IIS 7 and Above
IIS 10 briefly fails to load HTTPS page with TCP RST
Re: IIS 10 briefly fails to load HTTPS page with TCP RST
Jul 22, 2019 09:32 AM|cloudreign|LINK
Some progress has been made on this issue.
The Wireshark traces allowed to identify that the issue is occuring when falling back from HTTP/2 to HTTP/1.1.
This fallback occurs because the Okta IWA Desktop SSO web app is using Windows authentication and as stated
here in the IIS 10 documentation HTTP/2 is not supported when using Windows authentication.
Thus I disabled HTTP/2 on the web server by setting the following registry value and rebooting the server:
After the reboot the issue was gone.
It is an acceptable workaround since the IIS web server is only used for the Okta IWA Desktop SSO and it prevents all clients to fall back from HTTP/2 to HTTP/1.1.
Okta has confirmed that at the time of this writing it is a supported configuration for them.
However it is still a workaround and the root cause of the issue has not been identified yet.
The case is still open with Microsoft and I will update this thread if additional insight is provided.