If you’re trying to connect to a CA server that’s configured with HTTPS via Chrome and you get the ‘ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY‘ error at every attempt, you’re most likely dealing with some kind of security setting issue. This issue is prevalent on Windows Server installations.
After we’ve investigated this issue thoroughly, we realized that there are actually multiple causes that might be responsible for the apparition of the ‘ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY’ error.
Here’s a shortlist of potential culprits that might trigger this error on a Windows or Windows server installation:
- Outdated Chrome version – In most documented cases, you can expect this issue to occur due to a scenario where you’re using an outdated Chrome version that is not equipped with the required security mechanisms required to facilitate the CA connection. In this case, you’ll need to force your browser to install the latest available build.
- Interfering browser cookies – As it turns out, there are certain Chrome cookies that might be responsible for this behavior if you’re trying to connect to a CA server via HTTPS. In most cases, you can get the issue resolved by clearing all your browser cookies or by using Chrome in incognito mode.
- Windows server is using weak ciphers – As it turns out, a fairly common reason why Google Chrome might throw this type of error message is that your Windows Server installation is using weak ciphers. To fix this issue, you’ll need to use a utility like IISCrypto to take care of insecure protocols and weaker cipher suites.
- HTTP/2 is Enabled – While HTTP/2 is generally good for security purposes, it also demands way stricter requirements. If you’re using Windows Server 2016, changes are your OS will attempt to fall back to HTTP/1.1 regardless which might trigger this error in Chrome. In this case, the solution is to disable HTTP/2 completely.
Now that we went over every potential reason why Google Chrome might flash the ‘ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY’ error when you attempt to facilitate a connection with certain servers, here’s a list of verified fixed that other affected users have successfully used to get to the bottom of this issue.
Clear Chrome’s Cookies
As it turns out, a badly saved cookie can be responsible for the apparition of the ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error. It’s not that uncommon to see this message when you’re trying to connect to a CA server via HTTPS on a Windows Server installation.
Fortunately, there’s an easy way of checking if a bad cookie is responsible for this error – facilitating the same connection using incognito mode.
To do this, open Google Chrome and click on the action button (top-right corner), then click on New Incognito Window.
Once you’ve successfully opened an Incognito window in Chrome, try facilitating the same kind of connection and see if the ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error is resolved.
If the error message doesn’t return, you’ve just confirmed that you’re actually dealing with a cookie issue. In this case, follow the instructions below to remove the dedicated bad cookie in order to fix the ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error:
Note: If the same error message pops up even when you’re in Incognito Mode, skip the steps below and move directly to the next method.
- Open Google Chrome and use the navigation bar at the top to load up the page that is triggering the error.
- Once you get the error message, click on the lock icon located inside the navigation bar.
- After you click on the lock icon, you will be presented with a new menu where you’ll need to click on Cookies.
- Next, once you arrive inside the dedicated cookies menu, select the Allowed cookies tab, then select each cookie from the list below and click on Remove to take care of it.
- Once every potentially corrupted cookie is removed, restart your browser and check to see if the problem is now fixed.
If the same kind of issue (ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error) is still occurring, move down to the next potential fix below.
Update Google Chrome to the latest version
First things first, you’ll need to make sure that you’re using the latest public release of Google Chrome.
This is especially important if you’re experiencing the issue on a Windows Server installation while attempting to connect to a CA server configured with HTTPS.
As it turns out, the reason why you’re seeing the ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error is most likely because of some security mechanisms that were not implemented yet with your Google Chrome version.
Several affected users that we’re dealing with the same kind of issue have confirmed that the problem was fixed entirely after they’ve updated Google Chrome to the latest version available.
However, since the auto-updating function is sketchy on Windows Server, our recommendation is to begin by uninstalling Google Chrome and clearing the remnant files before installing the latest available public build from scratch.
Here’s what you need to do:
- Open up a Run dialog box by pressing Windows key + R. Next, type ‘appwiz.cpl’ and press Enter to open up the Programs and Features window.
- Once you’re inside the Programs and Features menu, start by right-clicking on Chrome and choose Uninstall from the context menu that just appeared.
