Secure channel communications stop working after disabling TLS 1.0/1.1

KB ID: 2853
Product: Veeam Backup & Replication
Published: 2018-12-26
Last Modified: 2021-10-07
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

After disabling TLS 1.0/1.1, Veeam functionality which utilizes the SCHANNEL security provider, such as license auto-update, license usage reporting, and Veeam explorers with remote mounts, stop working.

The following error will be listed in the Svc.VeeamBackup.log log file and the pop-up error window.
The client and server cannot communicate, because they do not possess a common algorithm.

Cause

The currently targeted .NET Framework version, 4.5.2, defaults to TLS 1.0 and doesn’t switch automatically to 1.2 when TLS 1.0/1.1 is disabled.

Solution

The following registry keys need to be added on machines where TLS 1.0/1.1 has been disabled to force the usage of TLS 1.2.

Key Location: HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value Name: SchUseStrongCrypto
Value Type: DWORD (32-bit) Value
Value Data: 1

Key Location: HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
Value Name: SystemDefaultTlsVersions
Value Type: DWORD (32-bit) Value
Value Data: 1

Key Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
Value Name: SchUseStrongCrypto
Value Type: DWORD (32-bit) Value
Value Data: 1

Key Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
Value Name: SystemDefaultTlsVersions
Value Type: DWORD (32-bit) Value
Value Data: 1


A .reg file is provided by Microsoft that will set these keys to their safest values:
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry

More Information

Microsoft .NET Framework Best practices for TLS
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

 
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.