We have a list of web services & wcf project [Sslprotocols.TLS12 as hardcoded] configured with selfsigned certificates, which will be deployed in IIS & able to access the webservices successfully on the other windows server i.e windows server 2016, 2012, etc...
But on Windows Server 2022 [v21H2 OS build 20348.230] with IIS [v10.0.20348.1], we get 403.7 forbidden with access denied error when access the URL via IE on windows server.
and
the exceptions are when access "https://localhost:8083/adminservice/admin.svc" via httpclient,
Dec-15-2021 02:10:33.002 UTC [EXCEPTION] One or more errors occurred.
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at Common.HttpClientInstance.GetWithClientCert(String uri, HttpContent content, String& getResponse, String ClientCertThumbprint)
Dec-15-2021 02:10:33.002 UTC [EXCEPTION] InnerException : System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at System.Net.PooledStream.EndRead(IAsyncResult asyncResult)
at System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
As the MSDN states that TLS1.3 enabled by default, but the server should be compatible with the older versions if the client requests TLS1.2. Also, there is no registry key for Protocols [TLS1.2, TLS 1.3] when checked the registry keys under SCHANNEL.
And added TLS1.2 registry key [client/server] manually & able to access the URL with HTTPS successfully & & **wondering why getting this error when access "https://localhost:8083/adminservice/admin.svc" [without having TLS1.2 enabled registry key] **
Could you please provide suggestions or solutions? or How to debug to find the exact cause? [verified with failed request tracing and checked client certificate installed in personal store and root CA in trusted stores.]
0 Answers