- Next, follow the on-screen prompts to complete the uninstallation process.
- Once the uninstallation is complete, reboot your PC and wait until the next startup is complete.
- Next, open up another Run dialog box by pressing Windows key + R. Inside the text box that appeared, type “%localappdata%” and press Enter to open up the local folder that holds temp files associated with your active Microsoft account.
- From the root Local folder, right-click on Chrome and choose Delete from the context menu to get rid of every temporary file that was left behind by the original installation.
- After you manage to get rid of the local data cache folder of Google Chrome, the next step is to install a healthy equivalent. Proceed by visiting the official download page of Google Chrome and download the latest version available.
- Once the installation executable has been downloaded, double-click on it, click Yes at the UAC prompt, then follow the on-screen instructions to complete the installation process.
- Once the installation is complete, open the browser and repeat the action that was previously causing the ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY.
If the same kind of issue is still occurring, move down to the next potential fix below.
Disable HTTP/2 or Disable Weak Cipher suites
If you’re encountering the ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error in Google chrome immediately after upgrading to Windows Server from an IIS web server, you’re probably seeing this error because Windows Server turns HTTP/2 on by default and tends to fall back to the older HTTP/1.1 if HTTP/2 is not supported.
This is good for security, but HTTP/2 has much stricter requirements than HTTP/1.1 and Windows Server 2016 is notoriously known for trying to establish an HTTP/2 session with the browser even when the server is configured with weaker SSL ciphers that aren’t supported by HTTP/2.
If you find yourself in this particular scenario, you have two ways forward:
- Disable the Weak Cipher Suites
- Disable HTTP/2 on Windows Server
Regardless of the route you need to take, we’ve created a series of sub guides that will walk you through both potential scenarios.
Follow the guide that’s applicable to your particular scenario.
Disable the Weak Cipher Suites
You can disable these cipher suites manually, but there’s really no need to overcomplicate things when you can use this utility called IISCrypto.
In IISCrypto version 3.0, you can use the Best Practices button to automatically disable every insecure protocol together with weaker cipher suites.
Do this by selecting Cipher Suites from the vertical menu on the left, then clicking on Best Practices.
After you do this, hit Apply to enforce the changes, then reboot your Windows Server installation to allow the changes to take effect.
Note: If you’re an advanced Windows Server user, you can also fine-tune these cipher suites manually via IISCrypto.
Disable HTTP/2 on Windows Server
If you decide that disabling HTTP/2 in IIS on Windows Server is a worthy compromise, you can do it by adding just two DWORD registry keys.
Whether you should apply this particular fix or not depends on your particular scenario and the number of protocols affected by disabling HTTP/2.
If you decide to go through with it, the easiest way to do it is to create a .reg file via an elevated Notepad window.
Follow the instructions below to create a .REG file capable of disabling HTTP/2 on a Windows Server 2016 installation:
- Press Windows key + R to open up a Run dialog box. Next, type ‘notepad’ inside the text box, then press Ctrl + Shift + Enter to open a Notepad instance with admin privileges.
- Once you’re inside the elevated window, paste the following code inside the empty white box:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters] “EnableHttp2Tls”=dword:00000000 “EnableHttp2Cleartext”=dword:00000000
- Once the code is pasted successfully, click on File from the context menu at the top, then click on Save As from the context menu that just appeared.
- Next, start by choosing a suitable location where you’ll save this .REG file. then change the Save as Type to All Files.
- Assign a name under file name, but make sure the name of the file ends with .reg. Once you’re ready, click on Save to generate the .REG file that you’ll use to disable HTTP/2.
- Once the .reg file is successfully generated, right-click on it and choose Run as administrator from the context menu that just appeared.
- At the confirmation menu, click on Yes to run the .reg script you’ve just created to disable HTTP/2.
- Reboot your Windows Server installation to enforce the change, then return to Google Chrome and see if the ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error is still occurring.
Note: If you decide to enable HTTP/2 at a later time, return to the location of these two registry keys and change their value to 1 instead of 0.