AS1, AS2, AS3 - Hosts - AS2 (Enterprise only)
An AS2 host defines the parameters for transferring files to and from a partner
via the AS2 protocol.
For more information about AS2, please see "AS1, AS2 and AS3 - The AS2 Protocol".
AS2-Specific Host Options:
My Organization
- Incoming DMZ Host - The MOVEit DMZ host which should receive AS2 messages
from the partner.
Partner
- Outgoing HTTP URL - The partner's HTTP server URL which MOVEit Central
should post AS2 messages to.
- Ignore Cert Errors - When this option is checked, problems with the
partner HTTP server's SSL certificate, such as a lack of trust or a name that does
not match the host name, will be ignored.
- SSL Client Cert - The SSL client certificate that should be
used when establishing a secure connection to the partner's HTTP server. If
"- None -" is selected, no client certificate will be used.
Advanced AS2-Specific Host Options
Proxy
- Type - The type of proxy server which MOVEit Central needs to communicate
with. Available proxy types are Default and Specific. The default value is None.
- Hostname/IP - The hostname or IP address of the proxy server.
- Port - The TCP port of the proxy server.
- Username - The username which MOVEit Central should use to authenticate to the proxy server.
- Password - The password which MOVEit Central should use to authenticate to the proxy server.
- SSL - Indicates whether MOVEit Central should use SSL to communicate with the proxy server.
Available options are Auto, Always, Never, and Tunnel. The default value is Auto.
Email MDN
- AS1 Host to be used for receiving email MDNs - In order to request asynchronous email MDNs,
this option must be set to an existing AS1 host. This host's configuration options will be used to
determine the parameters sent in the MDN request.
- SMTP Server to be used for sending email MDNs - The SMTP server which email MDNs will be
sent through when such MDNs are requested by the partner.
- From Address to be used for sending email MDNs - The email address which will be listed
as the From address when email MDNs are sent to the partner.
MOVEit DMZ can accept and store AS2 messages and asynchronous AS2 MDNs that will be processed later (and often immediately) by MOVEit Central. MOVEit DMZ, rather than MOVEit Central, is used in the role of an "AS2 server" because MOVEit DMZ already serves the function of a secure, Internet-exposed HTTP(S) server and MOVEit Central already has an interface to MOVEit DMZ.
No additional license is required to accept and store AS2 messages and asynchronous AS2 MDNs on MOVEit DMZ because this feature is only useful when a separate AS1, AS2 and AS3 license has been purchased for MOVEit Central.
AS2 messages and asynchronous AS2 MDNs are uploaded and downloaded through HTTP(S) but are not part of the "normal" MOVEit DMZ file system. More specifically, all AS2 messages and AS2 MDNs will be found in special "/AS/[partner-name]" folders, created as needed (where "[partner-name]" is your partner's official trading name.) For example, if your partner "John Smith" sends you an AS2 message, it will be found in the "/AS2/John Smith" folder. Nonetheless, MOVEit DMZ administrators can view and delete AS2 message files through their usual web interface.
MOVEit DMZ receives AS2 messages and asynchronous AS2 MDNs though its built-in "as2receiver.aspx" component. When your AS2 trading partners ask for the URL they should use to post AS2 messages for you, you will need to give them a URL containing "as2receiver.aspx" and the name of your host. An example of such a URL is "https://as2.moveitdmz.com/as2receiver.aspx".
The same URL value is also used when requesting AS2 asynchronous MDNs as an AS2 destination step in MOVEit Central, but MOVEit Central lets you specify a macro of "[AS2ReceiverURL]" (in the "MDN URL" field) and figures out the exact URL at run time (because each AS2 Host can be linked to a specific MOVEit DMZ Host).
AS2 messages are normally stored as files bearing a name of "AS2Data". If you want different MOVEit Central tasks to process different AS2 messages from the same partner, you may want to "tag" each type of AS2 message transmission separately so MOVEit Central tasks can rapidly distinguish between them. The way to tag different types of AS2 transmissions is to include a "?Tag=[some-as2-filename]" argument on the URLs you hand out to your partners. For example, a modified URL of "https://as2.moveitdmz.com/as2receiver.aspx?Tag=Blue" would force MOVEit DMZ to save AS2 messages from partners using that URL as files named "Blue" rather than "AS2Data".
Asynchronous AS2 MDNs are stored as files bearing a name of "MDN=[AS2-ID]" where "[AS2-ID]" is the ID of the original AS2 message. An example of an AS2 MDN filename is "MDN=373c55dc-f4b6-4c1b-81a1-e39f3a1c22d7@9b751ee7-d32e-4138-8124-1c107f2cd5d2". Like AS2 messages, AS2 MDNs will be stored in folders named after the partners who sent them; MOVEit Central automatically knows where to look (because it uses the values configured for "partner name" in its AS2 Host definitions).
