Our services often experience errors in some of our processes (like surveys and any changes to subscriptions) running on your server which suggest TLS 1.0 and TLS 1.1 are disabled on that server. We have seen on several occasions this has broken these processes as some tools that disable the protocols may be missing some registry entries that allow .Net applications to utilize TLS 1.2 successfully. These registry entries are defined in Microsoft’s documentation on enabling TLS 1.2.
Until completed, processes like surveys and any changes to subscriptions will not function, as well as some reports will fail to run for end users.
Please create or set these registry entries. The straightforward approach is to make manual edits to the registry as below:
For 32-bit applications that are running on 32-bit OSs and for 64-bit applications that are running on 64-bit OSs, update the following subkey values:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
For 32-bit applications that are running on 64-bit OSs, update the following subkey values:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
Attached below is a Powershell script, but our experience is that many antivirus and security suites will not allow these scripts to be run, so you will need to create or set the registry entries as above.
0 Comments