I recently moved a .NET 2.0 web site from server 2008 to 2016 and ran into the below issue. This was on a security hardened server where certain ciphers and security protocols are disabled.

This site can’t be reached
The webpage at might be temporarily down or it may have moved permanently to a new web address.

It looks like starting from Win 10 and Server 2016 IIS introduced HTTP/2 which is more strict on the types of ciphers are used when browsers connect to it. If a browser does not support HTTP/2 it fails back to HTTP/1.1. The server

Disable HTTP/2 on Server level (create and set both keys to 0)

I was tempted to disable the HTTP/2 on the server itself but wanted the benefits of the new protocol and since its just a cipher issue, it was just a matter of figuring out which ciphers need to be turned on. The below will disable HTTP/2 and enable HTTP/1.1 on the IIS server itself.


Determining which cipher is causing the issue

I captured network traffic with Microsoft Network Monitor while getting the error and it looks like HTTP/2 does not like the below cipher.

I ended up installing IIS Crypto 2 and applied best practice and I was able to browse the site. This time around the below cipher was being used, so looks like HTTP/2 established a successful connection with the below cipher.

Disabling HTTP/2 in a web browser

You can disable this protocol in your browser and use HTTP/1.1

Run it with the below parameter
chrome.exe –disable-http2

Type about:config in the address bar
Click on I Accept The Risk
Search for network.http.spdy.enabled.http2
Change the value to False
Restart your browser

This entry was posted in Microsoft and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *