Revision history [back]
TLS1.2 RST After Server Key Exchange, Server Hello Done
I am not sure if this is a TLS1.2 connection issue or something else. I have this WireShark trace summary.
I have a client and Exchange server. I am using below command on client machine.
Invoke-WebRequest -Uri https://autodiscover.contoso.com -UseBasicParsing
As far as I understand , The client is closing the connection after receiving the server certificate - which suggest that the client does not like the server certificate.
What could be causing this?
Please let me know if you need anymore info.
Wireshark Output :
2647 6.854017 SOURCE DESTINATION TCP 66 18543 → 443 [SYN, ECE, CWR] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
2649 6.869529 DESTINATION SOURCE TCP 66 443 → 18543 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1460 WS=256 SACK_PERM
2650 6.869602 SOURCE DESTINATION TCP 54 18543 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
2651 6.870704 SOURCE DESTINATION TLSv1.2 217 Client Hello (SNI=autodiscover.companyB.com)
2703 6.883765 DESTINATION SOURCE TCP 1514 443 → 18543 [PSH, ACK] Seq=1 Ack=164 Win=130816 Len=1460 [TCP segment of a reassembled PDU]
2708 6.885744 DESTINATION SOURCE TCP 1514 443 → 18543 [PSH, ACK] Seq=1461 Ack=164 Win=130816 Len=1460 [TCP segment of a reassembled PDU]
2709 6.885775 SOURCE DESTINATION TCP 54 18543 → 443 [ACK] Seq=164 Ack=2921 Win=262656 Len=0
2710 6.885900 DESTINATION SOURCE TLSv1.2 914 Server Hello, Certificate
2713 6.887267 SOURCE DESTINATION TCP 54 18543 → 443 [FIN, ACK] Seq=164 Ack=3781 Win=261888 Len=0
2753 6.904773 DESTINATION SOURCE TLSv1.2 396 Server Key Exchange, Server Hello Done
2754 6.904773 DESTINATION SOURCE TCP 60 443 → 18543 [FIN, ACK] Seq=4123 Ack=165 Win=130816 Len=0
2757 6.904839 SOURCE DESTINATION TCP 54 18543 → 443 [RST, ACK] Seq=165 Ack=4123 Win=0 Len=0
2758 6.904889 SOURCE DESTINATION TCP 54 18543 → 443 [RST] Seq=165 Win=0 Len=0
FROM WORKING MACHINE WIRESHARK RESULT :
1636 11.029014 SOURCE DESTINATION TCP 66 62424 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
1639 11.042309 DESTINATION SOURCE TCP 66 443 → 62424 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1460 WS=256 SACK_PERM
1640 11.042440 SOURCE DESTINATION TCP 54 62424 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
1641 11.045394 SOURCE DESTINATION TLSv1.2 217 Client Hello (SNI=autodiscover.contoso.com)
1642 11.058038 DESTINATION SOURCE TCP 1514 443 → 62424 [PSH, ACK] Seq=1 Ack=164 Win=130816 Len=1460 [TCP segment of a reassembled PDU]
1643 11.058672 DESTINATION SOURCE TCP 1514 443 → 62424 [PSH, ACK] Seq=1461 Ack=164 Win=130816 Len=1460 [TCP segment of a reassembled PDU]
1644 11.058700 SOURCE DESTINATION TCP 54 62424 → 443 [ACK] Seq=164 Ack=2921 Win=262656 Len=0
1645 11.059453 DESTINATION SOURCE TLSv1.2 914 Server Hello, Certificate
1647 11.070975 DESTINATION SOURCE TLSv1.2 396 Server Key Exchange, Server Hello Done
1648 11.071013 SOURCE DESTINATION TCP 54 62424 → 443 [ACK] Seq=164 Ack=4123 Win=261376 Len=0
1649 11.077428 SOURCE DESTINATION TLSv1.2 236 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
1651 11.090970 DESTINATION SOURCE TCP 60 443 → 62424 [ACK] Seq=4123 Ack=346 Win=130816 Len=0
1652 11.099993 DESTINATION SOURCE TLSv1.2 161 Change Cipher Spec, Encrypted Handshake Message
1653 11.101929 SOURCE DESTINATION TLSv1.2 299 Application Data
1654 11.113314 DESTINATION SOURCE TCP 60 443 → 62424 [ACK] Seq=4230 Ack=591 Win=130816 Len=0
1655 11.114834 DESTINATION SOURCE TLSv1.2 443 Application Data
1656 11.115350 SOURCE DESTINATION TCP 54 62424 → 443 [FIN, ACK] Seq=591 Ack=4619 Win=262656 Len=0
1657 11.117223 SOURCE DESTINATION TCP 66 62425 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
1658 11.126292 DESTINATION SOURCE TCP 60 443 → 62424 [FIN, ACK] Seq=4619 Ack=592 Win=131072 Len=0
1659 11.126350 SOURCE DESTINATION TCP 54 62424 → 443 [ACK] Seq=592 Ack=4620 Win=262656 Len=0
1660 11.132974 DESTINATION SOURCE TCP 66 443 → 62425 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1460 WS=256 SACK_PERM
1661 11.133091 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=1 Ack=1 Win=262656 Len=0
1662 11.140874 SOURCE DESTINATION TLSv1.2 217 Client Hello (SNI=autodiscover.contoso.com)
1663 11.154478 DESTINATION SOURCE TCP 1514 443 → 62425 [PSH, ACK] Seq=1 Ack=164 Win=130816 Len=1460 [TCP segment of a reassembled PDU]
1664 11.155714 DESTINATION SOURCE TCP 1514 443 → 62425 [PSH, ACK] Seq=1461 Ack=164 Win=130816 Len=1460 [TCP segment of a reassembled PDU]
1665 11.155714 DESTINATION SOURCE TLSv1.2 914 Server Hello, Certificate
1666 11.155753 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=164 Ack=3781 Win=262656 Len=0
1667 11.167895 DESTINATION SOURCE TLSv1.2 396 Server Key Exchange, Server Hello Done
1668 11.167945 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=164 Ack=4123 Win=262400 Len=0
1669 11.172926 SOURCE DESTINATION TLSv1.2 236 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
1670 11.185401 DESTINATION SOURCE TCP 60 443 → 62425 [ACK] Seq=4123 Ack=346 Win=130816 Len=0
1671 11.196390 DESTINATION SOURCE TLSv1.2 161 Change Cipher Spec, Encrypted Handshake Message
1672 11.197064 SOURCE DESTINATION TLSv1.2 283 Application Data
1673 11.207907 DESTINATION SOURCE TCP 60 443 → 62425 [ACK] Seq=4230 Ack=575 Win=130816 Len=0
1674 11.210592 DESTINATION SOURCE TLSv1.2 779 Application Data
1675 11.210875 SOURCE DESTINATION TLSv1.2 363 Application Data
1676 11.221811 DESTINATION SOURCE TCP 60 443 → 62425 [ACK] Seq=4955 Ack=884 Win=131072 Len=0
1677 11.256558 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=4955 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1678 11.256697 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=6415 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1679 11.256697 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=7875 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1680 11.256697 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=9335 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1681 11.256697 DESTINATION SOURCE TLSv1.2 1499 Application Data
