Activity
Working with Kevin and Steve to resolve issue.
I just received a call from Northgate HS (6311) and they are also experiencing issues running credit cards with Open Edge
I had them send their logs
New Information here: they mentioned that it works and then it does not work
@8:30 this morning it did not work, then it started to work and now it does not work again
I have the IT contact information here:
925-682-8000 x4107
925-586-3673
Please let me know what you see in the logs
These matters are extremely important to assist with quickly as they only have one more day to collect funds from the students.
MW
Worked with Steve and Chadd. We went through the logs and found that they completed 3 card transactions on 05/22/20, but the logs did not show any attempts to complete card transactions from that day until 05/27/20.
On the log dated 05/27/20 we found the following error: "unable to find valid certification path to requested target". This was the only transaction attempt for the day.
We checked the certificates in the store application and on ws.paygateway.com and found that the certificates match, so it is not a certificate issue.
We later got another email from the organization with logs, and a message that it was now working.
Monica mentioned that there were doing a drive through at the school so they could collect monies owed. If they are going out to a parking lot to process the transactions, they could very well be losing internet because they go too far from the wireless connection.
This is an intermittent connectivity problem between the site/district and open edge's ws.paygateway.com.
This is an intermittent connectivity issue between the school/district and OpenEdge's ws.paygateway.com. There is nothing we can do.
Re-opened to add a comment.
Please leave this ticket open until I hear back from Akan on the results for the logs @ Northgate HS
MW
Email from Monica today:
Hi Debbie,
I wanted to make sure that you know this issue is happening and I hope that you can help me get an answer soon.
MT Diablo Unified (all schools) is experiencing issues with accepting credit cards on site. They have been calling in regularly seeking assistance since Friday of last week. Ygnacio Valley HS was the first.
On Friday I spoke with Ygnacio Valley and our IT (Kevin) and we thought the issue was due to the district restricting our site domain. We had the district whitelist ws0.asbworks.com and ws.paygateway.com. We did get one machine working. They called back in this week confirming both sites are white listed, but they are still having issues.
I have not heard if they (our IT) found the problem. I am not sure what my next step should be, so I am starting with you
Here is the response back from the onsite IT person:
Subject:
In Person Credit Card Transaction failure
Requester: Jeff Garaventa
Note Content:
Responded in ticket #1511:
Hello and thank you for replying in such a timely fashion.
I do not believe this is a connectivity issue. Each of our high schools have a 1GB network connection from the District Office. Also, we have a number of people at each site performing critical work - and we have had no discussion of network problems. We haven't made any material network changes at the sites.
I just ran the OOKLA Internet Speed test at Northgate - our download speed was 489 Mbps and the upload speed was 740Mbps.
Best,
Jeff
Monica
After reviewing the logs from Northgate HS, it appears they were able to run successfully until around 2:00 pm, yesterday afternoon. Nothing changed on their POS to make the processing fail–at least nothing we did. Ygnacio was having problems until 3:00 pm, yesterday, when we were notified it was working, again. We have seen no logs from any other schools and have confirmed payment processing with OpenEdge is currently working for us with the latest POS and RCM. We have also confirmed that there have been a total of 4 transactions for the district, 2 from NorthGate, 1 from Ygnacio, and 1 from Concord HS.
The error we are getting is a failure to read the SSL Certificate Chain for the server certificate at https://ws.paygateway.com. Connectivity does not appear to be a problem but reading the certificate chain appears to be failing intermittently. I understand their IT department has been making some network changes. Do any of these changes have anything to do with SSL certificates? SSL inspection, perhaps?
We had a problem, last year, with a product called Fortigate that a district started using that caused problems similar to this. We are looking for details but perhaps their IT department can provide more information about their changes.
In the meantime, there is little more we can do since this appears to be unrelated to anything we are doing or have done.
This is the email Chadd sent last year when we had this problem
Monica, next time we get someone that has that issue with FortiGate (or SSL Inspection was activated with whatever they're using), we would like to be involved with it to try to get more information about it in the hopes of preventing this even being a call in the future.
Steve, please let me know what I should tell their IT person.
Per Jeff/IT:
Just to be clear - do you want SSL inspection or for us to BYPASS SSL inspection on ws.paygateway.com?
AS
Also per Jeff/IT:
We use Fortiproxy and we also use SSL inspection, but we have whitelisted ws.paygateway.com – it bypasses SSL inspection. Would you like us to bypass SSL inspection for *.paygateway.com?
AS
Talked with Angela about the replies from the Jeff, the IT guy.
I asked if they had tried using POS since the changes Jeff made to their network and there was no way to be sure. Asked Angela to get in touch with the sites to have them try using POS again to see whether the changes he made fixed their issue or they are still getting errors.
The POS station is written in Java and uses the same HTTP protocol used by web browsers to communicate with our servers and the OpenEdge PayGateway servers. This problem we have seen before with Fortigate products and apparently results from a certificate warning, for which web browsers present a bypass option to the user, but Java does not have such a facility.
Where we have seen this problem in the past, our district customer configured their system to bypass all SSL Inspection for our websites. I do not know if they were required to do this for the OpenEdge sites.
Here is a link to the information we believe is relevant to this problem. If the customer needs further help with this, they really should contact Fortinet support.
FYI, https://ws.paygateway.com and https://ws.test.paygateway.com are the only OpenEdge URLs used by our POS system.
Updated Jeff/IT guy with Steve's latest comment. Leaving ticket open so that they can test on Monday.//AS
Their Fortiproxy Firewall seems to be what the issue was. Here are the IT people that corrected it. In case you want to speak to them.
925-682-8000 x4107
925-586-3673
Our treasurer at Northgate was able to do credit card transactions on Friday – though she just told me today/ We do use Fortiproxy – one of our technicians excluded ws.paygateway.com and ws.test.paygateway.com from SSL decryption and that seemed to take care of it.
I will close the loop on this end…
Monica
This issue was first brought to my attention on Friday 5/22, I had her IT department white list ws0.asbworks.com and ws.paygateway.com. This did allow one machine to start working. The other two machines still were not working.
Today 5/27 she called back in and mentioned how the Point of Sale stopped working again.
She sent her logs to IT.
I called into support and spoke with Kevin, he read the logs and said he would talk with Steve.
She mentioned how Concord HS was the only one successful with their CC transactions. They had not done the update to their RCM.
She mentioned how College Park is also not working and she uses Pace.
She then called back in and said her transactions were now processing.
MW