search cancel

Endpoint Protection fails to connect to LiveUpdate with error 0x8D04802A

book

Article ID: 240511

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

When running LiveUpdate on the Endpoint Protection (SEP) client, the LiveUpdate session fails to connect to the LiveUpdate server.

Other SEP clients in the environment may run LiveUpdate without issues.

The following error is seen in log.lue

* Failed to connect to HTTPS server
* Error statement: 
 >> The application experienced an internal error loading the SSL libraries.
* Error code 0x80000000, File: minitri.flg
  Server selection failed for server HTTPS://liveupdate.symantecliveupdate.com/ on port 443.
* Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue.
* Server Selection Failed.
* Error downloading files. Error Code: 0x8D04802A

 

Cause

Windows Server 2012 and earlier have TLS 1.2 disabled by default for WINHTTP. 

Environment

Windows Server 2012
Windows Server 2008 R2
Windows 7

Resolution

In order to fix this issue, you need to set TLS 1.2 as the DefaultSecureProtocol.  To do this, add the following two registry keys for 64-bit systems, then reboot the system

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

For more information, see the following Microsoft documentation. 
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows

Additional Information

CRE-6633