Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
winhttp fails when try to send request with TLS from protected service on windows server 2016
74 views
Skip to first unread message
guffy....@gmail.com
Apr 6, 2018, 10:27:17 AM4/6/18
to
hi
we have protected our service with certificate in ELAM driver.
(service has LaunchProtected=3)
it used only on Windows 10 and on WinServer 2016 (we don't use it on win 8.1 and earlier OSes).
On Windows 10 x64 (as example on 1703-16299.309) all works perfect.
But on server 2016 x64 (1607-14393.2155) function WinHttpSendRequest fails with error 12175 ERROR_WINHTTP_SECURE_FAILURE
1. Same remote server, same URL for both cases.
2. If I set LaunchProtected=0 for the service on the 2016 server, then rebooted and then tried again - winhttp works well.
3. Simple console application which uses winhttp, launched from user session and tries to download same file - works well on this 2016 server.
So it looks like WinHttp+TLS is broken when use on 2016 serevr from protected service.
How can we solve or workaround this issue? Right now I see only way to don't use service protection on 2016 until this will be fixed.
we have protected our service with certificate in ELAM driver.
(service has LaunchProtected=3)
it used only on Windows 10 and on WinServer 2016 (we don't use it on win 8.1 and earlier OSes).
On Windows 10 x64 (as example on 1703-16299.309) all works perfect.
But on server 2016 x64 (1607-14393.2155) function WinHttpSendRequest fails with error 12175 ERROR_WINHTTP_SECURE_FAILURE
1. Same remote server, same URL for both cases.
2. If I set LaunchProtected=0 for the service on the 2016 server, then rebooted and then tried again - winhttp works well.
3. Simple console application which uses winhttp, launched from user session and tries to download same file - works well on this 2016 server.
So it looks like WinHttp+TLS is broken when use on 2016 serevr from protected service.
How can we solve or workaround this issue? Right now I see only way to don't use service protection on 2016 until this will be fixed.
0 new messages