AS1, AS2, AS3 - Hosts - AS2 (Enterprise only)

An AS2 host defines the parameters for transferring files to and from a partner via the AS2 protocol. For more information about AS2, please see "AS1, AS2 and AS3 - The AS2 Protocol".

as2host.png (9918 bytes)

AS2-Specific Host Options:

My Organization

Partner

Advanced AS2-Specific Host Options

Proxy

Email MDN

MOVEit DMZ's Role in AS2 File Transfers

MOVEit DMZ can accept and store AS2 messages and asynchronous AS2 MDNs that will be processed later (and often immediately) by MOVEit Central. MOVEit DMZ, rather than MOVEit Central, is used in the role of an "AS2 server" because MOVEit DMZ already serves the function of a secure, Internet-exposed HTTP(S) server and MOVEit Central already has an interface to MOVEit DMZ.

No additional license is required to accept and store AS2 messages and asynchronous AS2 MDNs on MOVEit DMZ because this feature is only useful when a separate AS1, AS2 and AS3 license has been purchased for MOVEit Central.

AS2 messages and asynchronous AS2 MDNs are uploaded and downloaded through HTTP(S) but are not part of the "normal" MOVEit DMZ file system. More specifically, all AS2 messages and AS2 MDNs will be found in special "/AS/[partner-name]" folders, created as needed (where "[partner-name]" is your partner's official trading name.) For example, if your partner "John Smith" sends you an AS2 message, it will be found in the "/AS2/John Smith" folder. Nonetheless, MOVEit DMZ administrators can view and delete AS2 message files through their usual web interface.

AS2 Server URL and MOVEit DMZ File Specifics

MOVEit DMZ receives AS2 messages and asynchronous AS2 MDNs though its built-in "as2receiver.aspx" component. When your AS2 trading partners ask for the URL they should use to post AS2 messages for you, you will need to give them a URL containing "as2receiver.aspx" and the name of your host. An example of such a URL is "https://as2.moveitdmz.com/as2receiver.aspx".

The same URL value is also used when requesting AS2 asynchronous MDNs as an AS2 destination step in MOVEit Central, but MOVEit Central lets you specify a macro of "[AS2ReceiverURL]" (in the "MDN URL" field) and figures out the exact URL at run time (because each AS2 Host can be linked to a specific MOVEit DMZ Host).

AS2 messages are normally stored as files bearing a name of "AS2Data". If you want different MOVEit Central tasks to process different AS2 messages from the same partner, you may want to "tag" each type of AS2 message transmission separately so MOVEit Central tasks can rapidly distinguish between them. The way to tag different types of AS2 transmissions is to include a "?Tag=[some-as2-filename]" argument on the URLs you hand out to your partners. For example, a modified URL of "https://as2.moveitdmz.com/as2receiver.aspx?Tag=Blue" would force MOVEit DMZ to save AS2 messages from partners using that URL as files named "Blue" rather than "AS2Data".

Asynchronous AS2 MDNs are stored as files bearing a name of "MDN=[AS2-ID]" where "[AS2-ID]" is the ID of the original AS2 message. An example of an AS2 MDN filename is "MDN=373c55dc-f4b6-4c1b-81a1-e39f3a1c22d7@9b751ee7-d32e-4138-8124-1c107f2cd5d2". Like AS2 messages, AS2 MDNs will be stored in folders named after the partners who sent them; MOVEit Central automatically knows where to look (because it uses the values configured for "partner name" in its AS2 Host definitions).

If your MOVEit DMZ hosts multiple Organizations and you want each to use its own store of AS2 messages and MDNs, you will also need to include an "OrgID=[OrgID]" tag (such as "OrgID=8011") in the URLs you give to your partners and configure in your requests for asynchronous HTTP MDNs. For example, you would need to give partners URLs such as "https://as2.moveitdmz.com/as2receiver.aspx?OrgID=8011" or "https://as2.moveitdmz.com/as2receiver.aspx?Tag=Blue&OrgID=8011" and would need to configure a URL of "[AS2ReceiverURL]?OrgID=8011" in your asynchronous HTTP MDN field if you wanted related AS2 messages and MDNs to go to a particular organization in a multiorganization configuration.

Both AS2 messages and asynchronous AS2 MDNs are deleted from MOVEit DMZ as soon as MOVEit Central successfully decrypts and/or validates them, determines that they are unfit or gives up after (re)trying to deliver any requested MDNs. AS2 messages that have requested synchronous MDNs will also be automatically deleted from MOVEit DMZ folders if MOVEit DMZ cannot deliver their respective MDNs. Additional automated clean up rules can also be applied to AS2 folders and files using the usual "folder settings" web interface in MOVEit DMZ.

Troubleshooting

Troubleshooting AS2 transmissions can be challenging because of all the different elements involved in a single AS2 transfer. However, the following methodologies should help you tackle transfer issues.

Troubleshooting Tasks with AS2 Destinations

Tasks with AS2 destinations are used to send files to your partners.

