EDIINT AS2 MDN Authentication Error

Hi All,

I’m trying to send an outbound EDI to a Trading Partner who is using Gentran at their end.In the Activity log, i can see that the document is being successfully delivered to the Trading Partner, but i get an “MDN Disposition: Automatic-action/mdn-sent-automatically;processed/Error: authentication-failed” error.
Can someone tell me why this is happening? We exchanged the correct certificates also.

ramesh.

Did you request a signed receipt, but did you receive an unsigned MDN?

andrejan,

Yes, You are right.But, how to get back a signed MDN back from Gentran?Did anyone of you integrated with Gentran? Does someone know any configuration setting on Gentran side which sends out a signed MDN back to the sender?

ramesh.

Sorry Guys,

By looking at the Activity log, i can say that we got signed and verified MDN.Can someone chime into this as this has stalled our ongoing Partner Integration?

ramesh.

I’m sorry, the message indicates that the MDN reports back on an error from the partner. This means that the authentication failed on the partner’s side. You can see this by looking at the MDN content. There should be a message in it like “The signature of the message sent from [xxxx] for [yyyy] could not be verified”.
Make sure you use the right private key to sign the message, the partner should use your public key to verify.
Make sure on the service wm.EDIINT:send that the parameter “Type” is set to something you agreed upon with your partner (Signed, SignedAndEncrypted, etc.).
If you use a CA chain in a CA directory, retart the IS after adding the certificates.
Is Gentran Drummond certified?

andrejan,

In the Activity Log for the EDIINT MDN document type, i can see that the MDN has been signed and verified.Intresting thing is, in the EDIINT:send service, if i set the requestMDN to none, then it is working.we exchanged the correct certificates.because, if the issue was with the certificates, then it should complain even when i dont request the MDN.
The following is the content of the EDIINT MDN:

Date: Mon, 30 Jan 2006 07:44:08 GMT
Server: Jetty/4.2.14 (Windows 2000/5.0 x86 java/1.3.1_09)
Message-ID: MOKOnw1-gentran-6fa474-1091c86d968--3c46WeberAS2@nw1-gentran
Subject: Signed Message Disposition Notification
AS2-To: 089264470002
Content-Length: 1715
AS2-Version: 1.1
AS2-From: WeberAS2
Content-Type: multipart/signed;protocol=“application/pkcs7-signature”;micalg=sha1;boundary=“_=8160932553057131Sterling8160932553057131MOKO”

–_=8160932553057131Sterling8160932553057131MOKO

Content-Type: multipart/report;Report-Type=disposition-notification;boundary=“_=8798053626835024Sterling8798053626835024MOKO”

–_=8798053626835024Sterling8798053626835024MOKO

Your message could not be processed.

–_=8798053626835024Sterling8798053626835024MOKO

Content-Type: message/disposition-notification

Original-Recipient: rfc822;WeberAS2
Original-Message-ID: 1784547021.1138650246262.JavaMail.webmeth@WebMethAppDev
Disposition: Automatic-action/mdn-sent-automatically;processed/Error: authentication-failed

–_=8798053626835024Sterling8798053626835024MOKO–

–_=8160932553057131Sterling8160932553057131MOKO
Content-Type: Application/pkcs7-signature;name=EDIINTSIG.p7s

ramesh.

The MDN indicates that the EDIINT could not be processed at the partner’s side. If the partner says it can only be processed when you don’t request an MDN, then there’s something wrong at the partner’s side, I’m afraid.
Remember that when you don’t request an MDN, TN doesn’t know if it could be processed at the partner’s side. You’ll have to get this information from your partner.
The only thing you can do is try different combinations: send your EDIINT signed, encrypted, signedandencrypted, plain, with MDN without MDN and see which one works.
But if you are sending a valid EDIINT and it fails at the partner, my guess is there’s something wrong at the partner’s side, or there’s some miscommunication about certificate usage between you and your partner.

andrejan,

Thanks for your suggestions.I tried all of the above said before even posting this.Anyway, Partner is trying to resolve this issue with their Software vendor.

Thanks
ramesh.