1682 11.256773 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=12240 Win=262656 Len=0
1683 11.256855 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=12240 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1684 11.256872 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=13700 Win=262656 Len=0
1685 11.257031 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=13700 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1686 11.257031 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=15160 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1687 11.257062 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=16620 Win=262656 Len=0
1688 11.257239 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=16620 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1689 11.257490 DESTINATION SOURCE TLSv1.2 1499 Application Data
1690 11.257532 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=19525 Win=262656 Len=0
1691 11.257549 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=19525 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1692 11.257908 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=20985 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1694 11.257908 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=22445 Ack=884 Win=131072 Len=1460 [TCP segment of a reassembled PDU]
1696 11.257965 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=23905 Win=262656 Len=0
1698 11.267972 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=23905 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1699 11.267997 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=25365 Win=262656 Len=0
1700 11.268158 DESTINATION SOURCE TLSv1.2 1499 Application Data
1701 11.268278 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=26810 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1702 11.268278 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=28270 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1703 11.268302 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=29730 Win=262656 Len=0
1704 11.268366 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=29730 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1705 11.268366 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=31190 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1706 11.268366 DESTINATION SOURCE TLSv1.2 1499 Application Data
1707 11.268366 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=34095 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1708 11.268413 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=35555 Win=262656 Len=0
1709 11.268554 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=35555 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1710 11.268554 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=37015 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1711 11.268554 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=38475 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1712 11.268554 DESTINATION SOURCE TLSv1.2 1499 Application Data
1713 11.268554 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=41380 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1714 11.268603 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=42840 Win=262656 Len=0
1715 11.268622 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=42840 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1716 11.268622 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=44300 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1717 11.268641 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=45760 Win=262656 Len=0
1718 11.268656 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=45760 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1719 11.268656 DESTINATION SOURCE TLSv1.2 1499 Application Data
1720 11.268679 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=48665 Win=262656 Len=0
1721 11.268846 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=48665 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1722 11.269025 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=50125 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1723 11.269042 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=51585 Win=262656 Len=0
1724 11.269059 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=51585 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1725 11.269059 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=53045 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1726 11.269059 DESTINATION SOURCE TLSv1.2 1499 Application Data
1727 11.269059 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=55950 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1728 11.269107 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=57410 Win=262656 Len=0
1729 11.269679 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=57410 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1730 11.269715 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=58870 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1731 11.269715 DESTINATION SOURCE TCP 1514 443 → 62425 [ACK] Seq=60330 Ack=884 Win=131840 Len=1460 [TCP segment of a reassembled PDU]
1732 11.269734 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=61790 Win=262656 Len=0
1733 11.278978 DESTINATION SOURCE TLSv1.2 1499 Application Data
1734 11.279031 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=63235 Win=261120 Len=0
1735 11.279152 DESTINATION SOURCE TLSv1.2 1483 Application Data
1736 11.331642 SOURCE DESTINATION TCP 54 62425 → 443 [ACK] Seq=884 Ack=64664 Win=262656 Len=0