How can we help you today? How can we help you today?

Issue after Installing Recent Windows Update

Hello,

Since installing the latest batch of Windows update have issue with the web interface connecting to the Base Monitor. The log files show the following error is occuring:

2016-05-18 17:06:41,125 [ 10] ERROR RedGate.Response.Common.Utilities.ErrorReporting.ErrorReporter - System.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at RedGate.Response.Common.Networking.Server.RpcSynchronousTcpServer.HandleClientSession(Stream stream)
at RedGate.Response.Common.Networking.Server.AsynchronousSocketListener.RunWorker(Socket requestSocket)
at RedGate.Response.Common.Utilities.ThreadPools.PrioritizedThreadPool`1.ExecuteHighestPriorityUserWorkItem(TPriority originalPriority)
at RedGate.Response.Common.Utilities.ThreadPools.ErrorReportingThreadPool.<>c__DisplayClass6_0.<QueueUserWorkItem>b__0(Object )System.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireServerCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at RedGate.Response.Common.Networking.Server.RpcSynchronousTcpServer.HandleClientSession(Stream stream)
at RedGate.Response.Common.Networking.Server.AsynchronousSocketListener.RunWorker(Socket requestSocket)
at RedGate.Response.Common.Utilities.ThreadPools.PrioritizedThreadPool`1.ExecuteHighestPriorityUserWorkItem(TPriority originalPriority)
at RedGate.Response.Common.Utilities.ThreadPools.ErrorReportingThreadPool.<>c__DisplayClass6_0.<QueueUserWorkItem>b__0(Object )

Has anyone seen this before?

Thanks

Neil
neilredfern
0

Comments

3 comments

Sort by
  • Alex B
    *Edit to remove extra characters from registry key paths

    Hi Neil,

    This will be the result of either or both TLS 1.0 and SSLv3 having been disabled. Both the client and server TLS 1.0 and SSLv3 need to be enabled for the web service to be able to talk to the base monitor.

    These are all of the registry keys and their values for enabling both the client and server portions of SSL 3.0 and TLS 1.0:

    <p>SSL 3.0:&nbsp;
<span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Client&nbsp; "Enabled"=dword:00000001</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">&nbsp;
</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server&nbsp; "Enabled"=dword:00000001</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">&nbsp;</span></p><p><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">TLS 1.0:</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">&nbsp;
</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client&nbsp; "Enabled"=dword:00000001</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">&nbsp;
</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client&nbsp; "DisabledByDefault"=dword:00000000</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">&nbsp;</span></p><p><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server&nbsp; "Enabled"=dword:00000001</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">&nbsp;
</span><span style="background-color: transparent; color: inherit; font-size: inherit; font-family: roboto, "helvetica neue", Arial, sans-serif;">HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server&nbsp; "DisabledByDefault"=dword:00000000</span></p>

    We are aware that from a security point of view, we should no longer use TLS v1.0 and SSLv3 and instead we should use TLS 1.2. An internal issue has been created for this to be considered for a future version.

    Kind regards,
    Alex
    Alex B
    0
  • neilredfern
    Alex,

    Thanks for the update, that resolved the issue and a few other we have seen since the patching.

    Thanks

    Neil
    neilredfern
    0
  • Alex B
    Hi Neil,

    Glad that got it sorted. Thanks for letting me know!

    Kind regards,
    Alex
    Alex B
    0

Add comment

Please sign in to leave a comment.