port135.com

Root Cause Analysis for CryptographicException (The data is invalid) error

When a cookie is empty and corrupt, users may run into intermittent access issues to your website. IIS may record CryptographicException (The data is invalid) error to Event Viewer for this issue. Since the issue is intermittent, there may not be a need for immediate solution. However, a root cause analysis can provide valuable information and clues to prevent future occurrences.

Here is the key part of the error message from the Application container in Event Viewer:

Event code: 3005
Event message: An unhandled exception has occurred.
Trust level: Full
Process name: w3wp.exe
Exception type: CryptographicException
Exception message: The data is invalid.
at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)

CryptographicException (The data is invalid) error in Event Viewer

Solved: HTTP status 413 (Request Entity Too Large)

Many web applications have pages for users to upload files. Whether or not it’s a PDF document or image file, IIS has a limit for the size of the content users can upload. If the file size exceeds this limit, the application throws “Error in HTTP request, received HTTP status 413 (Request Entity Too Large)” error.

The default upload size in IIS is 49 KB (49152 bytes). The application logs the error message below if user tries to upload a file that is bigger than the default upload size.

Error in HTTP request, received HTTP status 413 (Request Entity Too Large)

You may ask why this issue occurs for sites protected by SSL. It is because the request body must be preloaded during the SSL handshake process.

HTTP/2 SETTINGS frame bug and related registry keys

HTTP/2 protocol improves the performance and security of today’s digital world. It consists of several frames to carry requests between clients and servers. One of these frames is SETTINGS frame which may be used by attackers to increase CPU usage to 100% in IIS and eventually make the server unresponsive (Denial of Service – DoS).

In this post, we will discuss the root cause and the solution for this bug.

What is HTTP/2 SETTINGS frame?

It is part of the HTTP/2 request which contains 6 parameters to manage communication between peers. Here is how IETF HTTP Working Group explains the usage of this frame:

The SETTINGS frame (type=0x4) conveys configuration parameters that affect how endpoints communicate, such as preferences and constraints on peer behavior. The SETTINGS frame is also used to acknowledge the receipt of those parameters.
SETTINGS in Hypertext Transfer Protocol Version 2 (HTTP/2)

HTTP/2 SETTINGS frame (*Source: IETF HTTP Working Group*)

High CPU load in IIS web server caused by HttpClient

Mixed Content: The page was loaded over HTTPS, but requested an insecure font

Secure websites transfer the data in an encrypted format. This ensures that an attacker who sniffs the packages from the network cannot read the data. Securing your website by using an SSL certificate is the first step towards the right direction. Browsers take this approach to the next level by making sure that all resources use HTTPS. This is where you may come across this error: “Mixed Content: The page was loaded over HTTPS, but requested an insecure font“.

This error doesn’t show up to the end users right away. It stays in the “Console” tab of your browser’s “Developer Tools” window. The website shows different symptoms when this error occurs in the background.

Symptoms of Mixed Content (Insecure Font) Issue

When there is a “Mixed Content (Insecure Font)” issue:

Your website may not use the font you selected
Some icons may not appear
There might be CSS adjustment issues

In order to figure out the underlying issue, turn on “Developer Tools” and visit the website again. The “Console” tab should give the detailed error message:

Mixed Content: The page at ” was loaded over HTTPS, but requested an insecure font ”. This request has been blocked; the content must be served over HTTPS.

530 User cannot log in, home directory inaccessible

Users can upload and download files by using FTP (File Transfer Protocol) clients such as FileZilla or WinSCP. These clients connect to an FTP server hosted by IIS (Internet Information Server) or other web server technologies. In most cases, it is easy to set up and maintain an FTP server. However, you may run into issues like “530 User cannot log in, home directory inaccessible” error while trying to connect your FTP server. In this post, I will explain how to solve this issue in IIS.

No matter if you are using anonymous access or basic authentication, you may come across this error message. Here is the full connection log from FileZilla:

Connecting to 192.168.83.82:21…
Connection established, waiting for welcome message…
Insecure server, it does not support FTP over TLS.
USER anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
PASS *
530 User cannot log in, home directory inaccessible.
Critical error: Could not connect to server

530 User cannot log in, home directory inaccessible error in FileZilla — 530 error message in FileZilla

IIS logs 500.19 if a client drops connection while loading the website

HTTP status and sub-status codes provide valuable information about the issues users come across. One of the code pairs is 500.19 which means “Configuration data is invalid“. However, IIS may show this pair incorrectly if a user drops connection before the browser loads the website completely.

The error message from the Failed Request Tracing log is below. Please note that this error appears during the execution of the Dynamic Compression module.

HttpStatus: 500
HttpReason: Internal Server Error
HttpSubStatus: 19
ErrorCode: An operation was attempted on a non existent network connection (0x800704cd)

What happens when a client drops connection — Error log when the client drops connection

Fixed ERROR_INTERNET_SEC_CERT_REVOKED

Users and servers communicate via unencrypted messages unless the website owners use SSL certificates. A valid SSL certificate ensures that communication is secure. Therefore, someone who intercepts packages in the network cannot read the data. Certificates are useful and easy to configure most of the time. However, in some cases, the connection may become unprotected and you may see the error message ERROR_INTERNET_SEC_CERT_REVOKED or ERR_CERT_REVOKED.

I came across “certificate has been revoked” message in a website hosted at GoDaddy. Everything was fine and SSL certificate was valid. One day, I visited the site and saw this annoying warning page in Chrome and Edge.

ERROR_INTERNET_SEC_CERT_REVOKED in Microsoft Edge

Here is the full error message Microsoft Edge browser displays when the website has a revoked certificate:

This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

This website’s security certificate has been revoked, so you can’t go there at this time.

Error Code: ERROR_INTERNET_SEC_CERT_REVOKED