<{{Subtitle_Weight}} class="prominent-subhead {{Show_Subtitle}}"> {{Header_Subtitle}}

Error appears when accessing Management, Runtime or Designer on Chrome via http

~~repeating-content.html~~
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.

Issue

When trying to access Management, Runtime or Designer on Chrome via https, a "This site can't be reached" page is shown, with the following error: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

error screenshot

Symptoms

  • This is only affecting the https URL.
  • If you configure Designer or Runtime to use Windows Authentication instead of Forms Authentication in IIS Manager, opening Runtime/Management/Designer with the http URL will allow the user to access those pages.
  • On Firefox, you may get the following error instead: NS_ERROR_NET_INADEQUATE_SECURITY
  • On older versions of Microsoft Edge browser, the pages will load properly.

Troubleshooting Steps

This is not a K2 issue, but rather a security feature on newer versions of browsers.

On Windows Server 2016, HTTP/2 is automatically turned on in IIS. With web applications and browsers that support HTTP/2, IIS will start serving those applications via HTTP/2. HTTP/1.1 will be used as a fallback, in case the applications or browsers do not support HTTP/2. You can easily check which protocol is being used by performing a network trace using your browser's developers tool, on the page you are trying to open.

The image below is an example of a network trace recorded on Chrome. The Protocol column shows which protocol is being used. h2 represents HTTP/2, while http/1.1 represents HTTP/1.1.

chrome network trace

HTTP/2 has a stricter requirements as compared to HTTP/1.1. If your server has some weaker SSL Ciphers enabled which are not supported by HTTP/2, your browser will return an error message indicating inadequate transport security.

To resolve this, you have two options:

Disable Weak Cipher Suites

Download IIS Crypto GUI, then run it with administrator privileges on your server. Once the tool is launched, select "Cipher Suites", click on "Best Practices", then "Apply". Restart your machine after that, then check if you are still getting the same error.

iiscrypto

Please note the IIS Crypto is a third party tool from another vendor, and has no relation to K2. If you need assistance with this tool, please contact that vendor directly.

Disable HTTP/2 in IIS on Windows Server 2016

Disabling HTTP/2 will force IIS to serve the web applications on HTTP/1.1. This is NOT the recommended option as HTTP/2 is the more secure option over HTTP/1.1.

To disable HTTP/2, you need to add the following DWORD registry keys and set the values as shown below:

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

Key: EnableHttp2Tls
Value: 0

Key: EnableHttp2Cleartext
Value: 0

If you wish to re-enable HTTP/2 at a later time, either delete the two registry keys, or set their values to 1. Restart your server after making the changes for the changes to take effect.