participant

Thank you for your answer, at the beginning I thinked like you but not now...

It is blocking the download of my files located on the cloud and I cannot open them.

0 Likes

hamid.sh.
Advisor
Advisor

I just saw a similar post with a suggested solution by an Autodesk employee. Check that post it might help.

Hamid
0 Likes

Steven_Gao
Community Manager
Community Manager
1 Like

nono02p
Participant
Participant

Hi,

Thanks a lot for your quick answers.

 

@hamid.sh., as described in the link, I tried to uninstall/install fusion by using the automatic clean tool.

The problem still persist.

 

@Steven_Gao, I already read this link before sending the original message. That's why I already checked the date/time, the proxy settings, change of DNS, and searching for updates.

 

For the certificates, my knowledge isn't enough to manage this kind of problem alone.

 

After uninstall/install I retrieved again the logs and by looking in the WebServices.log I found these error :

 

2022-02-21T10:28:52.176Z [Fusion360:12496, 12788] [AdWebServices ERROR] Application not installed properly. File libcrypto-Ad-1_1-x64.dll could not be located in application dir or current dir.
2022-02-21T10:28:52.177Z [Fusion360:12496, 12788] [AdWebServices ERROR] Application not installed properly. File libssl-Ad-1_1-x64.dll could not be located in application dir or current dir.


Where to find them? In the directory I saw similar name (libcrypto-1_1-x64.dll and libssl-1_1-x64.dll without "-Ad")

 

What can I do to check if it is coming from certificate issues?

 

Thanks for your help.

0 Likes

andree.wust
Explorer
Explorer

i have the same problem, i can acess two files but all the other is inacessable, i have the same warning but i also have problem during startup where the file recovery pops up and i cant close it without the program says its not responding and i have to wait for a long time and then i can close it.

 

0 Likes

wersy
Mentor
Mentor

I have the same problem.
Are you using Windows 8.1?

0 Likes

wersy
Mentor
Mentor

After Windows Update 8.1 everything works as usual.

0 Likes

nono02p
Participant
Participant
Accepted solution

That's really strange but it works on my side...

I turned in offline mode, restarted fusion, turned in online mode, restarting and everything looks working again.

 

Thanks for everybody that took time to read and answer !

1 Like

Bjanders
Advocate
Advocate

The dialog offers three choices: Trust Anyway, Work Offline and Cancel. I understand the two first options, but what does Cancel do? I don't think the knowledge base article mentions what Cancel does.

I would expect Cancel to exit Fusion 360, but it just goes on, like maybe if you pressed Trust Anyway which I would never do.

0 Likes

ecastroCMJ5N
Enthusiast
Enthusiast

The issue could also be related to IPv6 use in your network. Try turning IPv6 off in your network, and see if the Fusion 360 warnings go away. I don't have a good solution, as having IPv6 futureproofs your network, but it appears Fusion 360 internals get internet errors if trying to use IPv6.

0 Likes

Bjanders
Advocate
Advocate

As I reported here https://forums.autodesk.com/t5/fusion-support/unable-to-validate-a-security-certificate/td-p/1043802... I think it's a timing bug in Fusion related to OCSP (Online Certificate Status Protocol). I have reproduced it without IPv6 as can be seen from my network captures.

0 Likes

ecastroCMJ5N
Enthusiast
Enthusiast
In my case, it doesn't seem that the issue is from the certificate. It's SSL/TLS handshakes that trigger the Server Verification Warning. And I only get these handshake errors if the Fusion 360 client has IPv6 (the SSL/TLS errors are logged in the Fusion 360 application logs). No IPv6, no handshake errors, no server verification warning.

But seems like this warning can be triggered with different events, so could be the case that we're both having different internal errors. But again, in my case the server verification warning is definitely only present when the client has IPv6.
0 Likes

Bjanders
Advocate
Advocate

The TLS handhsake fails with a Server Verification Warning if OCSP is late. Have you verified that OCSP completes before the TLS failure occurs by monitoring the network traffic or by some other means? For example, OCSP may in your case be  slow or fail if you are using IPv6.

