Simple internal HTTP GET request failing due to SocketException: An existing connection was forcibly closed by the remote host

I have a simple health check system that sends a simple HTTP GET request to an internal URL, which is an MVC web app that requires authentication. For example, if you send a get request to https:///MyMvcApp, the app would redirect you to https:///MyMvcAppAuth.

private static void UsingHttpGetRequest(string uri, Action<HttpWebResponse> action)  {      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;      HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);      request.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;        ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback      (          delegate { return true; }      );        Log("Sending the HTTP Get request...");      using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())      {          Log($"Got a response! Status: {response.StatusCode}");          action(response);      }  }  

I have two servers in my farm. When this code runs on one of the servers, it works fine, but the other one has this problem:

Exception: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

• I have Compared IIS configuration settings between the servers and found no significant difference.
• I have compared the registry keys and discovered that both servers don't have the registry key "SchUseStrongCrypto", but TLS 1.2 is definitely enabled on both servers.
• Verifed that both have .NET v4.0.30319 installed.

The more I think about this, the more I reach the conclusion that the F5 load balancer is rejecting the 302 redirect from a request that was originated in one of the servers in the farm. What do you guys think? Potential firewall/misconfiguration issue on the load balancer that rejects these requests?

https://stackoverflow.com/questions/65834875/simple-internal-http-get-request-failing-due-to-socketexception-an-existing-con January 22, 2021 at 03:56AM