This morning I was greeted with a proactive alarm email stating that we had over 100 messages in our BizTalk suspend queue. What an awesome way to start my Monday morning. Sure enough, the Biztalk admin tool showed the messages suspended out starting around midnight, which first made me think that maybe somebody made a change somewhere. If you couldn’t tell from the title, the error message in the Event Logs as well as the Admin tool was: “The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel” (this is on a HTTP send adapter by the way).

The first thing I did was attempt to browse to the destination URL in IE from the BizTalk server. Everything worked, no errors or warnings, but here is something intesting the cert was recently issued last week. Now why would it take a week to start seeing errors, unless it wasn’t installed until last night? Sure enough, heard from customer that maintains the destination server, and they updated their cert over the weekend. So why was BizTalk having problems, but IE wasn’t?

It appears, that BizTalk must do some sort of caching, either on the cert or the HTTP connection. I’m not exactly sure what it does, but after restarting the host process, everything work fine. All the messages were resumed without issue and we’ve had no more suspend out.