Question

NicholasCyg on Fri, 30 Sep 2016 07:23:14


Does Azure Multi-Factor Authentication onprem Server User Portal works only on TLS 1.0? 

When I tried to disable tls 1.0 protocol on the server, user portal shows the following error:

Server Error in '/portal' Application.

An existing connection was forcibly closed by the remote host

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.            

Exception Details: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.                  

Stack Trace:
[SocketException (0x2746): An existing connection was forcibly closed by the remote host]
   System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) +249

[IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.]
   System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) +8422189
   System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) +57
   System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) +243
   System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) +470
   System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) +8553310
   System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) +230
   System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) +645
   System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) +9
   System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) +87
   System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) +1467
   System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) +84
   System.Net.ConnectStream.WriteHeaders(Boolean async) +816

[WebException: The underlying connection was closed: An unexpected error occurred on a send.]
   System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) +801829
   System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request) +10
   System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) +270
   pfup.pfwssdk.PfWsSdk.TestSecurity() +50
   pfup.login.Page_Load(Object sender, EventArgs e) +923
   System.Web.UI.Control.LoadRecursive() +71
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3178
                  


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34280

Thanks in Advanced!             

Sponsored



Replies

Neelesh Ray on Fri, 30 Sep 2016 13:42:57


Hello,

We are checking on the query and would get back to you soon on this.
I apologize for the inconvenience and appreciate your time and patience in this matter.

Regards,
Neelesh

shawnb_ms on Mon, 03 Oct 2016 18:28:54


There shouldn't be any problem using TLS 1.2 with User Portal. Our engineers believe this is more likely to be an IIS configuration issue than an issue with User Portal.  Are you able to get to the default page at the root of your website (such as iisstart.htm) using https?

If you are on Windows Server 2008, TLS 1.1 and 1.2 are not enabled by default.
https://forums.iis.net/t/1155254.aspx
http://tecadmin.net/enable-tls-on-windows-server-and-iis/#

NicholasCyg on Tue, 04 Oct 2016 09:45:44


Hi Shawn,

Yes we are able to access the iisstart.htm before & after TLS 1.0 is enabled.

With TLS 1.0 disabled and TLS 1.2 enabled.

We are still having error:

So back to our 1st question: Does Azure Multi-Factor Authentication onprem Server User Portal works only on TLS 1.0? 

Thanks in Advanced.

NicholasCyg on Fri, 07 Oct 2016 01:49:16


Hi Shawn, Any updates? Thanks in Advances.

JaspreetNZ on Sun, 06 Nov 2016 22:36:39


Hi,

We are having the same issue. Disabling TLS 1.0 protocol breaks the Azure MFA portal. All other services :Mobile webservices and web service sdk remain operational except User Portal.

Thanks,

Jaspreet

Ryan.c. _ on Thu, 17 Aug 2017 21:33:43


I was able to resolve this issue by forcing .net framework to use TLS 1.2.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

Add DWORD(32bit): SchUseStrongCrypto with value of 1

User portal now functional after disabling TLS 1.0 and 1.1