Happy Business Starts Here

Re: FAIL(-2000)

Partner

FAIL(-2000)

What is FAIL(-2000) error when making a callout notification on a New Subscription event? See pic below.

 

We developed a service to update the subscription notes field after a new subscription is created. However, FAIL(-2000) is the result when making the callout.

 

When the callout is pointed to a Runscope URL, it works - the callout goes thru successfully and the notes field is updated.

When the callout is pointed directly to the webservice, based on AWS, it fails.

The SSL cert on our webservice is issued by Amazon.

 

Here is a screen shot of the callout notification history, also showing the "view data".

 

fail-2000.png

Frontera Consulting
Oracle, Salesforce and Zuora Consultants
Tags (1)
9 REPLIES
Zuora Support

Re: FAIL(-2000)

-2000 error in our application logs is generally issue with SSL Certificates or SNI which we do not support in our callout framework which is often associated with the Amazon AWS Cloudfront service as SNI is either defaulted or hard-coded to enabled.

Most customers running callout endpoints from AWS tend to use EC2 instances in this scenario.



If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √

Student

Re: FAIL(-2000)

Hi Jyoti,

 

Can you provide more information about what exactly is the issue with the SSL certificate in this scenario?

 

Best

Mario

Highlighted
Savvy Scholar

Re: FAIL(-2000)

I am having the same issue fail(-2000) error , can you please provide a solution ? thank you for your help!

Zuora Support Moderator

Re: FAIL(-2000)

As Jyoti mentions above, SNI is not currently supported within Zuora callouts.  If your integration is hosting your callout endpoint on a CloudFront AWS integration, you will need to seek alternatives as I believe this environment requires SNI SSL connections.  Alternatives include using bare metal or VM machines outside of AWS or more traditional EC2 AWS instances NOT backed by CloudFront.  Some customers have also reported successfully using some form of proxy to address this, however I do not have any specific details on this solution at this time.

 



If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √


Tutor

Re: FAIL(-2000)

We are hosting our callout endpoint on an AWS EC2 instance, and it is not backed by CloudFront, but we are receiving this -2000 error response. It's a public-facing server, with directly accessible endpoints. The assoicated SSL certificate is a wildcard one for our domain. This is a simple proof of concept test; eventually, we'd like to place this behind an aWS Elastic Load Balancer to handle the notification even requests. Is AWS not a viable platform for such a solution? (I assume your product does support standard AWS configurations.)

Zuora Support Moderator

Re: FAIL(-2000)

To answer your question, yes - many of our customers routinely use fairly standard AWS EC2 instances without issue.  

Is it possible this is a self-signed certificate?    Per this article, we requrie CA signed cert for callout endpoints.  If not, you may wish to open a support case to have us review and work with our TechOps engineering to determine the source of your issue.

 

 



If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √


Savvy Scholar

Re: FAIL(-2000)

Hi Scott, 

when I troubslehoot my web service (webhook) using POSMAN i have no problmes reacing my hosted on AWC EC2 instance service. However I do not see any IIS logs to confirm Zuora is calling my web service. Perhpas something else is happening before. Does my WEB SERVER should be issuing some type of the header? In POSTMAN I see HEADER - please see below. I do not have any logins validation its simple service to consume subs name to use to get more deatil via ZUORA APIs. Any help is greatly appreciated!

 

 

Cache-Control →no-cache
Content-Length →13
Content-Type →application/json; charset=utf-8
Date →Wed, 17 Jan 2018 00:56:07 GMT
Expires →-1
Pragma →no-cache
Server →Microsoft-IIS/8.5
X-AspNet-Version →4.0.30319
X-Powered-By →ASP.NET
Zuora Support Moderator

Re: FAIL(-2000)

We would need to see what the call attempt looks like in the Zuora logs, and again - as outlined above -2000 error often means something SSL related (often SNI and occasionally certificate).   As above, to dig deeply into an individual failure, we need a support case with detailed examples on the call failures as seen from your tenant callouts notification history.  



If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √


Savvy Scholar

Re: FAIL(-2000)

Hi Scott, I did open a support case 2 weeks ago. Its still not resolved.