Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Unable to connect to the webserver via https [Answered]RSS

10 replies

Last post Oct 26, 2020 03:20 AM by Brucz

  • Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Unable...

    Oct 14, 2020 07:21 PM|paulmac|LINK

    I am unable to connect to the webserver via https. I receive a not secure warning. I have renewed the certificate (it was due in 2 weeks anyway) and I have binded it to the site, stopped and started the IIS and can see its all running 

    This site has been running fine for years, any help is appreciated.

    The event viewer shows the following

    Log Name: System
    Source: Schannel
    Date: 14/10/2020 17:27:07
    Event ID: 36887
    Task Category: None
    Level: Error
    Keywords:
    User: SYSTEM
    Computer: 2012Web1
    Description:
    A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">;
    <System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36887</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2020-10-14T16:27:07.076665500Z" />
    <EventRecordID>248877</EventRecordID>
    <Correlation />
    <Execution ProcessID="592" ThreadID="2240" />
    <Channel>System</Channel>
    <Computer>2012Web1</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData>
    <Data Name="AlertDesc">46</Data>
    </EventData>
    </Event>

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 15, 2020 02:17 AM|Brucz|LINK

    Hi paulmac,

    How do you renew the certificate and whether there is an exchange server in the server you are using? I found that many users who encountered this problem almost all used the exchange server, so I suspect it is related.

    You can try to replace the certificate, create a new certificate or use the IIS default certificate to see if you still encounter the same problem.

    Best regards,

    Brucz

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 15, 2020 08:00 AM|paulmac|LINK

    Thanks for replying Brucz. No their is no exchange server. its a simple windows 2012 server running IIS 8.

    Like I said, the old certificate became invalid 2 weeks early, I thought to troubleshoot it but then decided to just renew it instead.

    I downloaded the SSL cert from my provider, saved it as a .p7b file, then completed the csr registration in inetmgr which asked for this file. I bound the certificate to the site and then stopped and restarted iis.

    I seem to recall the process was more complex last year, ie i downloaded  a CAbundle and created a pfx file from it using openssl which i then installed into IIS. 

    Can you explain why the process is different ? (for some reason my processs has changed every year for the past 5 years, so I can never standardise or write down the steps)

     

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 16, 2020 09:19 AM|Brucz|LINK

    Hi paulmac,

    The renewal steps of the certificate are generally operated according to the provider's guidance. You should consult the CA provider why the previous renewal steps are different, and IIS is only responsible for using the certificate to verify with the client.

    Best regards,

    Brucz

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 16, 2020 10:39 AM|paulmac|LINK

    https://www.whynopadlock.com was great at informing me the problem didnt lie with the  new certificate installation. The problem was with the redirect.  After installing the iis redirect module and trying a hundred and one other things. I eventually got in touch with the website designers who informed me there needed to be some additional settings set to true in web.config.

    I do not know how these settings had been set to false, the website hasnt been touched all year.

    <add key="FullSSLWebsite" value="true"/>

     

    <httpCookies requireSSL="true"/>

     

    <forms name=".TBSFormsAuth" loginUrl="~/Secure/User/Login" timeout="60" defaultUrl="~/" cookieless="UseCookies" requireSSL="true"/>

     

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 21, 2020 02:20 AM|Brucz|LINK

    Hi paulmac,

    If there is a redirection problem in iis, the best solution is to use failed request tracking to view the problematic part of the redirection process.

    paulmac

    <httpCookies requireSSL="true"/>

     

    <forms name=".TBSFormsAuth" loginUrl="~/Secure/User/Login" timeout="60" defaultUrl="~/" cookieless="UseCookies" requireSSL="true"/>

    These two parts need to be configured at the same time, so that you can set the Secure flag on Session Cookie, so that it will only be transmitted over HTTPS and never over plain HTTP. If not set, the default is to use http transmission.

    Best regards,

    Brucz

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 22, 2020 12:36 PM|samjohn|LINK

    I am unable to connect to the webserver via https. I receive a not secure warning.I have been getting this same error for the past few days on this website " http://www.bestmattressforback.com/ ". Any help from your side is appreciated.

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 22, 2020 01:04 PM|paulmac|LINK

    Thanks Brucz

    I fixed it by changing those 3 settings in web.config to TRUE. 

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 22, 2020 01:09 PM|paulmac|LINK

    Hi Samjohn

    I put entered your website ttp://www.bestmattressforback.com/ into the test at https://www.whynopadlock.com/ and its shows that whilst you also have a valid certificate your https redirect is not working. 

    you fix this either in your web.config (if windows server)like I did, .htconfig file (if linux) or by checking you have got an REDIRECT module installed. See Bruczs replies also 

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 26, 2020 03:17 AM|Brucz|LINK

    Hi paulmac,

     I am glad that your problem has been resolved.

    paulmac

    I do not know how these settings had been set to false, the website hasnt been touched all year.

    <add key="FullSSLWebsite" value="true"/>

     

    <httpCookies requireSSL="true"/>

     

    <forms name=".TBSFormsAuth" loginUrl="~/Secure/User/Login" timeout="60" defaultUrl="~/" cookieless="UseCookies" requireSSL="true"/>

    I suggest you mark it as answer so that it can help others with same issue.

    Best regards,

    Brucz

  • Re: Windows 2012 internet information server tls protocol defined fatal alert code is 46. I am Un...

    Oct 26, 2020 03:20 AM|Brucz|LINK

    Hi samjohn,

    If you follow paulmac's method and your problem is still not resolved, you can create a new thread and describe the problem in detail so that more people will help you.

    Best regards,

    Brucz