Azure BizTalk Services – Some deployment errors

Posted: September 25, 2013  |  Categories: Azure BizTalk Uncategorized

Way back in June i started on a journey to teach myself about Azure BizTalk services which was is in preview. At that time i started rolling my own following the first tutorial here. I decided to document my journey because it may help someone else or help me understand where I went wrong. I got as far as Step6: Build and Deploy and then I started to get errors. To begin with i got;

The remote server returned an error: (401) Unauthorized.

I had not understood how to get the correct the ACS credentials.

At this point I shelved what I was doing while I went on holiday. On returning from holiday I had boring traditional BizTalk work piling up and I had no time to get back to this. Last week I finally picked this up again and was horrified to find two months has gone past. Since that time there has been several helpful posts and one of the most helpful was  “Windows Azure BizTalk Services – getting started” by  Sam Vanhoutte

Sam gives the solution to my problem succinctly “…  through the Active Directory tab and create an ACS namespace there.

  • To get the user and password settings, you need to click on the Manage button in the Access Control Namespace section of the Active Directory module in the Azure portal.  This will bring you to the ‘old’ ACS management portal where you can get your user.
  • This should be done by selecting the ‘Management Service’ link on the left.
  • Then either use the existing ManagementClient service account or create a new one
  • Click the service account you want to use and then click the Password link.
  • To get the password, you can click the Show Password button. “

Now going past this error the next error I got was;

The remote server returned an error: (400) Bad Request.

The service URL was not correct. I changed it from to and got a different error;

The remote server returned an error: (401) Unauthorized.

This time I was using the wrong username and key. On correcting this error I then get an error;

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I found that since i started my journey that a sample is available from the MSDN Code Gallery. I downloaded this and tried to deploy this instead and got exactly the same error. I reverted to my original solution.

It seemed there must be an issue with the certificate I had deployed to the BizTalk Services on Azure. I had used a self signed certificate but could not remember how i created it so i decided to recreate it and then re-import it Azure BizTalk services. I think I had created it with the name of the ACS namespace instead of that of the BizTalk service. Once again Sam came to the rescue with a good description how to create the certificate “… executing the following in the developer command prompt: makecert -pe -r -n “CN=<yourservicename>” -e “01/01/2015” -ss my “. I then exported this from my certificate store and re-imported it into my trusted root store.

Now the tricky bit. How do you refresh the certificate? Open the BizTalk service dashboard. Under at a glance there is tag to Update SSL certificate which allows you to upload a new SSL certificate. Once I did this I tried to deploy again and got the same error. I then waited for about ten minutes and this time the deploy was successful. As Sam says be patient!

I am glad I have got this far and only can wonder how I got it so wrong to begin with. I think I must have struck just about every error you can get during a deployment.


Back to Top