0 Likes

ecastroCMJ5N
Enthusiast
Enthusiast
I don't have the network tools to check the OCSP completion, but I have another PC (Windows 10), and that computer is on the same network, and it doesn't have an issue (has IPv6 too). The PC that does have the server verification issue is Windows 11. I suspect the network issue is on my Windows 11 PC, since I do notice that some webpages sporadically load with ERR_CONNECTION_RESET error, and after a refresh it fixes itself. It seems w.e. causes my "ERR_CONNECTION_RESET" on the browser websites is what causes the TLS handshakes failures when Fusion 360 is querying its URLs. These browser errors (and server verification error) seem to go away when turning off IPv6 (but again, the Windows 10 PC on the same network doesn't have these errors with IPv6).
0 Likes

Bjanders
Advocate
Advocate

I was just wondering what your "In my case, it doesn't seem that the issue is from the certificate" was based on. IPv6 may impact the OCSP completion, which again could be caused by IPv6 DNS lookups not working properly, which could be some DNS configuration errors somewhere out of your control. I've seen these. The ERR_CONNECTION_RESET may be caused by this as well, and since it works after refreshing this may be an indication of the slow OCSP, since it is likely the computer has received the OCSP reply by then. The Windows 10 and 11 computers could be doing (or is likely doing) DNS lookups in different ways, with Windows 11 more aggressively trying to use IPv6 than the older Windows 10. I'm starting to get pretty confident that in your case the problem is related to IPv6 DNS.

0 Likes

ecastroCMJ5N
Enthusiast
Enthusiast
"I was just wondering what your "In my case, it doesn't seem that the issue is from the certificate" was based on."
It was based on the rudimentary assumption that a certificate error would show up on the browser as well when trying to load the URLs that Fusion 360 had failed handshakes on, rather than a "ERR_CONNECTION_RESET". But maybe that's a wrong assumption from what you've told me?

I suspect the IPv6 DNS as well, but I've tried to check all those settings in the router side and computer side, and everything passes in https://test-ipv6.com/ . So far, I'm just "living with it".
0 Likes

ecastroCMJ5N
Enthusiast
Enthusiast
Just in case this helps anyone having the same issue as me, I was able to solve them by prioritizing IPv4 over IPv6 in Windows 11. You can do this by creating a registry REG_DWORD entry named "DisabledComponents" in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ with decimal value 32. Microsoft source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows#u...
1 Like

ecastroCMJ5N
Enthusiast
Enthusiast

Decided to play a bit again with this. Seems like the DNS isn't the issue, as when I try

curl -v https://js.prd.fusionapi.autodesk.com/hds/fusion360.json

I get,

*   Trying [2600:9000:2486:d000:1f:7c10:5780:93a1]:443...
* Connected to js.prd.fusionapi.autodesk.com (2600:9000:2486:d000:1f:7c10:5780:93a1) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* Recv failure: Connection was reset
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection
* schannel: shutting down SSL/TLS connection with js.prd.fusionapi.autodesk.com port 443
* Send failure: Connection was reset
* schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
curl: (35) Recv failure: Connection was reset

So the ipv6 is resolving OK it seems. After some repeats, I do get a sporadic successes:

*   Trying [2600:9000:2486:d000:1f:7c10:5780:93a1]:443...
* Connected to js.prd.fusionapi.autodesk.com (2600:9000:2486:d000:1f:7c10:5780:93a1) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.1
> GET /hds/fusion360.json HTTP/1.1
> Host: js.prd.fusionapi.autodesk.com
> User-Agent: curl/8.4.0
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 362
< Connection: keep-alive
< Date: Fri, 26 Apr 2024 20:23:17 GMT
< Last-Modified: Fri, 26 Apr 2024 20:22:41 GMT
< ETag: REDACTED
< x-amz-server-side-encryption: AES256
< x-amz-version-id: null
< Accept-Ranges: bytes
< Server: AmazonS3
< X-Cache: Miss from cloudfront
< Via: 1.1 18133da1ea724d113c4123fb3f20be9e.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: MIA3-P2
< X-Amz-Cf-Id: REDACTED
<
{
    "id": "fusion360",
    "name": "Fusion 360",
    "previous_status": "degraded_performance",
    "restore_delay": {
        "commercial": 60,
        "free": 720,
        "trial": 120
    },
    "since_time": "2024-04-25T09:19:17.388-07:00",
    "status": "operational",
    "status_badge": "Operational",
    "updated_at": "2024-04-25T09:19:17.388-07:00"
}* Connection #0 to host js.prd.fusionapi.autodesk.com left intact

 

If I try ipv4 only, it's rock solid the responses, which explains why it helps in my case to prioritize ipv4. I tested this with:

curl -4 -v https://js.prd.fusionapi.autodesk.com/hds/fusion360.json

 

Just wanted to post since from this info it seems it's not a DNS issue like I had previously thought.

0 Likes