IIS Express ERR_CONNECTION_RESET on HTTPS localhost - works fine with Kestrel

BishalTimalsina12 · April 9, 2026, 9:44am

Not entirely Umbraco related but bear with me it does happen when running Umbraco projects so figured this is still the right place to ask, hehe.

When I launch the project through IIS Express in VS 2026 the browser just throws ERR_CONNECTION_RESET on https://localhost:xxxx/ no page, nothing, just a dead connection.

Did some digging, checked services.msc, restarted a few things, still the same result every time. IIS Express tray shows the site running on the correct port so it’s not like the process isn’t starting up.

The moment I switch the launch profile over to Project (Kestrel) though it works perfectly fine, comes right up. So something is clearly off with how IIS Express is handling it specifically.

Anyone else hit this or know what’s actually causing it?

justin-nevitech · April 9, 2026, 10:15am

Hi @BishalTimalsina12 ,

I don’t know specially, but AI has suggested the following which may help:

1. SSL Certificate trust issue (most likely)

IIS Express uses its own self-signed cert, and if it’s expired or untrusted it kills the connection before the browser even gets a response. Run this in an elevated command prompt:

netsh http show sslcert ipport=0.0.0.0:PORT

If it looks off, the quickest fix is:

iisexpress /config:"%USERPROFILE%\Documents\IISExpress\config\applicationhost.config" /site:"YourSiteName"

Or more reliably, re-run the IIS Express cert setup via:

"C:\Program Files\IIS Express\IisExpressAdminCmd.exe" setupsslUrl -url:https://localhost:PORT/ -UseSelfSigned

2. applicationhost.config binding mismatch

Check %USERPROFILE%\Documents\IISExpress\config\applicationhost.config and make sure the binding for your site matches exactly what VS is trying to launch — port, protocol, and hostname. A stale entry from a previous project can cause silent resets.

3. HTTP.sys port conflict

Something else may have grabbed that port at the HTTP.sys level even if nothing obvious shows in Task Manager. Check with:

netsh http show urlacl | findstr :PORT

If there’s a stale reservation, remove it:

netsh http delete urlacl url=https://+:PORT/

4. Windows HTTP.sys TLS cipher mismatch

This one crops up more on Windows 11 24H2+ and Server 2025 — Microsoft tightened the default cipher suite policy and IIS Express’s older TLS negotiation can fall flat. Symptoms are exactly ERR_CONNECTION_RESET with no cert warning, just a dead drop. Worth checking if you’ve had a recent Windows update. IIS Express essentially doesn’t get updates any more so it’s increasingly susceptible to this.

5. Corrupted IIS Express config

If none of the above, nuke and regenerate:

Delete %USERPROFILE%\Documents\IISExpress\config\applicationhost.config
VS will regenerate it on next run

Justin

sebastiaan · April 9, 2026, 11:11am

Use Kestrel!

It’s difficult to know exactly how it runs but it should be something like

"C:\Program Files\IIS Express\iisexpress.exe" /config:"C:\Users\YourName\Documents\MyProject\.vs\MyProject\config\applicationhost.config" /site:"MyProject" /apppool:"MyProject App Pool"

However, I believe if you just do dotnet run --launch-profile "IIS Express" in the project then it should do that automatically. Hopefully you’ll see errors on the command line to help debug.

EssCee · April 9, 2026, 3:14pm

I had a similar issue however for me i ran the below commands, which resolved it for me

dotnet dev-certs https --clean
dotnet dev-certs https --trust

BishalTimalsina12 · April 10, 2026, 7:23am

ya im just gonna use Kestrel , tried everything!

sebastiaan · April 10, 2026, 11:23am

I would have a look in the Windows Event Log Viewer to find the real error you’re getting. I am assuming it’s something that was corrupted in your system somewhere and you’ll see more problems with IIS Express in the future.

Unfortunately, there’s not enough info to properly diagnose this one right now.. but I am curious, so I’d love to learn the real source of the problem.

mistyn8 · April 10, 2026, 11:25am

I’d also be interested to know why IISExpress would be prefered over Kestrel for local development?

sebastiaan · April 10, 2026, 11:28am

These days there shouldn’t be much value in it unless you need to do things that could only ever work in IIS.
That said, I think Umbraco kind of forces the default to be IIS, or maybe it’s ASP.NET that sets it up that way?
I don’t really know, but I would love it if we could make new sites just start Kestrel under the hood when you start the site in VS / Rider.

mistyn8 · April 10, 2026, 11:34am

I have a memory that v9/10 template used to result in IIS express being below Umbraco.Web.UI in the project/properties/launchSettings.json

But IISExpress higher profile, so preferred now?

Umbraco-CMS/templates/UmbracoProject/Properties/launchSettings.json at main · umbraco/Umbraco-CMS

from at least v14..
Umbraco-CMS/build/templates/UmbracoSolution/Properties/launchSettings.json at 26a04ea2feba92aee1c00d3fa615bbb0002e91b7 · umbraco/Umbraco-CMS

UPDATE: Well just proved I’m losing my marbles as IIS always been the higher profile..

sebastiaan · April 10, 2026, 12:01pm

We’re going far off-topic here, but it’s definitely something that could change. I don’t have Windows machine near but if anyone wants to test an clean dotnet new umbraco, do not run or open it in VS nor Rider, change the launchsettings.json to (for example):

{
  "$schema": "https://json.schemastore.org/launchsettings.json",
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:2661",
      "sslPort": 44344
    }
  },
  "profiles": {
    "Umbraco.Web.UI": {
      "commandName": "Project",
      "dotnetRunMessages": true,
      "launchBrowser": true,
      "applicationUrl": "https://localhost:44344;http://localhost:2661",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

And then open it in VS or Rider and see what the first choice is.. would make an interesting PR to the above templates. I don’t know if it will be accepted as it does mess with people’s expected workflows in a rather invisible way.

mistyn8 · April 10, 2026, 1:44pm

Yes to both VS Insiders, and VSCode with c# dev kit. on Windows 11.. both then run default in Kestrel.

sebastiaan · April 10, 2026, 1:47pm

Yay! Rider likes that as well. Would you like to send a PR for v18, it’s a “breaking” change I guess, but only behavioral so should be fine for a new major version.

mistyn8 · April 10, 2026, 2:10pm

Reorganize launchSettings.json profiles section by mistyn8 · Pull Request #22427 · umbraco/Umbraco-CMS