0

We have a website hosted in the IIS 10 in the Windows Server 2016. It was working normally until today. All of a sudden it stopped working

When trying to browse the site in the IIS via the 'Manage Websites' section, we get the message on the browser that the site can't be displayed

enter image description here

When I try to change http to https I get a different message

enter image description here

When I check the event viewer, in the System Logs section I get a different message

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

enter image description here

I looked all over Google, I made sure that all instances of TLS are checked, all permissions are issued to the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder, I checked all the registries and made sure all the proper TLS properties are there.

No matter what I do that error is not going away, and I am unable to view any site hosted in the IIS

Can some one suggest any solution? Thank you in advance

James
  • 1,081
  • 4
  • 15
  • 34
  • Use a tool like OpenSSL to test TLS connectivity, https://docs.pingidentity.com/bundle/solution-guides/page/iqs1569423823079.html and then make sure you use a modern web browser that supports the proper cypher suites. – Lex Li Dec 06 '22 at 03:47
  • The connectivity fails in any browser. I don't think that has anything to do with the browser – James Dec 06 '22 at 05:44
  • Then what did OpenSSL prints out? At least, that's where you can get started. – Lex Li Dec 06 '22 at 06:12
  • @LexLi I can't use the third party tool on this server – James Dec 06 '22 at 13:31
  • Then it is up to you to decide what's next. Either you get approval to use a high reputation tool like OpenSSL to troubleshoot, or you write your own. I don't see any other approach can help much. – Lex Li Dec 06 '22 at 19:52

2 Answers2

0

The reason behind the issue is on your machine TLS 1.2 is not enabled.

You can try below steps to slove this issue:

  1. open the registry editor.

  2. go to the below section:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2

set below value to the particular section:

client:

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

Server:

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

  1. restart your machine after editing registry key values.

More information you can refer to this link: https://stackoverflow.com/a/53635769/13336642.

samwu
  • 3,857
  • 3
  • 11
  • 25
  • I saw that article and tried that solution from the very start. It didn't help at all. Should I try to update the properties in TLS 1.3? – James Dec 07 '22 at 12:54
  • According to the error message, it is not a problem with TLS1.3, I suggest you open a case via: https://support.microsoft.com. – samwu Dec 09 '22 at 10:01
0

Found the solution. It turns out I had to assign correct certificates in the binding section for the https (443 port)

enter image description here

James
  • 1,081
  • 4
  • 15
  • 34