The request was aborted: Could not create SSL/TLS secure channel.

AustinG · ‎May 13, 2021

Symptoms:

When you are using a beacon connected to our cloud endpoint, beacon.flexnetmanager.com, you receive an SSL/TLS error stating that the connection could not be made:

Clicking OK on the error, going to Beacon configuration > Parent connection, and clicking Test connection will show failed for parent inventory beacon, but download and upload test succeed:

Diagnosis:

This is caused by missing cipher suites on the server that is hosting the beacon. The endpoint beacon.flexnetmanager.com is failing due to the change in certificate provider where this cipher suite is required to establish the TLS connection. The endpoint data.flexnetmanager.com may still work without error, as that endpoint is still using an older certificate type at this time.

Solution:

You will need to ensure that the cipher suite, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, is enabled on the server. If this is disabled, it was most likely controlled via Group Policy on the server, and you will want to work with your System Administrator/Security teams to have this enabled. You can also use a utility like ‘IIS Crypto’ that will allow you to verify and configure the cipher suites easily. Within IIS Crypto, you will want to go into the Cipher Suites view, find TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, enable this with the check box, check the Reboot check box, and then press the Apply button. Once the server is rebooted, this cipher suite will be enabled, allowing the beacon to connect to the endpoint without error. If you recheck this value after reboot and see that it is unchecked again, this would indicate that this value is still being controlled by Group Policy or something else that would clear this on the system startup.

IIS Crypto:

Group Policy: