Search code examples
asp.net-mvciis-10windows-server-2019

ASP.NET 4.7 on Server 2019 - HTTPS giving HTTP 503 - Service Unavailable (Works on Http)

We're trying to test our web apps on Server 2019 to see how they're going to work. We have our Team City deploy working, and now I'm trying to figure out what's going on with Server 2019.

Any page on https:// gives me the error:

HTTP 503

Source:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Service Unavailable</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Service Unavailable</h2>
<hr><p>HTTP Error 503. The service is unavailable.</p>
</BODY></HTML>

If I go to a page on Http:// it works.

There is nothing else going on with this.

The Application

The application is an ASP.NET 4.6 MVC app. It currently works on multiple servers from 2012 to 2016, and windows 10 w/o issues.

Setup:

  • Brand new AWS EC2 (Web App)
  • All ASP.NET Services for 4.7 have been installed.
  • SQL Server is installed on this EC2
  • List item
  • IIS is setup with correct app pools (and they're started)
  • Bindings are correct
  • I have given NEtwork Services and IIS USER full control over the /website/ folder
  • Binding Information: enter image description here

What I've done

  • gone through ~30 posts on HTTP 503 w/o any luck.
  • I added a test.html page to one of the applications. I still get a HTTP 503 with this.
  • verified the root SSL cert is installed correclty
  • installed intermediate ssl certs
  • Added a new user to the server, gave them "All" permissions and full control over /websites/, set them as the user in the App Pool (restarted app pool) and still a 503.
  • Quintuple checked the app pools to make sure they're started. They are started.
  • I do not see any errors in the Event Logs or /Server Roles/ Web Server (IIS) logs.
  • Running the command: netsh http show urlacl url=https://+:443/

I get both of these at times:

Reserved URL            : https://+:443/
Can't get security descriptor, Error: 87


    Reserved URL            : https://+:443/
    SDDL: O:NS

I'm at a loss as I have no other information as to why 503 is coming back. It's almost as if IIS isn't running, as it's not even able to server up a test.html page. I fully expect this to be something dead simple where I'll face palm for a week or something unique with Server 2019.

Solution

  • Root cause extracted from comments troubleshooting:

    In the event that IIS is serving an application on http but receiving 503 service unavailable for https AND it is confirmed that both http and https protocols are enabled, verify that the SSL port 443 is not reserved by the system.

    You may do this by running the following from command line:

    netsh http show urlacl url=https://+:443/

    If the output confirms that the URL is reserved then you have two options:

    1. Delete the reservation by running command 

      netsh http delete urlacl https://+:443/

    ***If reserved port must remain intact (Run cmd netstat -a -n -o | findstr 443 to find the PID running on the port and use process explorer to identity the process from the PID) then use option 2

    1. Re-provision your application to run on port 8443 (assuming that is not also shown in the reserved url list.

    ***Although you can use any port to run SSL, browsers automatically prefix 443 and 8443 with https. Applications using SSL comms on ports other than 443 and 8443 must take special care to redirect users to https as browser will not auto prefix. Also to note that it is common practice for some access points disable comms not coming over 80 or 443 so environmental factors may play into the usage of switching the port...ie do your due diligence for your users :)