Windows: "The request was aborted: Could not create SSL/TLS secure channel"

I recently had a problem on an Office Web App Server (Windows Server 2012 R2). To show a document in Web View, it had to fetch it from another server via HTTPS. This failed.

The ULS log showed:

"The request was aborted: Could not create SSL/TLS secure channel"

When I used Internet Explorer from the Office Web App Server, I could connect to the other server via HTTPS no problem. So the certificate was not the problem, it was trusted on the Office Web App Server.

After hours of searching, I found that IIS (and with that .NET and also Powershell) uses different TLS settings than Internet Explorer.

I tried the PowerShell command

Invoke-WebRequest 'https://myserver.example.com'

and got the same error message. When I typed

[System.Net.ServicePointManager]::SecurityProtocol

I got this:

Ssl3, Tls

As these are outdated and vulnerable protocols, you have to enable those and add TLS 1.1 and 1.2

The easiest is to add the following Registry setting:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

SchUseStrongCrypto = 1 (Type = DWord)

If you start a new PowerShell session and use the command from above, you will see the new protocols:

Tls, Tls11, Tls12

I restarted IIS, and now Office Web App could access the other server via HTTPS.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *