View Complete Thread
  • IIS 10 briefly fails to load HTTPS page with TCP RST

    Jul 10, 2019 09:35 AM|cloudreign|LINK

    Hi,

    I'm using IIS 10.0 on Windows Server 2016.

    A web site is published with both HTTP and HTTPS bindings, this web site is in fact the Okta IWA Desktop SSO agent.

    • The certificate used for HTTPS is an internal certificate generated with ADCS.
    • The site works as expected with both Internet Explorer 11 and Chrome 75 when browsing from a location with low latency towards the server.

    However when browsing from a location with higher latency (315 to 325ms) with Chrome and using HTTPS I briefly get an error page "This site can't be reached" and then I get the expected page.

    • When using Internet Explorer there is not issue.
    • When using Chrome with HTTP there is no issue.

    When the issue occurs the HTTP.sys logs show a ClientCancel error.

    I also captured network traffic with Wireshark while reproducing the issue and compared it to a trace from a low latency location.

    I noticed the following when the issue is occuring:

    • I see three TCP RST. One is sent by the client and two are sent by the server afterwards.
    • After the second TCP RST a HTTP_1_1_REQUIRED error is sent by the server

    Any idea on the possible cause of this behavior?