This article applies to customers using Integrated Windows Authentication (IWA) as the Identity Provider (IdP) for the IDR portal.

Users may experience intermittent authentication issues when using IWA as the IdP for the IDR web portal. After submitting credentials, the browser may display a "Site not reachable" error. Refreshing the page typically resolves the issue and allows successful authentication and access to the IDR web portal. 

During RSA IWA authentication, the IIS server hosting the RSA IWA application communicates with the browser using the HTTP/2 protocol. However, IIS does not support Windows authentication methods such as Kerberos or NTLM over HTTP/2.  For more information, see HTTP/2 on IIS.

To resolve this issue, disable HTTP/2 communication on the Microsoft Windows IIS server hosting the RSA IWA application. To disable HTTP/2, add the following registry parameters on the Windows Server hosting the RSA IWA Connector:

• EnableHttp2Cleartext

• EnableHttp2Tls

Disable HTTP/2 on the RSA IWA Connector Server

Procedure

1. Log in to the Windows Server running the RSA IWA Connector.

2. Press Windows + R, type regedit, and press Enter to open the Registry Editor.

3. In the Registry Editor, navigate to 

   Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > HTTP > Parameters

   (Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters)

4. Right-click Parameters, select New > DWORD (32-bit) Value.

5. Add the following two values:

   • EnableHttp2Cleartext 

   • EnableHttp2Tls

6. Restart the server to apply the changes.