developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Your Script Timed Out / Relay Response Never Posts using SIM

View the SolutionThis topic has been marked as solved.

All  ... I saw several old articles about this issue but I haven't seen any lately and I never saw a good solution!

 

Starting last week about 15% of our credit card trancations are giving hte user this message:

 

The reporting of this transaction to the Merchant has timed out. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

 

This transaction has been approved.

 

It is advisable for you to contact the merchant to verify that you will receive the product or service.

 

I then get this e-mail from Authorize.net ... 

 

Authorize.Net Merchant,

 

Your script timed out while we were trying to post transaction results to it.

   Transaction ID: nnnnnnnnnnnn

Transaction Result: This transaction has been approved.

 

After much research ... 

 

1. The post for the relay response never reaches our servers

2. The time out on the relay response is supposed to be 10 seconds but it happens in some cases immediately

 

In old threads (from 2010) I saw people changing their DNS TTL to 1 week ... I will try that.

 

Any other ideas?  Do I need to get off of SIM?  Authorize.net support couldn't help.

 

 

5 people had this problem.
matterickson7
Contributor

‎11-09-2017 02:45 PM

70 REPLIES 70

View the SolutionThis topic has been marked as solved.

@matterickson7Sorry, I'm not much of a security expert either. Our System Admin went through and disabled the TLS 1.0 and 1.1 on a bunch of our Windows 2012 Servers over the summer and I just piggy backed off one of those. 

sboyle
Member
In response to matterickson7

‎11-28-2017 09:34 AM - edited ‎11-28-2017 09:35 AM

0 Kudos

View the SolutionThis topic has been marked as solved.

When they put us on their payroll!

MikeCO
Member
In response to bretmaverick999

‎11-28-2017 10:18 AM

0 Kudos

View the SolutionThis topic has been marked as solved.
@matterickson7 wrote:

It sounds like it is worth trying.  I can easily stand up a new server and point the Authorize relay reposnses to it ... 

 

So I am not a security expert ... what is involved in upgrading from 1.0 to 1.2?  Any good technical references?

The server we use is 2008 and these are the steps I followed: https://support.quovadisglobal.com/kb/a433/how-to-enable-tls-1_2-on-windows-server-2008-r2.aspx

BenPutnam
Contributor
In response to matterickson7

‎11-28-2017 10:44 AM

View the SolutionThis topic has been marked as solved.
@sboyle wrote:

I created an intermediate app on a server with TLS 1.2 to relay any post's coming back from Auth.net to my app that can only use TLS 1.0. I have had exactly 0 errored transactions since I did this 8 days ago.

 

I asked the call center no less than 3 times if the TLS upgrades could be causing this issue and the furisouly denided it.  Seems like somebody needs dig deeper on Auth.net's end.

 

Seems like the solution is to upgrade your host server to have TLS 1.2 as the primary cipher


@sboyleI have a Linux server that cannot be easily upgraded to TLS 1.2. 

 

Could you share more information on how you created the intermediate app? 

lmckeega
Member
In response to sboyle

‎11-28-2017 11:41 AM - edited ‎11-28-2017 11:46 AM

0 Kudos

View the SolutionThis topic has been marked as solved.

My solution is .NET specific. I found this stackoverflow post on how to copy and relay POST messages (the answer with the checkmark). I then wrote a simple MVC web app and put it on the TLS 1.2 server. The web app receives the x_relay_url POST back from Auth.net, copies the POST body and then relays it on to my app server.

sboyle
Member
In response to lmckeega

‎11-28-2017 12:49 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

We were pretty much in the same boat though we have a new server almost ready to go, though that wasn't really relevent.

We set up a VM on the new server, running apache.  xxxx.yourdomain.com  You don't need a VM, we are just configuring this server with compartmentalized VMs so it worked well.  Used certbot to set up a free ssl cert on the new machine.  All we needed to do then is move the script that gets the response  from auth.net to the new server.  Change the response relay URL to https://xxxx.yourdomain.com/anetresponse.php and then have it send whatever you need to the old server.  In our case, it was a bit easier because the VM could actually write the db entries in postgres directly and all the references on the page were fully qualified URLs. (Pretty rare for me, lol)

The jury is still out since we just did this a short time ago, but live tested it and have had a few transactions go through without a problem. You could certainly test in sandbox too, we were just time constrained.

Only note is we had to turn on Secure client renegotiation on the new server. I'll revisit that tomorrow but we were getting an error before we did that. Might be that it was started on a different server.

 

MikeCO
Member
In response to lmckeega

‎11-28-2017 05:04 PM

0 Kudos

View the SolutionThis topic has been marked as solved.

Hello @matterickson7 @MikeCO @sboyle @lmckeega @BenPutnam

 

Thank you for your patience.  We heard back today from operations that some of our servers used for Relay Response were modified to require TLS 1.2.  An investigation is underway to determine why this change was made, and when, but in the mean time we've removed those servers from service which should mitigate the issue for now.

 

We apologize for any inconvenience this has caused and applaud you for your persistence.

 

Richard

 

 

RichardH
Administrator Administrator
Administrator

‎11-29-2017 12:56 PM

View the SolutionThis topic has been marked as solved.

Good news!

 

I had switched over to TLS 1.2 yesterday and we haven't had an issue since ... now is that because Authorized fixed their issue ... or because of our change?  ugh.

 

Thanks to all who helped us get to resolution!

 

RichardH ... do you know what time you made the change?

 

Matt

matterickson7
Contributor
In response to RichardH

‎11-30-2017 07:24 AM

0 Kudos

View the SolutionThis topic has been marked as solved.

@RichardHDo you know what time the servers were taken out of service?  I would like to know if our servers were actually working under TLS 1.2 or if it was a timing coincidence that I made the change but you moved the servers our of production.

 

If my servers never ran under TLS 1.2 then I will need to do more testing ... 

matterickson7
Contributor
In response to RichardH

‎11-30-2017 07:41 AM

0 Kudos

View the SolutionThis topic has been marked as solved.

@matterickson7

 

We're still waiting for more details on when and why the change was made, but we've not heard any additional details.  Operations is using information from this thread to help isolate the time line.

 

Richard

RichardH
Administrator Administrator
Administrator
In response to matterickson7

‎11-30-2017 07:42 AM

0 Kudos
Copyright © 2024 Khoros, LLC