search cancel

IT Analytics Not Supporting TLS 1.2

book

Article ID: 172566

calendar_today

Updated On:

Products

IT Analytics

Issue/Introduction

After updates from IT Analytics to support TLS 1.2, and  even though ITA is actually setting the protocol to be 1.2 when connecting back to the SQL server, the actual connection is managed by the .Net Framework settings and unfortunately those for pre-4.6 version always defaults to TLS 1.0.
 

A fatal error occurred while creating an SSL Client Credential.  The Internal Error State is 10013

Cause

Registry Entry Configurations Missing as per Microsoft recommendations.

Environment

IT Analytics for DLP 2.1.9

Resolution

In order to make it work correctly, the following registry changes need to be applied:
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

Also,

  1. On the ITA server
  2. Open Administrative Tools
  3. Open Local Security Policy>Local Policies>Security Options
  4. Scroll down until you find “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”  Make sure it is enabled.
  5. Open a command prompt and type “GPUPDATE /Force”

 
This should resolve the TLS issues in play.
 

Note: Also see TECH251773 for other settings that may need to be enable for .NET to default to TLS 1.2