Skip to content

Category: IIS

IIS Crypto and Azure DevOps Agent SSL Issue

Ran across a problem all of a sudden with Azure DevOps agents giving me an SSL connection error. This seemed to be only affecting Windows 2012 R2 servers.

AgentServer] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.

You’ll have to make sure to enable or re-enable the following ciphers by going into the Cipher Suites in IIS Crypto. This works even if you use the “Best Practices” or “PCI 3.2” template.

Also, enabling the “Server Defaults” template works as well because it re-enables those ciphers.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

I found some information about this issue here: Azure DevOps Agent installed on Windows Server 2012 R2 unable to TLS1.2 handshake with Azure Devops Agent Server https://developercommunity.visualstudio.com/t/azure-devops-agent-installed-on-windows-server-201/1651426

IIS Crypto can be found here: https://www.nartac.com/Products/IISCrypto

Leave a Comment

Custom Redirect for an HTTP 400 Bad Request in IIS

Had an issue redirecting 400 errors using httpErrors. Seems like you need to pass in existingResponse=”Replace” for it to work.

For more information : https://docs.microsoft.com/en-us/previous-versions/iis/settings-schema/ms690497(v=vs.90)

<httpErrors errorMode="DetailedLocalOnly" existingResponse="Replace">
            <remove statusCode="400" subStatusCode="-1" />
            <remove statusCode="404" subStatusCode="-1" />
            <error statusCode="400" prefixLanguageFilePath="" path="https://somewhere/400.html" responseMode="Redirect" />
            <error statusCode="404" prefixLanguageFilePath="" path="https://somewhere/404.html" responseMode="Redirect" />
</httpErrors>
Leave a Comment

.NET and TLS

  • Before .NET 4.6 – TLS 1.1 is default and negotiations start down
  • .NET 4.6 – TLS 1.2 is default and negotiations start down
  • .NET 4.7 – the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator.
Leave a Comment

WordPress Error – The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

WordPress was installed on a windows machine and recently started getting this error. Seems that the web.config was modified.

To fix the error above I updated the web.config to look like this and it fixed the problem.

<configuration>
<system.webServer>
    <rewrite>
      <rules>
        <rule name="Main Rule" stopProcessing="true">
                <match url=".*" />
                <conditions logicalGrouping="MatchAll">
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                </conditions>
                <action type="Rewrite" url="/" />
            </rule>
        </rules>
    </rewrite>
</system.webServer>
</configuration>
Leave a Comment

WordPress – Time To First Byte Slow – IIS

I had a problem with a WordPress website that I recently moved to a new server running PHP 5.4 and IIS. I found that the fix to my problem was in the wp-config.php file. I had to change the hostname of the MySQL db from localhost to 127.0.0.1. Maybe this is an issue with IPv6 being enabled on the server. I’ll try and look at that later.

From…

/** MySQL hostname */
define('DB_HOST', 'localhost');

To…

/** MySQL hostname */
define('DB_HOST', '127.0.0.1');

 

Leave a Comment