6

I have a server installed with Windows Server 2019 and IIS 10. According to https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis all https sites should work using HTTP/2 out of the box.

However my site works in http/1.1 mode only. I checked with Chrome/Firefox and online tools like https://tools.keycdn.com/http2-test and the result is "HTTP/2 protocol is not supported. ALPN extension is not supported."

I checked the common reasons for http/1.1 fallback:

  • Windows authentication - this is disabled for my site
  • clear text - https is enabled on my site with a valid SSL certificate
  • Bandwidth throttling - not enabled on my site
  • registry settings for disabling HTTP/2 - not set

My web site uses ASP.NET, but simple html is also downloaded in HTTP/1.1.

Any idea what to examine next?

Plamen Ignatov
  • 612
  • 1
  • 7
  • 17
  • Did you test localhost according to Microsoft's article? – Lex Li Aug 09 '19 at 20:38
  • Yes, I did - it says HTTPS in the Protocol column (not HTTP/2) when I load https://localhost in IE – Plamen Ignatov Aug 12 '19 at 07:06
  • Review if HTTP/2 is enabled for IE https://stackoverflow.com/questions/36224270/why-do-i-need-to-change-ie-settings-to-enable-http-2-on-windows-10 – Lex Li Aug 12 '19 at 13:17
  • Yes, HTTP/2 is enabled on IE. Firefox (installed on server) also shows HTTP/1.1 – Plamen Ignatov Aug 12 '19 at 13:53
  • Then you need to go deep to the actual packets, https://new.blog.cloudflare.com/tools-for-debugging-testing-and-using-http-2/ – Lex Li Aug 12 '19 at 13:56
  • 1
    @PlamenIgnatov, have you ever managed to solve this problem? I've got a Win 2016 server with a valid SSL cert. It serves everything up via http1. The tool you linked says that http2 is supported on my site. I'm using the latest Chrome to diagnose it. Both client and server support http2. There are no settings to configure for this, so this problem is frustrating. It ought to work, but it doesn't. Why not? – Jay Nov 21 '19 at 21:11
  • 1
    I didn't find the problem. Tried packets sniffing, error logging - nothing worked. – Plamen Ignatov Nov 25 '19 at 08:14
  • 2
    Did you ever solve this? Just hoping - similar situation. – TampaCraig Oct 16 '20 at 13:23

2 Answers2

0

This is probably the answer you're all looking for:

Open your registry editor and navigate to:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

Make sure you have the following entries:

EnableHttp2Cleartext REG_DWORD    1
EnableHttp2Tls    REG_DWORD    1

Reboot.

Blong Yang
  • 11
  • 1
0

In my case I disabled TLS 1.0 and TLS 1.1 For this you have two options:

  1. Edit the registry keys
  2. Install IISCrypto and uncheck TLS 1.0 and TLS 1.1

Note: You need to reboot the server in order to apply the changes

Marius Zimta
  • 1
  • 1