I m working on a project, which requires a website (Blazor server) and a Service to be hosted on the same IIS 10 on Windows Server 2022.
Both applications run under its own application pool identity.
The Website uses a gRPC generated client to connect to the service to retrieve data. The server host is accessible from the intranet and works serving the website or the service.
When I try to host my website from visual studio with IIS Express and connect to the hosted service on the IIS, everything works fine as well.
But as soon as I deploy the application and host it on the IIS i get the following error:
fail: Grpc.Net.Client.Internal.GrpcCall[6]
Error starting gRPC call.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
---> System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource<System.Int32>.GetResult(Int16 token)
at System.Net.Security.SslStream.<FillHandshakeBufferAsync>g__InternalFillHandshakeBufferAsync|189_0[TIOAdapter](TIOAdapter adap, ValueTask`1 task, Int32 minSize)
at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
We already tried a lot of stuff, as changing certificates, loading the cert on the client side beforehand and so on.
For testing purposes I tried to execute a simple GET on the service from the website on programm start, which throws the same exception. It seems, communication between two hosted .NET applications on the same IIS is just not possible under https.
I don't know which code exactly to provide here, since it's simple GET which does not even work. The gRPC does have a map on GET on '/', so it's working generally.
Please feel free to ask questions or request code or certain information if I missed something. Any help is appreciated!
I created my own VM with Windows Server 2022 Standard and hosted the Service and WebApplication on the same website using a valid certificate and bindings. And it worked just fine. I just had to use the IP Address for the Endpoints, since the machine could not resolve its own hostname. No need to adjust the hostfile, since the project will be hosted in a managed environment later on.
Seems the problem was, that the VM of the project I got to use, was restricted and managed by another IT.
If anyone comes accross the same problem, try hosting it in an environment you can trust.
To answer the questions in the comment sections: @YurongDai My service is using gRPC and hosted on IIS. The requirements are stated here: https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis Clear text - as mentioned above, IIS currently only supports HTTP/2 over TLS. Again, IIS will fall back to HTTP/1.1. I tested on your recommendation and the connection would be valid, if not for the IIS to fallback to http/1.1
Thanks for taking your time to help!