服务器上的更改 SSL/TLS 现在无法通过 visual studio 发布
Changed SSL/TLS on server cannot publish via visual studio now
我创建了一个新服务器以将我们的 Windows 2008 服务器移动到 Windows 2012R2。几天来,我毫无问题地发布到新服务器并测试了该站点。我在测试期间意识到此服务器的 SSL 和 TLS1.0 仍处于打开状态。
我找到 IIS Crypto 并将值设置为最佳实践:
像假人一样,我在更改之前没有打印屏幕。
当我现在尝试发布时,我收到了这条消息:
到目前为止我已经尝试过,其中一些只是出于习惯:
1.重新启动visual studio
2.重启IIS
3.重启主机服务器
4.禁用防火墙并在未启用的情况下测试发布
5. 检查 IIS 日志,那里没有显示
6. 查看事件查看器,那里没有消息
这是我收到的消息:
Error 2 Web deployment task failed. (Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?site=<site>'.)
This error indicates that you cannot connect to the server. Make sure the service URL is correct, firewall and network settings on this computer and on the server computer are configured properly, and the appropriate services have been started on the server.
Error details:
Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?<site>'.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host 0 0 SuburbanCustPortal
我尝试发布到 http 而不是 https,我收到了同样的消息。
接下来我应该看哪里,或者有人有什么想法吗?
注意#1
我在根目录下创建了一个 test.html 文件,我可以通过 https 和 http 访问我的站点来查看该文件。该站点可以访问,至少可以从端口 443 和 80 访问。
我在这里找到了答案:
It turns out that after much stuffing around on my servers, the issue
actually lies with the client doing the deploying.
The issue lies in .Net and it’s default settings for use of SSL.
By default .Net has a setting called “useStrongCrypto” that allows the
client PC to use TLS 1.1 and higher.
To enable secure your local client PC to use TLS 1.1 and higher (or as
Microsoft terms is “strong crypto”) you need to edit the following
registry entries:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
我重新启动了 visual studio 并能够发布。
我创建了一个新服务器以将我们的 Windows 2008 服务器移动到 Windows 2012R2。几天来,我毫无问题地发布到新服务器并测试了该站点。我在测试期间意识到此服务器的 SSL 和 TLS1.0 仍处于打开状态。
我找到 IIS Crypto 并将值设置为最佳实践:
像假人一样,我在更改之前没有打印屏幕。
当我现在尝试发布时,我收到了这条消息:
到目前为止我已经尝试过,其中一些只是出于习惯: 1.重新启动visual studio 2.重启IIS 3.重启主机服务器 4.禁用防火墙并在未启用的情况下测试发布 5. 检查 IIS 日志,那里没有显示 6. 查看事件查看器,那里没有消息
这是我收到的消息:
Error 2 Web deployment task failed. (Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?site=<site>'.)
This error indicates that you cannot connect to the server. Make sure the service URL is correct, firewall and network settings on this computer and on the server computer are configured properly, and the appropriate services have been started on the server.
Error details:
Could not complete the request to remote agent URL 'https://<site>:8172/MsDeploy.axd?<site>'.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host 0 0 SuburbanCustPortal
我尝试发布到 http 而不是 https,我收到了同样的消息。
接下来我应该看哪里,或者有人有什么想法吗?
注意#1
我在根目录下创建了一个 test.html 文件,我可以通过 https 和 http 访问我的站点来查看该文件。该站点可以访问,至少可以从端口 443 和 80 访问。
我在这里找到了答案:
It turns out that after much stuffing around on my servers, the issue actually lies with the client doing the deploying.
The issue lies in .Net and it’s default settings for use of SSL.
By default .Net has a setting called “useStrongCrypto” that allows the client PC to use TLS 1.1 and higher.
To enable secure your local client PC to use TLS 1.1 and higher (or as Microsoft terms is “strong crypto”) you need to edit the following registry entries:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
我重新启动了 visual studio 并能够发布。