2

I have set up an AWS application load balancer with a target group specified to be HTTP/1. The target group contains a single Windows Server 2022 instance running IIS. The health check functionality (within Amazon) works fine and reports that the server status is 'healthy'.

When I create a different target group with the same specification except specifying it to be HTTP/2 instead of HTTP/1, the health check status shows 'Unhealthy' with the Health status details stating "Health checks failed with these codes: [400]"

Both the working and non-working target groups are IPv4 and HTTPS, and the health checks are configured as HTTPS too.

I'm guessing the IIS implementation of HTTP/2 in Windows Server 2022 is somewhat incompatible with the health check functionality of Amazon Application Load Balancers.

Another post on this website suggested reviewing the HTTP Response Headers generated, although I'm not sure I can find any fault with them. I've attached a screenshot.

HTTP Response Headers

Does anyone know if the health check functionality within AWS Application Load Balancers works on HTTP/2 with Windows Server 2022?

Improve this question
3
  • Windows authentication, NTLM/Kerberos/ or Negotiate is not supported with HTTP/2. In this case, IIS will revert to HTTP/1.1. Clear text – IIS supports HTTP/2 only over TLS. Bandwidth throttling – IIS has a feature to limit bandwidth in HTTP/1.1, but it is not enforced in HTTP/2. Do you use any of this? Commented Nov 19, 2023 at 19:12
  • Thank you for your reply @Turdie. The site uses Anonymous Authentication and this is configured (in IIS) to use the Application pool permissions. I haven't set any Bandwidth throttling. Commented Nov 20, 2023 at 12:00
  • That http2 healthcheck do you use that using https or http?HTTP/2 is enabled by default for HTTPS/TLS connections. Connections fall back to HTTP/1.1 if an HTTP/2 connection isn't establishe Commented Feb 21, 2024 at 18:02

1 Answer 1

Reset to default
0

I was able to get it to work today after trying again.

Initially, I set up an Amazon Application Load balancer with a listener on HTTPS, thinking that HTTP/2 would work as it's a setting on that load balancer. However, it turns out that the current implementation of HTTP/2 on Windows Server 2022 requires TLS communication from the load balancer, not just HTTPS web traffic.

To make it work, I created an Amazon NETWORK Load balancer instead with a TLS listener on Port 443, set an ALPN policy as "HTTP2Only" to allow only HTTP/2 traffic (for testing), used the same domain certificate, and this worked perfectly.

I wanted to share this to help others save time. Hope this helps!

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.