function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Steve InmanSteve Inman 

SOAP API fail on one computer within our organization

Hi,
We have been using the SOAP API calls for a couple of years without issue.
On one of our machines which was recently given a fresh image, we are unable to communicate with the SOAP interface when connecting to Salesforce within Python.
I've tried connecting to both: 
https://test.salesforce.com/services/Soap/u/32.0
and
https://login.salesforce.com/services/Soap/u/32.0

I have disabled all firewalls and still no luck from one machine on our network.
Is there an easy way to validate that Salesforce is even receiving the call from this machine as a standard Salesforce error message isn't being returned.
Thanks,
Steve
KevinPKevinP
I recently helped a friend debug a similar problem. Turned out the library he was using to connect (wasn't python but a soap lib for Ruby) was unable to handle the new Certs on the sandbox and was throwing a certificate validation error. Could something like that be happening?

Also, I know this sounds ... overly simple, but check your hosts file to make sure there's not a DNS resolution issue?
Steve InmanSteve Inman
Thanks Kevin.  I'm using the beatbox site collection within Python.  Do you know how you were able to validate that the error was actually a certificate conflict?  I also will validate DNS resolution on my end.
KevinPKevinP
Steve,

We were using a modified version of the Soap4r ruby gem. With Ruby / that gem, I can basically dump the entire "wire conversation" -- what the client is sending and recieving from the SF server to the screen to debug things. Generated about 19 pages of very unformated text. I searched that in Sublime text for "ERR" and saw that it was failing to validate the new 2048b certs.

I would assume that something similar is possible with python, but I don't know how. (I don't do python)
Steve InmanSteve Inman
That is awesome insight, thank you.  I will report back my findings from that standpoint.
Steve InmanSteve Inman
Also, regarding your DNS comment.  I'm able to hit the URL with the normal GET error message the same as how I see it on a machine that works.  And my hosts file only has the mapping for localhost.  So I think I'm fine on that front, but appreciate the comment to verify that.
Steve InmanSteve Inman
Kevin,

Looks like you are spot-on with the certificate error.  I added the httplib and requests module to my Python install and embedded the try within the login call in the beatbox modules.  I get the error below.  Now that being known, how did you go about correcting the certificate error?  Are there steps you followed with the client you fixed this for?

send: 'GET /services/Soap/u/32.0 HTTP/1.1\r\nHost: test.salesforce.com\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent: python-requests/2.5.3 CPython/2.7.9 Windows/7\r\n\r\n'
reply: 'HTTP/1.1 405 GET not supported\r\n'
header: Date: Wed, 04 Mar 2015 20:10:49 GMT
header: Set-Cookie: BrowserId=AEowaw4kQUKmCszgfiUeaA;Path=/;Domain=.salesforce.com;Expires=Sun, 03-May-2015 20:10:49 GMT
header: Content-Type: text/html;charset=ISO-8859-1
header: Cache-Control: must-revalidate,no-cache,no-store
header: Content-Length: 1401

Traceback (most recent call last):
  File "C:\myCode\SFDC\test_beatbox_call2.py", line 34, in <module>
    requests.get(sf_client.login(sf_username, sf_password))
  File "C:\Python27\lib\site-packages\beatbox\python_client.py", line 76, in login
    res = BaseClient.login(self, username, passwd)
  File "C:\Python27\lib\site-packages\beatbox\_beatbox.py", line 78, in login
    lr = LoginRequest(self.serverUrl, username, password).post()
  File "C:\Python27\lib\site-packages\beatbox\_beatbox.py", line 344, in post
    conn.request("POST", path, self.makeEnvelope(), headers)
  File "C:\Python27\lib\httplib.py", line 1001, in request
    self._send_request(method, url, body, headers)
  File "C:\Python27\lib\httplib.py", line 1035, in _send_request
    self.endheaders(body)
  File "C:\Python27\lib\httplib.py", line 997, in endheaders
    self._send_output(message_body)
  File "C:\Python27\lib\httplib.py", line 850, in _send_output
    self.send(msg)
  File "C:\Python27\lib\httplib.py", line 812, in send
    self.connect()
  File "C:\Python27\lib\httplib.py", line 1216, in connect
    server_hostname=server_hostname)
  File "C:\Python27\lib\ssl.py", line 350, in wrap_socket
    _context=self)
  File "C:\Python27\lib\ssl.py", line 566, in __init__
    self.do_handshake()
  File "C:\Python27\lib\ssl.py", line 788, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
CMG Sign Up FormCMG Sign Up Form
@KevinP, Hello I saw your comment regarding Soap4r, I am having exactly the same problem right now on a production app and I was wondering how did you get to solve that. I am using dm-salesforce-adapter gem which has soap4r as a dependency, i forked the gem and changed to soap2r on my dm-salesforce-adapter fork but it did not work. So i was wondering what did you do for making it work in your's friend scenario.

I would much appreciate your answer since this is been causing me troubles for 1 week already. 
Steve InmanSteve Inman
Hi, the root of my issue I found to be a registry issue with my user.  When I opened up a CMD window, I wasn't in the user directory that one normally would see when opening that.  It had me in some other folder.  I think because of that, the certs associated with Salesforce and my user account weren't able to find each other and I was getting these errors.  When I reset the cmd window to open in my standard user directory, then everything started working again.
One other thing to keep in mind that we ran into recently was in communicating with Salesforce via a web service call from inside of an ETL tool.  With their latest release, Salesforce only supports SH-256 certificates now and we had to push out a newer patch set on our ETL tool to communicate cleanly.