Azure Web App / Https calls to SQL Server Reporting Services

Occasional Contributor

Hi all. I'm working on troubleshooting an Azure Web App that is making an https call to an SSRS server located on an Azure VM. This web app works when making an http call to the SSRS server but never when making an https call. If you open up the Azure web app debug console, a powershell tnc command to port 80 and 443 of the SSRS server are successful. SSRS is https enabled and it works when using a browser. I've had a wildcard ssl certificate from Digicert in the SSRS config. That https configuration was set up for a different FQDN than the SSRS server's FQDN. No success from the web app but success using https from a browser.  After that, I tried a different ssl certificate from our organization's internal Certificate Authority that matched the SSRS server name and https calls didn't work from the web app.  I looked at log files from the web app and that didn't provide the answer to why it wasn't working. The one thing that i saw was that the SSRS server never logged any information in the ReportServerHTTP log file when the web app made the https call.   The web app uses the ReportExecutionService using reportviewer.aspx to access the SSRS server. Anyone have any success accessing SSRS using https from an Azure web app? 


Any feedback appreciated. 

1 Reply
best response confirmed by J_Bush (Occasional Contributor)
This problem has been fixed and Wireshark helped identify what the problem was. After installing Wireshark and then having the Azure web app make a call to the SSRS web site, Wireshark showed the web app was making the call using using TLS 1.0. For security reasons, TLS1.0 and TLS1.1 was disabled on the SSRS server. So when the web app attempted to set up a TLS session using TLS1.0, the SSRS server denied it. To fix things, the Azure web app had to have a line of code added to force the TLS1.2 connection. In this case it was: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

In addition, the SSRS configuration has to be set up using an SSL certificate from a trusted Certificate Authority. I tried using a cert issued from our internal CA and it didn't work. I ended up using a cert from a well known CA.

So there you have it. I hope this helps someone in the future.