If your MOVEit DMZ hosts multiple Organizations and you want each to use its own store of AS2 messages and MDNs, you will also
need to include an "OrgID=[OrgID]" tag (such as "OrgID=8011") in the URLs you give to your partners and configure in
your requests for asynchronous HTTP MDNs. For example, you would need to give partners URLs such as
"https://as2.moveitdmz.com/as2receiver.aspx?OrgID=8011" or
"https://as2.moveitdmz.com/as2receiver.aspx?Tag=Blue&OrgID=8011" and would need to configure
a URL of "[AS2ReceiverURL]?OrgID=8011" in your asynchronous HTTP MDN field if you wanted related AS2 messages and MDNs to go to a particular organization in a multiorganization configuration.
Both AS2 messages and asynchronous AS2 MDNs are deleted from MOVEit DMZ as soon as MOVEit Central successfully decrypts and/or validates them, determines that they are unfit or gives up after (re)trying to deliver any requested MDNs.
AS2 messages that have requested synchronous MDNs will also be automatically deleted from MOVEit DMZ folders if MOVEit DMZ cannot deliver their respective MDNs.
Additional automated clean up rules can also be applied to AS2 folders and files using the usual "folder settings" web interface in MOVEit DMZ.
Troubleshooting AS2 transmissions can be challenging because of all the different elements involved
in a single AS2 transfer.
However, the following methodologies should help you tackle transfer issues.
Tasks with AS2 destinations are used to send files to your partners.
- Double-check that you and your partner agree on the following items and that they are configured identically on both sides of the transmission.
- The URL of your partner's remote AS2 server
- Your organization's name and your partner's name
- Your organization's client certificate and your partner's client certificate
- The type of encryption to be used
- What sort of MDN you should receive from your partner (usually "none", "synchronous" or "asynchronous"; your partner doesn't need to configure this but should probably know about your choice or will have an opinion of their own)
- Make sure MOVEit Central can connect to your partner's AS2 server.
You test this when you run your transfer task - pay attention to "host not defined", "cannot connect", "404" errors and the like.
If you are having problems here, your partner's URL is likely incorrect or inaccessible.
(It's generally worth asking if you are the first one to try this particular connection.)
- Make sure MOVEit Central thinks it has sent the file successfully. You will
know this is the case if MOVEit Central shows a working status of "X bytes sent" for your AS2 task
and X is both "large" (sometimes larger than the original file size) and constant.
If this is as far as MOVEit Central gets (because it it waiting for an MDN), the task
will usually fail with an "AS2 Post Error: Timeout" error after one minute.
- Make sure the remote AS2 server thinks it has sent the MDN successfully.
If MOVEit Central is getting past this step successfully, the task will simply complete
successfully. If the task does not complete successfully, failure could be due to
a number of things:
- Remote AS2 server told MOVEit Central it received the file but then never processed it
or failed to process it and silently through it away. You will need an administrator on
the remote AS2 server to help you if this is the case.
- Remote AS2 server does not support the requested MDN and takes the file anyway - another
type of "silent" failure. You may want to switch your MDN type between sync/async,
but you may need to get the remote AS2 server administrator involved in here too.
- Remote AS2 server processes your file but fails to get you
a synchronous MDN back in time. If this is the case, the remote AS2 server may log
that it created an MDN for your file, but it should also log the fact that you never got it.
- Remote AS2 server processes your file but cannot send you
an asynchronous MDN. As long as you have taken care to leave
a value of "[AS2ReceiverURL]" in your Destination's "MDN URL" this error
is likely due to an unresolvable DNS, proxy server or other connection problem on the
remote AS2 server's side.
Tasks with AS2 sources are used to receive files from your partners.
- Double-check that you and your partner agree on the following items and that they are configured identically on both sides of the transmission.
- The URL of your (MOVEit DMZ) AS2 server. This will be something like "https://myserver.moveitdmz.com/as2receiver.aspx"
- Your organization's name and your partner's name
- Your organization's client certificate and your partner's client certificate
- The type of encryption to be used
- (You can ask about what sort of MDN your partner expects, but there is nothing
to configure in MOVEit Central regarding this information because AS2 file senders configure
this value and AS2 file receivers - MOVEit Central in this case - are expected to pull it off incoming AS2 messages.)
- Make sure your partner's AS2 client can connect to your MOVEit DMZ server.
You can start with basic connectivity and DNS tests by simply asking your partner to connect
to your MOVEit DMZ using the URL you use for normal, interactive web access.
Then have your partner try to send an AS2 file with the client and look/listen for
"cannot connect", "404" and other errors that suggest that the remote AS2 client cannot connect to
the AS2 interface of your MOVEit DMZ server.
- Make sure your partner is successfully posting files to MOVEit DMZ.
sign on to your MOVEit DMZ server as an Admin or FileAdmin to see
if you suspect your partner is not posting AS2 files successfully. If your partner is posting files
successfully, you will see a folder named "/AS2/[PartnerName]" where "[PartnerName]" is the exact
name of your partner (as configured in your AS2 host configuration). As your partner posts AS2 files,
you will also see files named "AS2Data" (or something else if URLs with the "Tag=" attribute are used)
show up in this folder and in the audit log.
