Visual Studio 2022 won't connect to NuGet

mindmischief 36 Reputation points
2022-08-08T17:50:50.513+00:00

Visual Studio 2022 gives an error when trying to browse NuGet.

I get these errors on 2 different Windows Servers (2016) I’ve tried. One running Visual Studio 2017, the other running Visual Studio 2019 and 2022.

Visual Studio 2017:

“[nuget.org] Unable to load the service index for source https://api.nuget.org/v3/index.ison.
An error occurred while sending the request.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host.”

Visual Studio 2022:

[nuget.org] Unable to load the service index for source https://api.nuget.org/v3/index.json. An error occurred while sending the request. The underlying connection was closed: An unexpected error occurred on a send. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. An existing connection was forcibly closed by the remote host

Note that we do not use a proxy.

Loading https://api.nuget.org/v3/index.json with both Chrome and Edge work.
Loading https://api.nuget.org/v3/index.json with Internet Explorer returns:

“This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://api.nuget.org again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.”

Things I’ve tried that have failed to resolve it

updated Visual Studio

Clearing nuget cache from within Visual Studio

Deleted NuGet.Config from C:\Users\<user>\AppData\Roaming\NuGet

Modified C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.com based on tips I found. I know it’s possible that what I changed was not correct. Reverted back.

Registry changes:

Computer\HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
Computer\HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Computer\HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client

DisabledByDefault = 1  
Enabled = 0  

Computer\HKEY LOCAL MACHINE\SYSTEM\ CurrentControl Set) Control SecurityProviders \SCHANNEL\Protocols\TLS 1.2\Client

DisabledByDefault = 0  
Enabled = 1  

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v2.0.50727
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319

SchUseStrongCrypto = 1  
SystemDefaultTlsVersions = 1  

Tried moving the server's Active Directory object out of the current AD OU which has a Group Policy configured with specific ciphers enabled, and the order of preference, into a new OU with this NOT configured.

Tried disabling anti-virus software

Reference links, things I've tried or looked into:
https://learn.microsoft.com/en-us/security/engineering/solving-tls1-problem
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor%22%20%5Cl%20%22registry-strings
https://stackoverflow.com/questions/41185443/nuget-connection-attempt-failed-unable-to-load-the-service-index-for-source

At this point, I'm run out of ideas. It seems like Visual Studio is not adhering to the system's default TLS settings (1.2) but it could possibly be something else.

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,438 questions
Visual Studio Setup
Visual Studio Setup
Visual Studio: A family of Microsoft suites of integrated development tools for building applications for Windows, the web and mobile devices.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
975 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sly, Jack 96 Reputation points
    2022-08-09T14:53:41.39+00:00

    Hi,
    We had this issue today, this was resolved out end by adding TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 into HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

    Also ensured only 'Use TLS 1.2' was enabled in IE Options, and no proxy settings were set up.

    Hope this helps.

    4 people found this answer helpful.

4 additional answers

Sort by: Most helpful
  1. Thomas Grossi 6 Reputation points
    2022-12-05T14:03:11.463+00:00

    For anyone hitting a 401, about a week after changing my corporate password all Visual Studio versions started using old credentials. Deleting all the credentials cached in Credential Manager (search for it in the start menu) fix me up. I never knew that existed, but thankfully our help desk did!

    1 person found this answer helpful.
    0 comments No comments

  2. mindmischief 36 Reputation points
    2022-08-09T20:49:59.787+00:00

    I posted this question on an internal Slack channel and someone responded there with a similar reply.

    I added these two to our GPO and it fixed it.

    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    Thanks for your help!


  3. Paul Walton 1 Reputation point
    2022-09-25T12:20:03.52+00:00

    @Vincent Castagna I have the same question. The frequent use of initialisms is annoying. I think GPO is referring to Group Policy Objects but I'm not sure.

    Like you also asked, it would be helpful if they explained how they added these keys to the registry.


  4. Alexander Dunn 1 Reputation point
    2022-10-24T16:08:59.447+00:00

    I had a very similar issue and so did what @Sly, Jack and @mindmischief recommended

    253613-image.png