Secure channel communications stop working after disabling TLS 1.0/1.1

KB ID: 2853
Product: Veeam Backup & Replication
Version: 8.x, 9.x
Published:
Last Modified: 2018-12-26

Challenge

After disabling TLS 1.0/1.1, Veeam functionality which utilizes the SCHANNEL security provider, such as license auto-update, license usage reporting and Veeam explorers with remote mounts stop working.
You can see the following error in the Svc.VeeamBackup.log log file and/or in the pop-up error window.
The client and server cannot communicate, because they do not possess a common algorithm

 

Cause

The currently targeted .NET Framework version, 4.5.2, defaults to TLS 1.0 and doesn’t switch automatically to 1.2 when TLS 1.0/1.1 is disabled.

Solution

The following registry keys will need to be added on machines where TLS 1.0/1.1 has been disabled to force the usage of TLS 1.2.

Locations: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319

Name: SchUseStrongCrypto
Type: DWORD
Value: 1

Name: SystemDefaultTlsVersions
Type: DWORD
Value: 1

A .reg file is provided by Microsoft that will set these keys to their most safe values:
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry

 

More Information

Microsoft .NET Framework Best practices for TLS
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

 

Please be aware that we’re making changes which will restrict access to product updates for users without an active contract.

OK

Rate the quality of this KB article: 
5 out of 5 based on 1 ratings

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Request new content