TF400324:Team Foundation services are not available from server xxxx
Technical information (for administrator):
The request was aborted: Could not create SSL/TLS secure channel
Some of our developers are getting the error above whilst working with TFS but only after having Visual Studio open for about 5-10 minutes. We are currently working around this issue by closing and opening Visual Studio as it seems to be connecting fine just after openning.
Note that this is not all of our developers and all developers are on the latest version of visual studio version 15.9.1 and the TFS server is 2015.
Our tfs website where we manage our sprint boards is fine and the certificate is valid until 2020. We recently updated our certificate to a wildcard e.g. *.mywebsite.com.
What we have tried:
IIS Crypto 2.0 from Nartac Software to check Protocols/Ciphers on clients and servers
Clearing the TFS cache folders on the client machines
A complete fresh install of visual studio, sign in and connection to TFS
Regedit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319: SchUseStrongCrypto for both 32bit and 64 bit. Found here https://johnlouros.com/blog/enabling-strong-cryptography-for-all-dot-net-applications
Using a different microsoft login (also verified that mine works on other machines)
None of the above have solved the issue. What is puzzling me the most is that it works for a period of time before displaying the error, once the error has been displayed it seems that it never tries to reconnect to the TFS server so requires a fresh instance of visual studio before it attempts and successfully reconnects.
I found the answer here: https://developercommunity.visualstudio.com/content/problem/356394/tls-10-the-request-was-aborted-could-not-create-ss.html
The issue happens because VS 15.9 attempts to use system defaults for TLS handshake, but it is being to set to TLS1.2 somewhere within VS. While Microsoft works on a fix, you can work around this by setting this registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000000
This should force .net to use system defaults (rather than TLS 1.2) and that should help negotiate gracefully down to TLS 1.0 if the TFS server is set to support only TLS 1.0.
That worked for me for VS 15.9.3 just fine (needed to restart VS though).
Related
Since today for some reason I'm unable to connect to the NuGet package manager through Visual Studio.
[nuget.org] Unable to load the service index for source https://api.nuget.org/v3/index.json.
An error occurred while sending the request.
The underlying connection was closed: An unexpected error occurred on a send.
Authentication failed because the remote party has closed the transport stream.
But I cannot get it to work again...
Things I tried.
Delete NuGet.config
Clear NuGet cache
Disable TLS1.0 and TLS1.1 explicitly
Enabled TLS1.2 explicitly
followed the manual from nuget at https://devblogs.microsoft.com/nuget/deprecating-tls-1-0-and-1-1-on-nuget-org/
Different Visual Studios
Update to the latest Visual Studio 2019
Tried different TLS settings in the RegEdit for 1.0, 1.1 and 1.2. I don't have a TLS1.3 section yet.
I can browse to https://api.nuget.org/v3/index.json with chrome
TLS1.2 Client settings:
TLS1.2 Server settings:
Specs:
Windows Server 2012R2, Visual Studio 2019
Also tried it on a different Windows Server 2012R2 machine and same problem
It is still working on my laptop with Windows 10.
Hopefully someone has an idea.
Thanks
I had the same problem.
The solution was to install the microsoft/artifacts-credprovider as mentioned here
Invoke-Expression "& { $(irm https://aka.ms/install-artifacts-credprovider.ps1) } -AddNetfx"
Had exactly the same problem, running script from https://github.com/microsoft/azure-devops-tls12 and following instructions from it helped me.
In my case it generated additional script file, after running that and restaring pc nuget was working once again.
I just downloaded VS 2017 and installed it on Windows 10 Professional. Then, full of hope, I started a new web project with the Angular template. I hit <Run>, accepted to install the generated certificate that VS generates for everything to work, and suddenly Chrome said:
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
And now I'm sad and disappointed.
Everyone on internet says that it was fixed with the latest update of VS 2017, but it's not true because I have it totally updated (I just installed it an hour ago, downloaded from Microsoft web page).
I'm running (64bit all of them):
Visual Studio Professional 2017, 15.9.7
Windows 10 Pro, 1709, compilation 16299.402
Chrome 72.0.3626.119
Finally I solved the problem adding these two entries into the Windows Registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
“EnableHttp2Tls”=dword:00000000
“EnableHttp2Cleartext”=dword:00000000
I have found the solution here. It says:
There are a few reasons for this and the main one is that IIS in Windows Server 2016 turns on HTTP/2 by default and only falls back to the older HTTP/1.1 if the browser doesn’t support HTTP/2. While HTTP/2 is generally a good thing and most recent browser support it, it also has stricter requirements than HTTP/1.1 and the issue with these browser errors is that the Windows Server 2016 is trying to establish an HTTP/2 session with the browser but the server is configured with some weaker SSL Ciphers which aren’t supported by HTTP/2.
