TLS error when trying to connect to service

I have a strange problem. I have an external dll that I have not built myself so have no access to the source code that makes calls to a web service of some kind over https and uses a .pfx certificate to authenticate. It seems to use a normal WebRequest.Create call. It works fine on my dev machine but when I move it to a QA machine (Azure VM) it fails with the error,

The request was aborted: Could not create SSL/TLS secure channel.

And in the event log it’s,

A fatal error occurred while creating a TLS client credential. The internal error state is 10013

On the server (shared by lot’s of other sites) I have checked the registry settings for

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server

And 1.2 is enabled but all other protocols are disabled and no special settings under,

HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319

Now the fun part is that I have made a small console app that does the same thing as the website and it works fine on the server when I run it AND if I change the application pool user from the specified user to my own user that I use to connect to the server the web site also runs fine. I have not made any registry changes and I’m happy to try to get the hosting team to make the changes and try but first I want to try to understand how the application can work with one user but not with the other user if it’s registry settings that are not user specific. Or if there can be another explanation for the issue.

EDIT: We run .NET Framework 4.7.2, both for the web site and the test console app.

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

After lots of Googling we finally found a solution here, https://www.windowstechupdates.com/solved-the-request-was-aborted-could-not-create-ssl-tls-secure-channel/. All that was needed was to change the setting Load User Profile on the application pool from False to True. The default value is True but for some reason it is set to False in our hosting environment.

More info here also What exactly happens when I set LoadUserProfile of IIS pool?


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x