Closed Bug 1349994 Opened 7 years ago Closed 7 years ago

Secure Connection Failed error accessing SSRS 2016 site

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1346392

People

(Reporter: davidtg, Unassigned)

Details

(Keywords: regression)

Attachments

(2 files)

FF.1349994.pcapng.zip
1.71 MB, application/x-zip-compressed
Details
FF.64bit.clientside.HTTPS.NTLMv2.zip
8.20 MB, application/x-zip-compressed
Details 
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce:

Using FF 52.0.1 (32 & 64bit Windows versions and tried beta release 53.0b5) we can't successfully load MS SQL Server Reporting Services (SSRS) 2016 sites over https. Sites (two separate ones tested) will load successfully over http in FF. 

Using older version FF 51.0.1 the sites do successfully load over https/http plus sites load fine in other browsers (Chrome, IE). Sites in question are running on Windows Server 2016 fully patched SSRS 2016 with InCommon SSL cert and Windows Authentication (ntlmv2). 


Actual results:

Accessing the site over https I'm correctly prompted for Windows Auth login and after submitting creds FF returns error "Secure Connection Failed - The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

SSRS doesn't log any error.


Expected results:

Site should load normally.
Component: Untriaged → Security: PSM
Keywords: regression
Product: Firefox → Core
Can you attach a packet trace of a successful connection as well as an unsuccessful connection? That will help us narrow down what's going on here.
Flags: needinfo?(davidtg)
Attached file FF.1349994.pcapng.zip 
Wireshark capture from failed Firefox connection attempt and successfully via Chrome
Flags: needinfo?(davidtg)
Thanks. The interesting thing is, the Firefox packet trace doesn't have any kind of reset/close/fin/etc. in it. Is it possible that packet trace got truncated? In any case, this seems more like a networking issue.
Component: Security: PSM → Networking
Hi - The first set of captures updated are server-side, I've uploaded a new set from client-side. Successfully connected with FF 51.0.1 and failed with FF 52.0.2 (both 64bit). Not sure its more helpful or would reveal more but before 52.x FF worked for this site/authentication.

I can reproduce on two different servers (one physical and one VM) though they are within the same data center. It does appear that something is happening with the Windows Authentication + SSL that breaks the connection ("Secure Connection Failed"). 

Server-side the Windows Event Log Security doesn't show the login attempt which it normally would if the communication got that far. Note that if I connect over http (non-ssl) the Windows Authentication does complete successfully in v52.0.2. Not really acceptable though as for production its https only.

Appreciate your help in trying to get this fixed.
This is probably bug 1346392.
@Troy Starr - yes its the same issue.

Sharepoint and SSRS are behaving identically with Windows Auth (NTLMv2) over https with FF. Thank you for all your hard work on tbshooting efforts and persistence with the Mozilla team! If I can provide any assistance let me know.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: