Join Log in
Score:0
avatar Server

SSL authentication failed with 403.7 on windows server 2022

in flag
saravana

We have a list of web services & wcf project [Sslprotocols.TLS12 as hardcoded] configured with selfsigned certificates, which will be deployed in IIS & able to access the webservices successfully on the other windows server i.e windows server 2016, 2012, etc...

But on Windows Server 2022 [v21H2 OS build 20348.230] with IIS [v10.0.20348.1], we get 403.7 forbidden with access denied error when access the URL via IE on windows server.

and

the exceptions are when access "https://localhost:8083/adminservice/admin.svc" via httpclient,

Dec-15-2021 02:10:33.002 UTC  [EXCEPTION]     One or more errors occurred. 
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at System.Threading.Tasks.Task.Wait()
   at Common.HttpClientInstance.GetWithClientCert(String uri, HttpContent content, String& getResponse, String ClientCertThumbprint)
Dec-15-2021 02:10:33.002 UTC  [EXCEPTION]     InnerException : System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
   at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
   --- End of inner exception stack trace ---
   at System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
   at System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
   at System.Net.PooledStream.EndRead(IAsyncResult asyncResult)
   at System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---

As the MSDN states that TLS1.3 enabled by default, but the server should be compatible with the older versions if the client requests TLS1.2. Also, there is no registry key for Protocols [TLS1.2, TLS 1.3] when checked the registry keys under SCHANNEL.

And added TLS1.2 registry key [client/server] manually & able to access the URL with HTTPS successfully & & **wondering why getting this error when access "https://localhost:8083/adminservice/admin.svc" [without having TLS1.2 enabled registry key] **

Could you please provide suggestions or solutions? or How to debug to find the exact cause? [verified with failed request tracing and checked client certificate installed in personal store and root CA in trusted stores.]

65
0 + 0
iis
ssl
Lex Li avatar
vn flag
Lex Li
System.NET tracing might tell you more on what's wrong, https://docs.microsoft.com/en-us/dotnet/framework/network-programming/how-to-configure-network-tracing
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.