Task failing on client machines with error: "The client and server cannot communicate, because they do not possess a common algorithm"
search cancel

Task failing on client machines with error: "The client and server cannot communicate, because they do not possess a common algorithm"

book

Article ID: 215999

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The customer is getting the following failure when trying to run a task, like an imaging task, on a client machine:

An unknown exception was thrown on server side.

System.Net.WebException: The underlying connection was closed: An exception error occurred on a receive. --> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm.

Environment

ITMS 8.5, 8.6
Deployment Solution 8.5, 8.6

Cause

TLS version mismatch. This error "The client and server cannot communicate, because they do not possess a common algorithm" usually refers to a TLS mismatch between the SMP, Task Server, and possibly the client machine(s). Sometimes it could be caused if FIPS is in use.

Resolution

Usually, if TLS 1.2 is the only version to use all around, Microsoft suggests making sure the following regkeys are set this way:

https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

In some scenarios, if the customer is allowing only TLS 1.2 on the SMP, SQL, and Task Server, .NET tries to use TLS 1.0 by default and TLS 1.2 needs to be properly called by it.
There are certain places in the registry that needs to be modified to force TLS 1.2 to be the only one in use by .NET.

1. Add (or modify if these already exists) the following registry keys with the specified values:

        Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]

    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001
 

Additional Information

162386  "The client and server cannot communicate. TLS version mismatch"

195963  "After moving from HTTP to HTTPS - no Site Server Task Servers are able to register"