<{{Subtitle_Weight}} class="prominent-subhead {{Show_Subtitle}}"> {{Header_Subtitle}}

All K2 sites not functioning after enabling HTTP2



Opening the K2 Management, K2 Workspace and the K2 Designer sites all display the following error:

"This site can't be reached"



This issue is NOT related to K2, and has more to do with IIS 10 that comes with Windows Server 2016 (And Windows 10). A quick bit of internet research points to HTTP2 and "unsecure" cipher suits that is causing the error. Simply Googling "chrome err_spdy_inadequate_transport_security" returns some good reading material. 

Some sample articles... 

After performing some additional testing, we noticed that there are various other sites that show the same error when opened:




We found 2 potential ways to address the issue:

Option 1: Disable HTTP2 on the Windows 2016 machine

Making changes to the registry is an advanced task, and serious problems might occur if you modify the registry incorrectly, either by using Registry Editor or by using another method. These problems might require that you reinstall the operating system or might have other unforeseen effects. Modify the registry carefully, and at your own risk.

  • Start -> regedit
  • Navigate to the folder/path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  • Under the Parameters folder, right-click the white-space, add 2 new DWORD (32-bit) values: EnableHttp2Tls and EnableHttp2Cleartext
  • Ensure both new values have been set to 0 (disabled) by right-clicking the value and clicking modify
  • Once applied, you will need to reboot the machine.

Option 2: Let IIS Crypto set best practices for you

IIS Crypto is a "third-party product" and is manufactured by companies that are independent of K2. K2 makes no warranty, implied or otherwise, about the performance or reliability of this product. I mention this purely because I found a few articles where people used this app to get around this exact problem, for other software products like "Exchange 2016 OWA", and "SharePoint".

  • Navigate to https://www.nartac.com/Products/IISCrypto, and click the download button on the top right.
  • This will download a small Windows application (Free of charge)
  • Open the application, and click on the Cipher Suites option on the left.

It is a good idea to document what is on the machine. Making changes here might effects other software components.
  • Hit the Best Practices button on the bottom left. This will move cyphers up and down the priority list, and check and uncheck some. 
  • It appears as if this application makes changes depending on what it finds on the system, and in accordance with what it assumes are best practices.
  • After the changes has been made, you will have to hit the Apply button on the bottom right, for the changes to take effect.
  • Once applied, you will need to reboot the machine.

After following these steps, we were able to open Exchange OWA, SharePoint and all K2 sites (Management, Designer, and Workspace) with HTTP2 enabled on the machine.