  1. Double-check that you and your partner agree on the following items and that they are configured identically on both sides of the transmission.
  2. Make sure MOVEit Central can connect to your partner's AS2 server. You test this when you run your transfer task - pay attention to "host not defined", "cannot connect", "404" errors and the like. If you are having problems here, your partner's URL is likely incorrect or inaccessible. (It's generally worth asking if you are the first one to try this particular connection.)
  3. Make sure MOVEit Central thinks it has sent the file successfully. You will know this is the case if MOVEit Central shows a working status of "X bytes sent" for your AS2 task and X is both "large" (sometimes larger than the original file size) and constant. If this is as far as MOVEit Central gets (because it it waiting for an MDN), the task will usually fail with an "AS2 Post Error: Timeout" error after one minute.
  4. Make sure the remote AS2 server thinks it has sent the MDN successfully. If MOVEit Central is getting past this step successfully, the task will simply complete successfully. If the task does not complete successfully, failure could be due to a number of things:

Troubleshooting Tasks with AS2 Sources

Tasks with AS2 sources are used to receive files from your partners.

  1. Double-check that you and your partner agree on the following items and that they are configured identically on both sides of the transmission.
  2. Make sure your partner's AS2 client can connect to your MOVEit DMZ server. You can start with basic connectivity and DNS tests by simply asking your partner to connect to your MOVEit DMZ using the URL you use for normal, interactive web access. Then have your partner try to send an AS2 file with the client and look/listen for "cannot connect", "404" and other errors that suggest that the remote AS2 client cannot connect to the AS2 interface of your MOVEit DMZ server.
  3. Make sure your partner is successfully posting files to MOVEit DMZ. sign on to your MOVEit DMZ server as an Admin or FileAdmin to see if you suspect your partner is not posting AS2 files successfully. If your partner is posting files successfully, you will see a folder named "/AS2/[PartnerName]" where "[PartnerName]" is the exact name of your partner (as configured in your AS2 host configuration). As your partner posts AS2 files, you will also see files named "AS2Data" (or something else if URLs with the "Tag=" attribute are used) show up in this folder and in the audit log.
  4. Make sure MOVEit Central is automatically kicking off the task associated with this transfer correctly. There are several reasons why this could not be happening - see the "Tasks Configured to Receive AS2 Files Do Not Run Automatically" section below for details.
  5. Make sure your MOVEit Central task is correctly processing your partner's AS2 file and returning a valid MDN. Fortunately, this is mostly internal processing at this point: MOVEit Central will provide you information about any problems occurring here. If your partner has requested an asynchronous MDN for its AS2 file, it is possible that the URL he/she provided in the AS2 message is invalid or unreachable, but this is almost the only error caused by external conditions that could be encountered at this stage.

Error Messages Encountered During AS2 File Transfer

"cannot connect to MIAS2: Access is denied"

This message usually indicates that MOVEit Central's "MIAS2.exe" AS2 helper application has not been started. This application should be started and have its own "Task Manager - Processes" entry when the MOVEit Central service starts. First try restarting the MOVEit Central service. If this does not fix the problem, use the "Run MOVEit Central manually" option from the "Start | Programs | MOVEit Central" program group to run MOVEit Central in the foreground and watch for other clues from the MOVEit Central or MIAS2 windows in the foreground.

"Host default partner cert not found"

This message often means that a partner's client certificate was imported and selected in an AS2 Host configuration, but that the underlying certificate has since been deleted. The best way to correct this situation is to reimport your partner's client certificate and reselect it in the AS2 Host configuration.

"405 Method Not Supported"

This message means you got to a web server (all AS2 servers are web servers) but that the web server doesn't understand or allow your request. If you copied an "Outgoing HTTP URL" from an AS2 Host configuration into a web browser, this message is perfectly normal (especially if your partner's server is an MOVEit DMZ AS2 server). However, if you see this message during an AS2 file transfer it more likely indicates one or more of the following problems:

"The requested name is valid, but no data of the requested type was found"

This error typically indicates that a DNS entry for a configured hostname could not found. If you see this error you should recheck any hostnames configured as part of this transfer. In a specific case, if this error starts with a "AS2SendMDN error: " prefix then the value of the "SMTP Server to be used for sending email MDNs" field in your AS2 host's Advanced settings ("Email MDN" tab) is probably not correct or not reachable.

"304 Could not write to file"

This message may mean that the transfer has exceeded the file size limit for AS2 Receive. The limit for a single file is 1 GB. If you are attaching files to a message (sent via ASx), the limit for a single message and attached files is 200 MB.

Tasks Configured to Receive AS2 Files Do Not Run Automatically

If you are receiving AS2 files from partners, you must set up tasks with AS2 Sources for each partner that will be sending you AS2 files. Partners post AS2 files to a MOVEit DMZ server and MOVEit Central normally learns about posted files and acts on them within seconds of their completion.

There are several reasons why tasks configured to receive AS2 files will not start automatically.