AS2 Troubleshooting

AS2 is a protocol to transmit signed and encrypted business data payloads over HTTP. AS2 also has a mechanism for confirmation of both receipt and message integrity.

AS2 overview

For AS2 transmission, the sender and receiver:

  • Are represented with their AS2 ID
  • Own encryption certificates they associate with their AS2 ID (they provide their public key to the other party)
  • Have an endpoint to receive AS2 messages

The AS2 ID and certificate is used to secure the message by encryption and to authenticate the sender using hash-based signatures.

AS2 step-by-step

The broad steps for AS2 transmission are:

  1. Sender encrypts and signs (including integrity check)
  2. Transmission
  3. Receiver decryption and verifies signature (including integrity check)
  4. Receiver confirms receipt and integrity

Before an AS2 message can be transmitted, the two partners must exchange certificates. Each partner inputs the other’s certificate into their AS2 software.

To begin, the sender’s AS2 software encrypts and signs the X12-formatted EDI document using a Message Integrity Check (MIC). The sender then transmits the EDI document to a specified URL along with AS-To and AS-From headers that specify the AS2 IDs of the sender and receiver.

The receiver accepts the message and decrypts it. The receiver calculates the MIC and ensures that it matches the MIC in the sender’s signature. If everything matches, the recipient generates and signs a Message Disposition Notification (MDN), which is returned to the sender. The MDN includes the MIC of the original message, which the sender can use as a guarantee that the recipient is processing the same content that was sent.

The sender gets back the MDN and compares the MIC returned by the receiver to the one that was calculated before the message was sent.

Using AS2 with Orderful

To send and receive AS2 data with Orderful you will need both an Inbound and an Outbound AS2 Communication Channel.

Outbound AS2: Your Outbound AS2 will be how you send your AS2 messages to Orderful, and Orderful will then pass your data on to your Trading Partner.

Inbound AS2: Your Inbound AS2 will be how Orderful will send you AS2 messages that you then ingest into your backend system.

In order to use AS2 with Orderful, you should start by creating an Inbound AS2 channel. Orderful automatically creates an Outbound AS2 Communication Channel when you create an Inbound one.

Instructions for creating an Inbound AS2 Communication Channel can be found here:

📘

Orderful only supports synchronous, encrypted AS2 transmission with no compression using HTTPS or HTTP. Asynchronous transmission, compressed data and unencrypted data are not supported.

AS2 and HTTP Errors

Errors can arise at any of the major points in AS2 transmission, either on the way to or from Orderful. Errors can occur either as a part of the HTTP transfer, resulting in HTTP errors, or once the message reaches the AS2 server, resulting in AS2 errors. In general, AS2 errors fall into one these categories:

  • Issues with the sender and/or receiver AS2 IDs.
  • Misconfigured encryption: decryption failure.
  • Misconfigured encryption: integrity check failure.
  • Processing errors within the AS2 server: Transactions can't be created.

In some cases, you will have to follow different troubleshooting steps depending on whether the error is in the Outbound or Inbound Communication Channels.

Inbound Errors

Inbound AS2 errors occur when Orderful is sending AS2 messages to you. You can see the errors within your software, however you can also troubleshoot errors using the audit trail for your Transaction. To see the audit trail, go to your Transactions page and click on a Transaction, then click on the checklist icon in the top right. This will bring up the audit trail modal:


Inbound HTTP Error: 400

Audit Trail: 400 Bad Request

Cause: Your server thinks the incoming AS2 message from Orderful is malformed in some way.

Solution: Check your backend server logs for more information.


Inbound HTTP Error: 401

Audit Trail: 401 Unauthorized

Cause: Your server is requesting authentication for the incoming AS2 message.

Solution: Orderful does not support additional authentication for AS2. Be sure that your server is not requesting additional authentication such as Basic Auth.


Inbound HTTP Error: 403

Audit Trail: 403 Forbidden

Cause: Your server does not think that Orderful has permission to send the incoming AS2 message.

Solution: Orderful does not support additional authentication for AS2. Be sure that your server is not requesting additional authentication such as Basic Auth.


Inbound HTTP Error 404

Audit Trail: 404 Not Found

Cause: The incoming AS2 message is being sent to a URL that cannot be found.

Solution: Make sure that you have configured the correct AS2 URL in your Incoming AS2 Communication Channel.


Inbound HTTP Error: 500

Audit Trail: 500 Internal Server Error

Cause: A general error has occurred within your server.

Solution: Refer to your server logs for more information.


Inbound HTTP Error: 504

Audit Trail: 504 Gateway Timeout

Cause: There was an error in a network gateway, such as your firewall.

Solution: Check your firewall settings and logs for more information.


Inbound MDN Error: Asynchronous MDN

Audit Trail: The response was empty and a synchronous MDN is required and "Delivery status" is FAILED

Cause: This will occur if you respond to a Orderful’s AS2 request with anything other than an MDN.

Solution: Configure your AS2 software to respond with synchronous MDNs. If this configuration is already present, check if there are any other possible connection issues.


Inbound MDN Error: Decryption Failed

Audit Trail: Received an MDN with errors and Delivery status FAILED

Cause: Your AS2 software is unable to decrypt the AS2 message sent from Orderful. This may be because you have uploaded the wrong certificate to Orderful, or are unable to decrypt messages that use our algorithm.

Solution: Confirm that you have uploaded the correct certificate in your Inbound Communication Channel configuration. Also confirm that your AS2 software is able to decrypt messages using the 3DES algorithm.


Inbound MDN Error: Integrity Check Failed (Signature verification)

Audit Trail: The signature is unverified. or The MDN was signed using the wrong certificate. and “Delivery status” is FAILED

Cause: Orderful was unable to match the certificate in the signature.

Solution: The Orderful Inbound AS2 Communication Channel must be updated with the correct certificate that matches the one in your AS2 software.


Inbound MDN Error: Integrity Check Failed (Message integrity)

Audit Trail: The message ID was incorrect. or The message integrity check was incorrect. and “Delivery status” is FAILED

Cause: Either the message ID is incorrect or the message contents do not match those used to generate the signature.

Solution: Ensure that your MDN response contains a message ID that matches the original AS2 message that you were sent by Orderful.


Outbound Errors

If an error occurs on your Outbound AS2 Communication Channel, your AS2 software will receive either an HTTP error response or an MDN response with further information about the error.

HTTP Error: 400

Error: 400 Bad Request

Cause: The AS2 message you sent to Orderful is malformed in some way.

Solution: Contact [email protected]


HTTP Error 404

Error: 404 Not Found

Cause: Your AS2 message was directed to an Orderful URL that could not be found.

Solution: Check that the URL configured in your AS2 software is <https://as2.orderful.com>


HTTP Error: 500

Error: 500 Internal Server Error

Cause: Orderful experienced a general server error.

Solution: Contact [email protected]


HTTP Error: 504

Error: 504 Gateway Timeout

Cause: There was an error in a network gateway, such as your firewall.

Solution: Check your firewall settings and logs for more information.


Outbound MDN Error: Asynchronous MDN

Example Disposition: The Orderful platform does not support asynchronous MDNs.

Cause: You requested an asynchronous MDN while sending your AS2 message.

Solution: Check your AS2 software and confirm that it is requesting a synchronous MDN.


Outbound MDN Error: Decryption Failed

Example Disposition: The message couldn't be decrypted and hasn't been processed by the receiver.

Cause: Orderful is unable to decrypt the AS2 message you sent. This may be because you encrypted the message using the wrong certificate, or are using an encryption algorithm Orderful is not able to decrypt.

Solution: Confirm that you have the correct Orderful certificate configured in your AS2 software. Also confirm that you are encrypting your message using one of the encryption algorithms Orderful supports: 3DES, AES128, AES192 or AES256


Outbound MDN Error: Integrity Check Failed

Example Disposition: The message was received, but could not be verified; the contents cannot be trusted to be the same contents that were sent.

Cause: Orderful could not successfully verify the signature for your AS2 message.

Solution: Confirm that you have the correct Orderful certificate configured in your AS2 software. Also confirm that you are calculating your MIC using one of the algorithms we support: SHA-1, SHA-256, SHA-384 or SHA-512


Outbound MDN Error: Missing Communication Channel

Example Disposition: No configuration using the AS2 IDs [TO ID] and [FROM ID] has been implemented.

Cause: Orderful is unable to find an Inbound AS2 Communication Channel

Solution: Confirm that you created an Inbound AS2 Communication Channel in Orderful and that your AS2 software is using the AS2-From and AS-To headers specified in your Outbound AS2 Communication Channel Details.


Outbound MDN Error: Missing Sender or Receiver

Example Disposition: Missing or empty AS2-To or AS2-From header.

Cause: Your AS2 message is missing one of the required headers.

Solution: Check that your AS2 software is configured correctly.


Outbound MDN Error: Sender Equals Receiver

Example Disposition: AS2-To is identical to AS2-From.

Cause: The value of the AS-To and the AS2-From are the same.

Solution: Check that your AS2 software is configured correctly.


Outbound MDN Error: Undergoing Maintenance

Example Disposition: Orderful is currently down for maintenance. We will be back up shortly.

Cause: The Orderful platform is down for maintenance.

Solution: Try your request again or contact [email protected]