BloomRPC - 14 UNAVAILABLE: failed to connect to all addresses

[rizi]

I have a .net core 3.1 grpc service with two methods, calling the methods from the c# client does work well.

btw. I use the server certificate that has been generated by .net core.

I'm using the latest BloomRPC version (1.4.1) and I tried localhost:5001, 127.0.0.1:5001 and 0.0.0.0:5001 with no luck.

Using BloomRPC causes the following error (displayed in BloomRPC: Repsonse {
"error": "14 UNAVAILABLE: failed to connect to all addresses"
}

On the gRPC server side I got the following exception:
"Authentication failed because the remote party has closed the transport stream."

I'm using Win10 Enterprise, can you help me to figure out the problem?
br

[cafegee]

I had similar problem as yours, I figured out it was a problem with the ssl certificate configured in the krestrel server, I ended up using just to expose http on the grpc service, and get bloomRPC working with the server. Will figure out the problem with ssl later.

To configure GRPC .net core using http , you can add following code.

.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseKestrel(options =>
{
options.ListenLocalhost(9046, o => o.Protocols = HttpProtocols.Http2);
});

On bloomRPC, just use root certificate, and using 0.0.0.0:9046 as your address.

Hope this helps.

[rizi]

@cafegee thx for the hint.
It's working for me as well, can you give me a little bit more info?

Why do I have to choose "root certificate" on bloomRPC? if kestrel does not use https at all?
What is the "root certificate"? where can I find it on my windows machine?

What's also very interesting is, that if I don't change the port as you suggested an open https://localhost:5001 in chrome the certificate is shown as "correct"/trusted.

AND using the c# client or this tool to call my grpc service with the default configuration (https and port 5001) does work without any issues as well.

I don't want to blame bloomRPC, I just want to understand what's going on.
Maybe bloomRPCs Application-Layer Protocol Negotiation (ALPN) is not working 100% correctly or maybe bloomRPC don't like self signed certificates (like Fire Fox)?

For details have a look at Kestrel docs or Protocol details

br

[rizi]

Any update/help would be highly appreciated

[Hotkey]

@rizi i agree with you ;) Any update ?

[Hotkey]

@rizi It worked, I think it's really a ssl cert problem. I changed port to 9046 without https. For instance on my local like that "localhost:9046"

[rizi]

@Hotkey I think it depends which technology you are using.
If I use .net core as grpc server then bloomRPC it's not working (neither with the developer certificate created by .net core nor with a self signed certificate.

BUT if I use the full framework (.net 4.7.x or. net 4.8.x) bloomRPC it's working with the certificate created by .net core and with the self signed certificate, so I think bloomRPC have to do "something additional" to satisfy .net core (maybe send the whole certificate chain and not only the server certificate or something like that).

This seems to confirm my thesis: https://stackoverflow.com/questions/58125102/grpc-net-client-fails-to-connect-to-server-with-ssl

[Hotkey]

@rizi Actually i'm running on .net core 3.1 and now working perfectly

[rizi]

@rizi Actually i'm running on .net core 3.1 and now working perfectly

Does it work with http or does it also work with https? If it's now working with https as well I'm curious what to do. Br

[Hotkey]

@rizi You are right, it's always failed with https. Only works with http. I tried with openssl (generated for localhost) and I also separated key and cert files for ui uploading but it didn't work ;-)

[Hotkey]

Screenshot

[Hotkey]

Hi @rizi, i blogged this issue and i solved that problem with using the default iis cert

https://medium.com/@farukalkaya/bloomrpc-missed-gprc-gui-client-9f464c4f3d63?sk=7976d232e12fe183a6ea0c5fd880376f

[rizi]

Hi @rizi, i blogged this issue and i solved that problem with using the default iis cert

https://medium.com/@farukalkaya/bloomrpc-missed-gprc-gui-client-9f464c4f3d63?sk=7976d232e12fe183a6ea0c5fd880376f

Thx!
With the blog post from @farukalkaya, I was able to make bloomRPC work with .Net Core.

As he mentioned you have to "export" the certificate.
Then click "Add Root Certificate" (in bloomRPC), don't add the "Private Key" or the "Cert Chain".
Put localhost in the ssl target host field.

How to extract the certificate:
Run > certmgr.msc > Personal > Certificates > localhost (friendly name: “ASP.NET Core HTTPS development certificate”) > right click on the certificate > All Tasks > Export ... > Next >No, do not export the private key > Base-64 encoded X.509 (.CER).

For the .Net Core it's important that you set the certificate explicitly (either by pass the physical certificate (with private key) to the kestrel config or by specifying the store name, store location and subject name.

e.q

private static void UseHttps(ListenOptions options, KestrelServerConfiguration kestrelServerConfiguration)
{
       StoreName httpsCertStoreName = ParseHttpsCertEnum<StoreName>(kestrelServerConfiguration.HttpsCertStoreName);
       StoreLocation httpsCertStoreLocation = ParseHttpsCertEnum<StoreLocation>(kestrelServerConfiguration.HttpsCertStoreLocation);
       options.UseHttps(httpsCertStoreName, kestrelServerConfiguration.HttpsCertSubjectName, kestrelServerConfiguration.AllowInvalidHttpsCertificate, httpsCertStoreLocation);

      //options.UseHttps("nameofthecert.cer");
}

All credit goes to @farukalkaya !

It would be great if it would work out of the box with .net core.
It's definitely possible, since it's working out of the box with https://github.com/fullstorydev/grpcui.

br

[jackielii]

I believe this is resolved?

[goyalneeraj18]

is this still a problem some times? I am facing this with BloomRPC 1.5.3