Last post Jul 19, 2019 01:28 AM by bruce (sqlwork.com)
Jul 18, 2019 09:10 AM|jhadley80|LINK
We've recently updated some of our stacks to be hosted in .Net Core 2.2 in IIS 10 (10.0.1439.0) on Server 16 (fully patched).
We've run the same apps in .Net Core 2.2 hosted behind/in IIS 8.5 in Server 12 without any problems.
Since we've done the update we can no longer make outbound calls to https endpoints (e.g. to write logs to our log provider). So for example the following simple endpoint doesn't work we just receive a SocketException.
public async Task<IActionResult>
var result = await
Funny thing is if we run the app from the box directly from the CLI tools everything works.
We've can reliably recreate the problem on development machines.
When running in IIS using Network Monitor we can't see the TLS network traffic being generated.
We've tried both the In-Process and Out-Of-Process hosting models but the problem is the same in both, which leads me very much to think it's something to do with IIS.
Has anyone else come across this or got any ideas?
Jul 18, 2019 10:52 AM|Mikesdotnetting|LINK
which leads me very much to think it's something to do with IIS.
Jul 18, 2019 11:18 AM|PatriceSc|LINK
Giving enough details can always help for example it could be :
- "Exception of type System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions"
- "The exception that I am getting is a SocketException and it is saying the machine I am trying to connect to is actively refusing the connection"
- "System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted"
and likeky quite some more each pointing to their own root cause and some being hard if not impossible to guess.
Most often this is #2 ie being explicitely block by a firewall/proxy or maybe an antivirus...
My suggestion is often to just show ex.ToString() ie the full exception chain as well as the call stack.
Jul 19, 2019 01:28 AM|bruce (sqlwork.com)|LINK
mostly your new server is hardened and does not allow any outgoing http or https traffic. you should update the firewall rules.