- Make sure MOVEit Central is automatically kicking off the task associated with this transfer correctly.
There are several reasons why this could not be happening - see the "Tasks Configured to Receive AS2 Files Do Not Run Automatically" section below for details.
- Make sure your MOVEit Central task is correctly processing your partner's AS2 file and returning
a valid MDN. Fortunately, this is mostly internal processing at this point:
MOVEit Central will provide you information about any problems occurring here.
If your partner has requested an asynchronous MDN for its AS2 file, it is possible
that the URL he/she provided in the AS2 message is invalid or unreachable, but this
is almost the only error caused by external conditions that could be encountered at this stage.
"cannot connect to MIAS2: Access is denied"
This message usually indicates that MOVEit Central's "MIAS2.exe" AS2 helper application has not been started.
This application should be started and have its own "Task Manager - Processes" entry when the MOVEit Central service
starts. First try restarting the MOVEit Central service. If this does not fix the problem, use the
"Run MOVEit Central manually" option from the "Start | Programs | MOVEit Central" program group to run MOVEit Central in the foreground and watch for
other clues from the MOVEit Central or MIAS2 windows in the foreground.
"Host default partner cert not found"
This message often means that a partner's client certificate was imported and selected in an AS2 Host
configuration, but that the underlying certificate has since been deleted. The best way to correct
this situation is to reimport your partner's client certificate and reselect it in the AS2 Host configuration.
"405 Method Not Supported"
This message means
you got to a web server (all AS2 servers are web servers) but that the web server doesn't understand or
allow your request.
If you copied an "Outgoing HTTP URL" from an AS2 Host configuration into a web browser, this message
is perfectly normal (especially if your partner's server is an MOVEit DMZ AS2 server).
However, if
you see this message during an AS2 file transfer it more likely indicates one or more of the following
problems:
- The "Outgoing HTTP URL" you typed in is incorrect.
- A proxy server between your MOVEit Central and your partner's AS2 server does not allow AS2 traffic.
- URLScan or some other host-based intrusion engine does not allow AS2 transactions.
"The requested name is valid, but no data of the requested type was found"
This error typically indicates that a DNS entry for a configured hostname could not found.
If you see this error you should recheck any hostnames configured as part of this transfer.
In a specific case, if this error starts with a "AS2SendMDN error: " prefix then the value
of the "SMTP Server to be used for sending email MDNs" field in your AS2 host's
Advanced settings ("Email MDN" tab) is probably not correct or not reachable.
"304 Could not write to file"
This message may mean that the transfer has exceeded the file size limit for AS2 Receive. The limit for a single file is 1 GB. If you are attaching files to a message (sent via ASx), the limit for a single message and attached files is 200 MB.
If you are receiving AS2 files from partners, you must set up tasks with AS2 Sources for each partner that will be
sending you AS2 files. Partners post AS2 files to a MOVEit DMZ server and MOVEit Central normally
learns about posted files and acts on them within seconds of their completion.
There are several reasons why tasks configured to receive AS2 files will not start automatically.
- Your partner isn't really posting AS2 files successfully - Your partner will post AS2 files to
your MOVEit DMZ server so you must sign on to your MOVEit DMZ server as an Admin or FileAdmin to see
if you suspect your partner is not posting AS2 files successfully. If your partner is posting files
successfully, you will see a folder named "/AS2/[PartnerName]" where "[PartnerName]" is the exact
name of your partner (as configured in your AS2 host configuration). As your partner posts AS2 files,
you will also see files named "AS2Data" (or something else if URLs with the "Tag=" attribute are used)
show up in this folder and in the audit log. If AS2 file posts are not making it this far,
please consult the
"405 Method Not Supported" advice above.
- AS2 poller is not running - If you watch the MOVEit Central debug log at the All Debug level
with no task filter set, you should see orange messages like
"AS poller found X files on..."
and "AS2 poller polled X hosts, saw Y files, started Z tasks"
scroll by every few seconds. If you do not see these messages, the AS2 poller (that looks for AS2 file
postings
on MOVEit DMZ) is probably not running. Normally, restarting the MOVEit Central service will fix this.
- AS2 poller is finding files, but your task isn't scheduled to run at the time the files are found -
At the All Debug level, orange messages like
"Considering new file AS2/.../... for task X" will scroll by whenever
new AS2 files are posted to your MOVEit DMZ server.
If the task you would expect to act on the posted files is not one of the ones listed,
it is probably because your task is missing a schedule that would allow it to run
when files arrive during a particular window of time.
The easiest way to correct this situation is to add a "always on"
schedule to your task that runs
on "All Days", "Repeated" between "00:00" and "23:59".
- AS2 poller is finding files and your task is scheduled to run when the files are found
but the related "receive" task still isn't getting called.
-
If this is your situation, make sure your AS2 source's "File Tag(s)" match (or include) the
filenames of AS2 files being posted to your MOVEit DMZ server.
When in doubt, use a wildcard File Tag of "*" to download everything from that particular partner.