View Complete Thread
  • Re: IIS 10 briefly fails to load HTTPS page with TCP RST

    Jul 22, 2019 09:32 AM|cloudreign|LINK

    Hi,

    Some progress has been made on this issue.

    The Wireshark traces allowed to identify that the issue is occuring when falling back from HTTP/2 to HTTP/1.1.

    This fallback occurs because the Okta IWA Desktop SSO web app is using Windows authentication and as stated here in the IIS 10 documentation HTTP/2 is not supported when using Windows authentication.

    Thus I disabled HTTP/2 on the web server by setting the following registry value and rebooting the server:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]

    "EnableHttp2Tls"=dword:00000000

    After the reboot the issue was gone.

    It is an acceptable workaround since the IIS web server is only used for the Okta IWA Desktop SSO and it prevents all clients to fall back from HTTP/2 to HTTP/1.1.

    Okta has confirmed that at the time of this writing it is a supported configuration for them.

    However it is still a workaround and the root cause of the issue has not been identified yet.

    The case is still open with Microsoft and I will update this thread if additional insight is provided.