ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CEM Clients receive connection error with TLS 1.1 or 1.2 but connect successfully with TLS 1.0


Article ID: 172190


Updated On:


IT Management Suite


You have Cloud Enabled Management (CEM) clients that are connecting successfully with TLS 1.0. However when you switch the clients to a later version of TLS the clients stop connecting. 

Agent logs: 
'Malformed response' type errors received from the Notification Server. 

IIS Logs on NS:
Error 500 responses to clients with TLS >1.0


Windows OS issue caused by changes in the way the trusted issuer list is being communicated to the client. 


8.0, 8.1, CEM, TLS 1.1 or greater


Making the registry key changes on the NS as below, in line with the MS KB article referenced, resolved the issue:

Value name: SendTrustedIssuerList 
Value type: REG_DWORD 
Value data: 0 (False)

Further details: