Invoke-RestMethod : The underlying connection was ... - Qlik Community

parviz_asoodehfard · ‎2019-12-12

Hi

I'm trying to access to APIs of Qlik from a client but I face with an error. This is my code:

$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","1234567890123456")
$hdrs.Add("X-Qlik-User","UserDirectory=****;UserId=***********")
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}

$url = "https://*************** /qrs/app/68cc1647-8311-4bf5-8070-04f08f36b639/hubinfo?xrfkey=1234567890123456"
Invoke-RestMethod -Uri $url -Method GET -Headers $hdrs -Certificate $cert

The Error:

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At line:8 char:1
+ Invoke-RestMethod -Uri $url -Method GET -Headers $hdrs -Certificate $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Extra information:

- I can run it on the server and get the response correctly.
- The OS of server and client are Win 10 (server and client).
- I have access to QMC from client.
- the $cert on client and server after running the upper code is similar.
- I've added [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 but it didn't solve.
- I've removed certificates (client.pfx and root.cer) from server and install them again and gotten the correct answer (on server) then I've done the same on the client but got the same error. [Now it seems I ruined the sandbox Qlik server :)) :((]

I will be appreciate any clue.

andoryuu · ‎2019-12-13

Try adding this at the beginning
#Cert security settings
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

andoryuu · ‎2019-12-18

@parviz_asoodehfard did you try this?

parviz_asoodehfard · ‎2019-12-19

yes, I tried but it didn't work. I suspect to the firewall, so I wanted to make sure it's not because of the firewall then I will reply you again. Thank you for your reply

andoryuu · ‎2019-12-19

@parviz_asoodehfard you may also need to run your PowerShell terminal as an administrator for this to succeed.

parviz_asoodehfard · ‎2020-01-03

Ok, My problem was solved. It was some restriction for using port 4242.

Furthermore, I learned two other things.

1. I have to use "Run Selection" (F8) instead of "Run" (F5)

unless I will get this error:

File C:\***\certificates\Untitled1.ps1 cannot be loaded. The file
C:\****\Untitled1.ps1 is not digitally signed. You cannot run this script on the current system.
For more information about running scripts and setting execution policy, see about_Execution_Policies at
https:/go.microsoft.com/fwlink/?LinkID=135170.
+ CategoryInfo : SecurityError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnauthorizedAccess

It seems it related to restriction policy in our company which may others have the same issue.

2. if you run the PowerShell ISE "as administrator" then your certificate should add to the administrator user.

By the way, Thank you @andoryuu

Snejqu · ‎2021-10-12

Can you elaborate how you managed to fix the 4242 port restriction?

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.

Qlik Sense