Hope it helps others.
I have an ASP.NET server running under VS2010 on my PC (Win7) on port 12345.
When I load localhost:12345 in Chrome, my default page loads perfectly.
But when I load 192.168.128.104:12345 (by my internal IP, not by localhost) I get "connection refused".
Exact same behavior when I try to access the server from another device on my intranet (in my case, a Raspberry Pi)
I realize that when I hit localhost that I'm just looping back in my adapter, thus the request never leaves my machine. So it would seem that the cause is due to the request leaving & re-entering my machine.
I've create custom Inbound & Outbound rules in my Windows Firewall to allow port 12345, but to no avail.
Any ideas would be appreciated.
I found the answer here:
Can I access ASP.NET Development server in an intranet?
which led me to this:
http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/UseFiddlerAsReverseProxy
As is so often the case, finding the answer is hugely dependent upon using the correct search terms. Here the critical keywords were "asp.net debug intranet"
The 'right way' here is to use IIS Express and you don't need fiddler to act as a reverse proxy. Its a hack that was used to work around using Cassini - a low budge web server that is outdated (and doesn't compare to IIS Express) and used with VS2010 prior to SP1.
In VS2010 SP1, IIS Express support was added. You can read about that here:
http://blogs.msdn.com/b/webdev/archive/2011/03/14/enabling-iis-express-support-in-vs-2010-sp1.aspx
IIS Express can handle this just fine - and Visual Studio 2010 integrates with it. Its not one or the other - you develop with Visual Studio and when you launch your app it launches it with 2010.
If you want something really easy, install Visual Studio 2015 Community Edition, use ASP.NET 5 (now called ASP.NET Core 1) and simply run it to self host via the play button looking drop down you are used to seeing in VS 2010- no web server required.
Again - being that its 2016 - what you cited is a very old way. If its a quick hack, I can understand that - but if you are looking for the best practice way going forward, use IIS Express (and ideally a newer version of Visual Studio - we have them for free in the 2013/2015 Community Editions)
Hope that helps!
I have a website that is hosted using IIS7 when deployed, but we are seeing strange behavior with a web service we use that requires a client certificate. So what I'd like to do is debug our website locally to step through the code and take a closer look at the issue.
The problem is that I cannot figure out how to have the website accept client certificates when I'm running it locally (debugging it). If I just run it locally and perform an operation on the website that uses my client cert, it is clearly not pulling it from the browser because I'm getting "m_safeCertContext is an invalid handle" errors.
Is there a way to have the website accept client certificates when running locally? I have IIS7 installed on the same machine that has Visual Studio 2010 Professional installed, and the OS is Windows 7.
Thanks.
I just got a new Windows 7 computer with VS 2012. My old box was Windows XP with VS 2010. I copied over my project and had VS2012 upgrade the project and get the following error when running the ASP.NET MVC 3 application:
[Win32Exception (0x80004005): The wait operation timed out]
[SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The wait operation timed out.)]
[ProviderIncompatibleException: The provider did not return a ProviderManifestToken string.]
[ProviderIncompatibleException: An error occurred while getting provider information from the database. This can be caused by Entity Framework using an incorrect connection string. Check the inner exceptions for details and ensure that the connection string is correct.]
That was the order of the messages. I am connecting through EntityFramework (code first). The connection string was working just fine in VS2010:
Data Source=xxx.xxx.xxx.xxx; User ID=xxxxxx; Password=xxxxxxxxx; Initial Catalog=xxxxxxxxx; MultipleActiveResultSets=true
I have been searching for hours with no real solution. The only one I haven't tried is to remove VS 2012 and .NET 4.5. That would be a problem since then I can't code. I have tried to remove .NET 4.5, but then VS2012 doesn't start. I have installed .NET 4.0.
I have installed (only listing software based on what I have see in searches):
VS 2012
Windows 7
SSMS 2010 (which was initially installed after VS 2012)
I have done a repair on VS2012 as well. I have not uninstalled and reinstalled it.
Any thoughts? I am going nuts here. Right now I have a quad-core pc that can remote desktop REALLY fast to my old clunker.
NOTE: My firewall is off. I have Symantec Endpoint Protection and this is connecting to a live SQL server, so I know it's running.
Amazingly, this worked:
netsh Winsock reset
See Can't connect to database after installing VS 11 Pro Beta