Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
670 views
in Technique[技术] by (71.8m points)

iis - Changed SSL/TLS on server cannot publish via visual studio now

I created a new server to move our Windows 2008 server to Windows 2012R2. I was publishing to the new server without issue for a few days and testing the site. I realized during the testing that SSL and TLS1.0 was still turned on for this server.

I found IIS Crypto and set the values to the Best Practices:

enter image description here

Like a dummy, I didn't print screen it before I changed it.

When I try to publish now, I am getting this message:

enter image description here

What I have tried so far, some of which were just out of habit: 1. Restarted visual studio 2. Restarted IIS 3. Restarted the host server 4. Disabled firewall and tested publish without it enabled 5. Checked the IIS logs, nothing shown there 6. Checked the event viewer, no messages there

This is the message that I am getting:

Error   2   Web deployment task failed. (Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?site=<site>'.)
This error indicates that you cannot connect to the server. Make sure the service URL is correct, firewall and network settings on this computer and on the server computer are configured properly, and the appropriate services have been started on the server.
Error details:
Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?<site>'.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host       0   0   SuburbanCustPortal

I tried to publish to http instead of https, I received the same message.

Where should I look next or does anyone have any ideas?

NOTE#1

I created a test.html file at the root and I can see the file via https and http to my site. The site is accessible, at least from the port 443 and 80.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I found the answer here:

http://www.diaryofaninja.com/blog/2016/02/28/pci-compliant-web-deploy-getting-webdeploy-working-after-disabling-insecure-ciphers-like-ssl-30-and-tls-10

It turns out that after much stuffing around on my servers, the issue actually lies with the client doing the deploying.

The issue lies in .Net and it’s default settings for use of SSL.

By default .Net has a setting called “useStrongCrypto” that allows the client PC to use TLS 1.1 and higher.

To enable secure your local client PC to use TLS 1.1 and higher (or as Microsoft terms is “strong crypto”) you need to edit the following registry entries:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319]
"SchUseStrongCrypto"=dword:00000001

I restarted visual studio and was able to publish.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...