Thursday, 29 September 2016

IIS remote managment and TLS restrictions

Recently I came across a strange problem with IIS remote management and TLS/SSL protocol restriction.

I was setting up some IIS servers for use with Microsoft Azure MFA and thus after the basic setup was done I looked to hardening the web interface (well it is for an authentication system) so I turned off all the SSL protocols and also TLS1.0 as they have known vulnerability.

That done I moved on to other tasks and never tried to access the systems via IIS remote manager, until a few days back, when I wanted to check some settings on the MFA webSDK web app I had just added to the systems (note the servers run 2008R2 core thus have no GUI IIS manager on them).

As you can imagine I was some what perplexed that the IIS remote manager would not connect. RDP, powershell, remote mmc connections all worked so why did IIS manager not ?

After quite a lot of searching and getting the correct search terms in line, I found this forum thread.

http://forums.iis.net/t/1230207.aspx?IIS+8+5+Management+Services+and+disabling+TLS+1+0
and it turns out that disabling TLS1.0 breaks IIS remote management, so if you ever get a message like
The underlying connection was closed: An unexpected error occurred
then it may be an idea to check what TLS options are enabled on the server you are trying to connect to.