APM: AssetViewer authentication error with TLS 1.2 protocols enabled
search cancel

APM: AssetViewer authentication error with TLS 1.2 protocols enabled


Article ID: 144978


Updated On:


CA IT Asset Manager CA IT Asset Manager Asset Portfolio Management CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER


AssetViewer is not displaying data within APM.  Getting SSL authentication error.  

ams.log may present with a message such as:
ERROR LogWriter 40 com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: SQL Server did not return a response. The connection has been closed.

Issue is specific to ITAM 17.1 only.


Release : 17.1

Component : CA Asset Portfolio Management


The issue is due to the OS that is hosting SQL Server having been hardened for TLS 1.2 per the following update:


In the AMS release provided in ITAM 17.1, AMS uses JRE 1.8, build 1.8.0-b132, which does not appear to support TLS 1.2.  Issue reproduction occurred after installing the SCHANNEL registry settings which had enabled TLS 1.2 and disabled TLS 1.0 as well as introduced various cipher key settings.

See also the attached file which contains a series of registry changes that enable/disable various TLS protocols.


The issue does not present in a 17.2 based environment.  This is due to AMS using a different JRE build, ie:

java version "11.0.1" 2018-10-16 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.1+13-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.1+13-LTS, mixed mode)


1581534044203__Schannel.txt get_app