Secure channel communications stop working after disabling TLS 1.0/1.1

KB ID: 2853
Product: Veeam Backup & Replication
Version: 8.x, 9.x
Last Modified: 2018-12-26


After disabling TLS 1.0/1.1, Veeam functionality which utilizes the SCHANNEL security provider, such as license auto-update, license usage reporting and Veeam explorers with remote mounts stop working.
You can see the following error in the Svc.VeeamBackup.log log file and/or in the pop-up error window.
The client and server cannot communicate, because they do not possess a common algorithm



The currently targeted .NET Framework version, 4.5.2, defaults to TLS 1.0 and doesn’t switch automatically to 1.2 when TLS 1.0/1.1 is disabled.


The following registry keys will need to be added on machines where TLS 1.0/1.1 has been disabled to force the usage of TLS 1.2.

Locations: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319

Name: SchUseStrongCrypto
Value: 1

Name: SystemDefaultTlsVersions
Value: 1

A .reg file is provided by Microsoft that will set these keys to their most safe values:


More Information

Microsoft .NET Framework Best practices for TLS


Please be aware that we’re making changes which will restrict access to product updates for users without an active contract.


Rate the quality of this KB article: 
5 out of 5 based on 1 ratings

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Request new content