Clients fail to communicate with HTTPS certificates related error (35): SEC_E_ALGORITHM_MISMATCH

book

Article ID: 172640

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Endpoint Protection (SEP) clients fail to communicate with the Endpoint Protection Manager (SEPM) with the following error:

[2018-Aug-07 09:14:04.748169] [WARN ] HTTPS certificates related error (35) schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH (0x80090331) - The client and server cannot communicate, because they do not possess a common algorithm.

[2018-Aug-07 09:14:04.748169] [WARN ] HTTPS certificates related error (35) schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH (0x80090331) - The client and server cannot communicate, because they do not possess a common algorithm.

Cause

Diffie-Hellman Key Exchange was disabled via IISCrypto or the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman

Resolution

Enable Diffie-Hellman Key Exchange and restart the system. 

To do this via the registry, set the following value:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"Enabled"=dword:ffffffff