ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Error: "Attempted CEM nsagent negotiation failed" when connecting to server

book

Article ID: 161337

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

A client computer was not able to connect to Cloud-enabled Management (CEM). After regenerating the CEM package the client still cannot connect.

Logs show the following errors:

InitializeSecurityContext error while client handshake: The message received was unexpected or badly formatted (0x80090326)

Attempted CEM nsagent certificate negotiation failed.

Cause

The issue can be caused by settings in the client's registry. The client machine may have the following values set to 1:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnServer

Resolution

Change the following registry key values to 0: 

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnServer

Additionally if not already installed, apply Microsoft update MS10-049 which can resolve the issue.

Notes

  • If the DisableRenegoOnClient subkey is present and has any nonzero value:
    • The client will not initiate renegotiation.
    • The client will not respond to renegotiation.
  • If the DisableRenegoOnClient subkey is missing or is present and has a zero value:
    • The client will initiate renegotiation.
    • The client will respond to renegotiation.
  • If the DisableRenegoOnServer subkey is present and has any nonzero value:
    • Server initiated renegotiation is not allowed.
    • The server will not respond to renegotiation requests from the client.
  • If the DisableRenegoOnServer subkey is missing or is present and has a zero value:
    • Server initiated renegotiation is allowed.
    • The server will respond to renegotiation requests from the client.