1-800-691-1991 | 9am - 8pm ET
EN

Secure channel communications stop working after disabling TLS 1.0/1.1

KB ID: 2853
Product: Veeam Backup & Replication
Published: 2018-12-26
Last Modified: 2021-10-07
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

After disabling TLS 1.0/1.1, Veeam functionality which utilizes the SCHANNEL security provider, such as license auto-update, license usage reporting, and Veeam explorers with remote mounts, stop working.

The following error will be listed in the Svc.VeeamBackup.log log file and the pop-up error window.
The client and server cannot communicate, because they do not possess a common algorithm.

Cause

The currently targeted .NET Framework version, 4.5.2, defaults to TLS 1.0 and doesn’t switch automatically to 1.2 when TLS 1.0/1.1 is disabled.

Solution

The following registry keys need to be added on machines where TLS 1.0/1.1 has been disabled to force the usage of TLS 1.2.

Key Location: HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value Name: SchUseStrongCrypto
Value Type: DWORD (32-bit) Value
Value Data: 1

Key Location: HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value Name: SystemDefaultTlsVersions
Value Type: DWORD (32-bit) Value
Value Data: 1

Key Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
Value Name: SchUseStrongCrypto
Value Type: DWORD (32-bit) Value
Value Data: 1

Key Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
Value Name: SystemDefaultTlsVersions
Value Type: DWORD (32-bit) Value
Value Data: 1


A .reg file is provided by Microsoft that will set these keys to their safest values:
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry

More information

Microsoft .NET Framework Best practices for TLS
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

 
Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for your interest in Veeam products!
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.