Hey
I set up Cloudflare Authenticated Origin Pull requests on our IIS 10 Server (Windows Server 2019) a few months ago, and it was working flawlessly. Starting on Feb 03, I noticed “520 Origin Errors” in Cloudflare Analytics and was able to pinpoint the issue to Authenticated Origin Pulls. These are randomly and not every request is affected.
After analyzing the IIS Logs, Cloudflare InstantLogs, and monitored the traffic and specifically looked into the TLS Handshake with Wireshark, I was able to gather some information.
In the IIS Log, the error is visible with “403.7 - Client certificate required” or with the error “0.7” and an “sc-win32-status” of “64”. This could mean that the client is failing to send an ACK package, so the server is resetting the connection. I observed in Wireshark that the server is not receiving a client certificate from Cloudflare’s Edge and is sending a [RST, ACK ] package to the client.
Anybody else who is encountering similiar issues? We’re already in contact with Cloudflares Support but still wait for an answer since 3 days.
Do you have an idea how to solve or further investigate the issue?