问题
I created a new server to move our Windows 2008 server to Windows 2012R2. I was publishing to the new server without issue for a few days and testing the site. I realized during the testing that SSL and TLS1.0 was still turned on for this server.
I found IIS Crypto and set the values to the Best Practices:
Like a dummy, I didn't print screen it before I changed it.
When I try to publish now, I am getting this message:
What I have tried so far, some of which were just out of habit: 1. Restarted visual studio 2. Restarted IIS 3. Restarted the host server 4. Disabled firewall and tested publish without it enabled 5. Checked the IIS logs, nothing shown there 6. Checked the event viewer, no messages there
This is the message that I am getting:
Error 2 Web deployment task failed. (Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?site=<site>'.)
This error indicates that you cannot connect to the server. Make sure the service URL is correct, firewall and network settings on this computer and on the server computer are configured properly, and the appropriate services have been started on the server.
Error details:
Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?<site>'.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host 0 0 SuburbanCustPortal
I tried to publish to http instead of https, I received the same message.
Where should I look next or does anyone have any ideas?
NOTE#1
I created a test.html file at the root and I can see the file via https and http to my site. The site is accessible, at least from the port 443 and 80.
回答1:
I found the answer here:
http://www.diaryofaninja.com/blog/2016/02/28/pci-compliant-web-deploy-getting-webdeploy-working-after-disabling-insecure-ciphers-like-ssl-30-and-tls-10
It turns out that after much stuffing around on my servers, the issue actually lies with the client doing the deploying.
The issue lies in .Net and it’s default settings for use of SSL.
By default .Net has a setting called “useStrongCrypto” that allows the client PC to use TLS 1.1 and higher.
To enable secure your local client PC to use TLS 1.1 and higher (or as Microsoft terms is “strong crypto”) you need to edit the following registry entries:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
I restarted visual studio and was able to publish.
来源:https://stackoverflow.com/questions/40048583/changed-ssl-tls-on-server-cannot-publish-via-visual-studio-now