Sagepay after server move

1 year ago
Hello Everyone,

It's my first post here as I have inherited a nopCommerce system.
Due to a server failure, we have had to move a Nop site to a new box. Everything is working, except for the final checkout, where the system contacts Sagepay.

This is the message that comes up when trying to check out.

Your server was unable to register this transaction with Sage Pay. Check that you do not have a firewall restricting the POST and that your server can correctly resolve the address https://live.sagepay.com/gateway/service/vspserver-register.vsp.
The Status Number is: SendFailure
The Description given is: The underlying connection was closed: An unexpected error occurred on a send.

When I press next again, it says

Transaction Id does not exist or it is empty.

I have connected to the server and confirmed that the server can resolve that url, which it can no problem.

The system is NopCommerce 3.30

The Plugin it seems to be using is

SystemName: Payments.SagePayServer
Version: 1.10
SupportedVersions: 3.30
Author: Microlite Software

The system was rebuilt from a complete database backup and copy of the website that was in inetpub. I have gone through the nop admin warnings and cleared them all off.

One thing I have noticed is within the sagepay plugin, everything is completed, except for the Partner ID. Could this be the cause of it? Although I would have thought that if this was completed on the old dead server, its values would have been in the database along with all the other settings for sage pay.

I would be very grateful for any help.

Thanks
Andy
1 year ago
Hello Andy,

I have sent you a personal message here on nopCommerce. Please check your inbox.

Thank you,
Atul
1 year ago
I don't know Sage Pay, but have some experience with others (PayPal, Braintree, Stripe), I doubt they would allow you just to 'inherit' an online payment account.

Such an account has similar or even stricter financial, identification, taxing, allowable products policy, etc. rules than a traditional bank account has. You should definitely apply for your own with new authentication data.

And you also would not want your money to go to the old bank this Sage Pay account was used to be attached to.
1 year ago
Sorry, I meant I have inherited it as a project.

The server is just a replacement, it has the same IP address as the old one.
1 year ago
Oh I see, my bad. Once we did a webshop takeover, that was the reason I was thinking your case is about.

Your can test their API in the sandbox with toy-money with the access data shown here:
http://integrations.sagepay.co.uk/content/sandbox-testing

I suggest to try with these first, so you can find out what is missing. (only bad identification or some more general error)
1 year ago
I can think of a couple of possibilities:

1. If the external IP address of your server changed when you moved servers then you'll need to log in to your SagePay account and add the new IP address to the list of valid IPs: https://live.sagepay.com/mysagepay/settings.msp (if the external IP didn't change then it can't be that).

2. When did you first get the error? I ask because SagePay stopped support for TLS1.0 and TLS1.1 yesterday (13/6/2018). This is in response to the changing PCI DSS regulations but SagePay have gone a step further and are only allowing connections using TLS1.2.

If your plugin was written for nop version 3.3 it's very unlikely to be forcing a TLS1.2 connection. If you've got the source code for the plugin it can be patched. If you don't have the source code you should still be able to fix it by adding this line of code to the Application_Start() method of the global.asax file of the nop website:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

If you search the forum for servicepointmanager you'll find plenty of posts about this approach relating to various different payment plugins.

You'll also need to make sure you're running on a version of windows server that supports TLS1.2 and has it enabled. Windows Server 2012 or higher should be fine, 2008 R2 can be patched and enabled, 2008 can theoretically be patched and enabled (though having tried it without success, I ended up moving the site in question to a newer server).
1 year ago
Hi Pete,

Thank you very much for your post, it was very helpful to have a starting point of where to look.

The old server died on the 13th, so its very possible that this issue would have existed on the old setup, if Sage changed on the same day.

I have testing changing the global.asax in the early hours to see if it works. Fingers crossed, thats what it is. Although I have been testing with Wireshark today and it looks like when it talks to Sagepay that its using TLS 1.2 already.

However, in order to fully test it, I need to do it on the live server using the correct call back domain.
1 year ago
Hi all,

recently we have released SagePay plugin (server to server integration). The plugin supports direct payments, Capture, Void Order, Full Refund, Partial Refund and allows to save credit card details for further transactions. It's compatible with nopCommerce versions 3.6 - 4.1