“无法创建SSL / TLS安全通道”:克隆如何工作?
[英]“Could not create SSL/TLS secure channel”: how can the clone work?
问题描述
We suddenly started seeing this " Could not create SSL/TLS secure channel " error. 
我们突然开始看到此“ 无法创建SSL / TLS安全通道 ”错误。
- Our website does a simple POST to another server to a HTTPS URL 我们的网站通过简单的POST到另一个服务器的HTTPS URL
- This suddenly stopped working 这突然停止工作
- Nothing has changed (Windows Updates, our updates, server settings) to cause suspicion. 没有任何变化(Windows Update,我们的更新,服务器设置)引起怀疑。 That we know of, or can remember. 我们知道或可以记住的。
- We can navigate to the posted URL just fine. 我们可以很好地导航到发布的URL。
We have other websites that also do this same POST to that same server and they continue to work. 我们还有其他网站也对同一台服务器执行相同的POST,并且它们继续工作。 Everything is using TLS 1.0 and the target server has not changed anything recently. 一切都使用TLS 1.0,并且目标服务器最近没有更改任何内容。 Nobody has turned off TLS 1.0 on either side. 没人都关闭了TLS 1.0。
This issue is discussed in many other stackoverflow postings, so to research systematically we made a clone of the website on the same server. 许多其他stackoverflow帖子中都讨论了此问题,因此为了系统地进行研究,我们在同一服务器上克隆了该网站。 Just copied its code (compiled code folders) and set up another virtual host in the same IIS. 只需复制其代码(已编译的代码文件夹)并在同一IIS中设置另一个虚拟主机。
The POST operation from the clone works! 克隆中的POST操作有效! Same server, same code, same IIS. 相同的服务器,相同的代码,相同的IIS。 So we can't even reproduce it on the exact same setup. 因此,我们甚至无法在完全相同的设置下重现它。 The copy is working but the original is throwing this error. 副本正在工作,但原始文件抛出此错误。
So finally the question: Does the fact that the copied website can POST successfully give anybody any insight into what may have happened? 那么最后一个问题是:复制的网站可以成功发布POST的事实是否使任何人对可能发生的事情有任何见解?
Could some IIS settings on the original site been changed? 可以更改原始站点上的某些IIS设置吗? The only thing different is they are two virtual hosts on the same server. 唯一不同的是它们是同一台服务器上的两个虚拟主机。
Windows Server 2012R2, IIS 8.5, ASP.NET/C#. Windows Server 2012R2,IIS 8.5,ASP.NET / C#。
1 个解决方案
解决方案1
0 2018-07-31 01:23:56
I found the solution here: https://social.technet.microsoft.com/Forums/en-US/9dfb4d09-8096-40c9-ac75-1e23f75417c9/frequent-event-id-36888-windows-schannel-errors-in-the-event-viewer?forum=W8ITProPreRel 我在这里找到了解决方案: https : //social.technet.microsoft.com/Forums/zh-CN/9dfb4d09-8096-40c9-ac75-1e23f75417c9/frequent-event-id-36888-windows-schannel-errors-in-在事件查看器?论坛= W8ITProPreRel
The causes can be many, apparently, even Windows updates. 原因可能很多,甚至是Windows更新。 Still seems odd that it would happen (consistently) on one website and not on its clone (also consistently). 仍然会(一致地)在一个网站上而不是在其克隆上(也是一致地)发生它似乎仍然很奇怪。
The specific steps to fix were: In Group Policy Editor (run: gpedit.msc), went to Computer Configuration > Administrative Templates > System > Distributed COM > Application Compatibility and enabled "allow local activation security check exemptions" 要修复的特定步骤是: 在组策略编辑器(运行:gpedit.msc)中,转到“计算机配置”>“管理模板”>“系统”>“分布式COM”>“应用程序兼容性”,并启用了“允许本地激活安全检查豁免”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.