ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY Server 2016/Exchange 2016

Over the weekend I’ve been installing Microsoft Server 2016 with Exchange 2016 on top. Once my SSL certificates were loaded, I got the following error when accessing OWA

ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

I’ve seen this before on Apache. However, I was amused that this was an issue with Server 2016 since I thought that Microsoft would have disabled the Cipher suites used which cause this error. Apparently not.

A brute-force way to quickly fix this is to disable SPDY. To do this, open up the following registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Http\Paramaters

Add the following two dword keys

EnableHttp2Cleartext 0
EnableHttp2Tls 0

It should look like the following

vmware_2016-10-30_17-00-25

You can likely disable your offending cipher suites by following these guidelines.

Update 1: I solved my issue by disabling SHA and MD5 hashes on the Exchange server using IISCrypto. See below:

IIS Crypto

IIS6 Connections_Refused

I just had a call from a customer who said their IIS service is no longer accepting HTTP connections. They though this might be related to network settings.

Upon logging in to the system, I looked at various services that might be listening on port 80 using:

netstat -aon | findstr 80

You will get something similar to the following:

TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4

This is the system process with id 4 listening on port 80. This is normally IIS.

Once I was certain IIS was actually working, I decided to go and have a look at the IIS log files. On Windows 2003 you will find these under C:WINDOWSsystem32LogFiles

Looking in the HTTPErr folder, I found the following logged items:

#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2014-07-12 22:35:05 - - - - - - - - - 6_Connections_Refused -
2014-07-12 22:35:10 - - - - - - - - - 1_Connections_Refused -
2014-07-12 22:35:25 - - - - - - - - - 1_Connections_Refused -
2014-07-12 22:35:40 - - - - - - - - - 1_Connections_Refused -
2014-07-12 22:36:10 - - - - - - - - - 1_Connections_Refused -

A list of IIS errors can be found here. Within this page, you will find the error for connection refused.

The kernel NonPagedPool memory has dropped below 20MB and http.sys has stopped receiving new connections

Now we are getting somewhere.

This is caused by the system running out of available NPP memory. A good article can be found here.

I recommend turning on aggressive memory in order to fix this issue. The article for this can be found here.