Getting error during installation or upgrade: Configuration Task Configure Notification Server... Failed: The request was aborted: Could not create SSL/TLS secure channel.

book

Article ID: 172634

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

During the install (or upgrade) of ITMS, SIM (Symantec Installation Manager) failed with the following errors:

Configuration failed.

A critical error occurred:
The client and server cannot communicate, because they do not
possess a common algorithm

Configuration failed while attempting: Configure Notification Server...

 

Configuration failed.

A critical error occurred:
The request was aborted: Could not create SSL/TLS secure channel.

Configuration failed while attempting: Configure Notification Server...

These are the messages displayed in the installation logs:

Entry 1:
Symantec.Installation.ConfigureNS.StartCurrentTask: starting configuration task
Configure Notification Server....
-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:28 AM, Tick Count: 468937 (00:07:48.9370000), Size: 406 B
Process: SymantecInstallationManager (10092), Thread ID: 10, Module:
SymantecInstallationManager.exe
Priority: 4, Source: Symantec.Installation.ConfigureNS.StartCurrentTask


Entry 2:
ConfigureNS - task_Completed(): Configuration Task Configure Notification
Server... Failed: The request was aborted: Could not create SSL/TLS secure 
channel.
The request was aborted: Could not create SSL/TLS secure channel.
   [System.Net.WebException @ System.Web.Services]
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest
request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
   at Altiris.NS.Installation.ProductConfigurationWebServiceProxy.ConfigureProductWithoutSQL(String path)
   at Symantec.Installation.ConfigTask.<StartImpl>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotifica
tion(Task task)
   at Symantec.Installation.NSConfiguration.Tasks.SerialTask.
<Start>d__0.MoveNext()

-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:28 AM, Tick Count: 468937 (00:07:48.9370000), Size: 2.39 KB
Process: SymantecInstallationManager (10092), Thread ID: 18, Module:
SymantecInstallationManager.exe
Priority: 1, Source: Symantec.Installation.ConfigureNS.task_Completed


Entry 3:
User prompt request: 'A critical error occurred:
The request was aborted: Could not create SSL/TLS secure channel.

Configuration failed while attempting: Configure Notification Server...':
Result: OK (handled by user)
-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:31 AM, Tick Count: 472468 (00:07:52.4680000), Size: 517 B
Process: SymantecInstallationManager (10092), Thread ID: 18, Module:
SymantecInstallationManager.exe
Priority: 8, Source: Symantec.Installation.Automation.Output.ReportVerbose


Entry 4:
Symantec Management Platform 8.5 (8.5.3075) configuration has failed.
-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:31 AM, Tick Count: 472468 (00:07:52.4680000), Size: 360 B
Process: SymantecInstallationManager (10092), Thread ID: 18, Module:
SymantecInstallationManager.exe
Priority: 1, Source: Symantec.Installation.ConfigureNS.task_Completed

Cause

Mismatch in protocols and ciphers on the SMP and SQL servers.

Environment

New install or upgrade of ITMS

Resolution

Make sure the proper protocols (at least TLS 1.0, 1.1, 1.2) and ciphers are set between the SMP server and the SQL server match.

You could use the free tool called IIS Crypto (https://www.nartac.com/Products/IISCrypto/Download (download the one with GUI) and verify what protocols and ciphers are in use and enable the ones that you should have.

Notes:

You may also consider this:

In some scenarios, if the customer is allowing only TLS 1.2 on the SMP and SQL Server, .NET tries to use TLS 1.0 by default and TLS 1.2 needs to be properly called by it.

There are certain places in the registry that need to be modified to force TLS 1.2 to be the only one in use by .NET.

  1. Add (or modify if these already exists) the following registry keys with the specified values:

      [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
        "SystemDefaultTlsVersions"=dword:00000001
        "SchUseStrongCrypto"=dword:00000001

        [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
        "SystemDefaultTlsVersions"=dword:00000001
        "SchUseStrongCrypto"=dword:00000001

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
        "SystemDefaultTlsVersions"=dword:00000001
        "SchUseStrongCrypto"=dword:00000001

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
        "SystemDefaultTlsVersions"=dword:00000001
        "SchUseStrongCrypto"=dword:00000001
     
  2. Restart SIM.
  3. Try to install again.

Attachments