cancel
Showing results for 
Search instead for 
Did you mean: 

Sandbox ASP error on POST, LIVE works

Hi All,

 

I wasa successfully using a sandbox account to test a new website payment solution. Up until a few days ago sandbox transactions were being successfully sent and responses successfully received. If I change the post to url and API credentials from https://test.authorize.net/gateway/transact.dll to https://secure.authorize.net/gateway/transact.dll the transaction is accepted and a valid response is returned. The error I get when posting to https://test.authorize.net/gateway/transact.dll is:

 

msxml3.dll error '800c0008'

System error: -2146697208.

 

so sandbox fails, same transaction data posted to LIVE account is accepted. Tried other methods of posting to sandbox with no luck but each method I tried successfully posts to the LIVE url.

 

Any ideas why it used to work then stopped ? And why same code works for LIVE but not sandbox ?

 

Thanks !

 

eagles
Member
1 ACCEPTED SOLUTION

Accepted Solutions

We removed support for 3DES ciphers on July 30, 2016 as mentioned in our developer blog.  This may be the cause of your problem.

 

https://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/3-DES-Disablement-in-S...

 

Richard

View solution in original post

8 REPLIES 8

Hello @eagles

 

Could you provide us with a sample request you're sending to the gateway with any sensitive information removed and any response/log?

 

Also, have you recently updated or rebooted your system?

 

Richard

RichardH
Administrator Administrator
Administrator

The following PostData works in the LIVE environment but not the sandbox, but I'm failry certain it's not the contents of the posted transaction that's the issue.

 

PostData = "x_Login=<sandbox login>&x_Tran_Key=<sandbox pass>&x_Version=3.1&x_Delim_Data=TRUE&x_Delim_Char=|&x_ADC_URL=FALSE&x_Type=AUTH_CAPTURE&x_Card_Code=&x_Card_Num=5105105105105100&x_Exp_Date=92019&x_Description=TheCompany&x_Amount=20.03&x_First_Name=Tatyana&x_Last_Name=Butsy&x_company=ButsysBurgers&x_Address=1515 37th Ave Ne Ste 104&x_City=Anycity&x_State=FL&x_ZIP=90210&x_Country=US&x_Phone=800-555-1212&x_Fax=800-555-2323&x_Email=me@domain.com&x_Customer_IP=10.10.10.10&x_invoice_num=691&x_cust_id=178745"

 

Any connection made to the sandbox fails, but the same exact connection, just changing the post to URL, api user, and api pass, to the LIVE environment works. What's more, leaving the api login credentials the same and just posting to the live URL will return results, an error about invalid login, I get nothing like that using the sandbox url. Anything posted to test.authorize.net\gateway\transact.dll returns an error where it didn't just a week ago. And not an authorize.net system error, I just get no response.

 

Thanks !

Hmmm...

 

Are you able to put wireshark on the connection, see what may be lurking in the connection details?

 

Also, have you made any changes/updates to your platform, framework or tools?

 

Richard

No changes. Here are my wireshark results, testing with "secure.authorize.net" I got:

 

32 1.944733 64.94.118.32 myipaddr TLSv1 191 Server Hello, Change Cipher Spec, Encrypted Handshake Message

 

and I got results back as I have been.

 

At the same place in the test transaction instead using "test.authorize.net" I got:

 

93 11.819554 23.79.156.50 myipaddr TLSv1 61 Alert (Level: Fatal, Description: Handshake Failure)

 

Level: Fatal (2)

Description: Handshake Failure (40)

 

same server, same code, only difference is the URL I am posting to. I got a "Server Hello" for LIVE, I never get a "Server Hello" for test.authorize.net

 

Thoughts ?

 

Also noticed a difference in the Client Hello, for the LIVE url I see:

 

Random

Session ID Length: 32

Session ID: 8b9795875c3f8cdd4955e49156ff5c92b15d952da7766b92...

 

for the sandbox url I see:

 

Random

gmt_unix_time: Aug  3, 2016 22:52:05.000000000 Central Daylight Time

random_bytes: 675bc00d457094bcba1d7abb86d4addf37981110918868d4...

 

Not sure if that makes a difference, just thought I'd mention it.


Thanks !

We removed support for 3DES ciphers on July 30, 2016 as mentioned in our developer blog.  This may be the cause of your problem.

 

https://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/3-DES-Disablement-in-S...

 

Richard

Hi Richard,

 

Timing is just right, that's when it stopped working. For others that may have experienced this, I applied this hotfix:

 

https://support.microsoft.com/en-us/kb/3050509

 

which added the following cipher suites:

 

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256

 

and it's working again.

 

Thanks !

@eagles -- That's excellent news, thank you for sharing.

That said, since Windows Server 2003 hasn't been supported for a year, I hope you will consider upgrading the server entirely, to Server 2008 or newer. Unsupported server platforms are generally considered a violation of PCI DSS, due to the lack of active security patching.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.