Summary
This article describes an error that may occur when configuration on a beacon for which version(s) of TLS can be used for secure communications does not match what another computer your are trying to connect to requires.
Synopsis
You may see the following error when trying test a connection from a beacon to an inventory source:
"A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The client and server cannot communicate, because they do not possess a common algorithm.)"
Discussion
This can happen when the server you are trying to communicate with requires a newer TLS version than the WinHTTP configuration your beacon is configured to use.
Enable TLS 1.1 and/or 1.2 by creating one or both of the following keys in the Windows registry on the beacon:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
Create the following registry entries under the Client key(s) as shown in the following screenshot:
- REG_DWORD DisabledByDefault set to 1
- REG_DWORD Enabled set to 1
Refer the following article for details of the specifications: https://technet.microsoft.com/en-us/library/dn786418
If you run into any issues after disabling the older SSL protocols (like SSL 3.0 and TLS 1.0), then try the workaround listed under the Failed to Download Beacon Policy after disabling SSL 3.0 and TLS 1.0 KB Article.
on - edited on by
ChrisG
