The server selected protocol version TLS10 is not accepted by client preferences - RU install failure
search cancel

The server selected protocol version TLS10 is not accepted by client preferences - RU install failure

book

Article ID: 253418

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager

Issue/Introduction

RU install fails at the CDB creation steps

Reviewing logs located in C:\Program Files (x86)\CA\SC\logsXXXX (XXXX is an integer value that represents the date/time of the RU install attempt)

C:\Program Files (x86)\CA\SC\logsXXXX\Install.log contains the following error

INFO  [DeployThread] [DeployThread] task.install_CDB : failed
INFO  [DeployThread] [DeployThread] Abort requested while running task: Configuring CA Service Management common tables 


C:\Program Files (x86)\CA\SC\logsXXXX\mdb\install_mdb.log contains the following error

ERROR - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]". 


Other variants of the log message follow a similar vein, eg:

ERROR - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS11 is not accepted by client preferences [TLS13, TLS12]"

Environment

CA Service Desk Manager 17.3 and above

All Supported Operating Systems

Resolution

  1. Locate the scripts\CDB\jre\conf\security\java.security file from the location where you extracted the RU installer (See Additional Information)

  2. Edit the file with a text editor

  3.  Locate the following section
    jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
        DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
        include jdk.disabled.namedCurves
  4. Change to
    jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
        DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
        include jdk.disabled.namedCurves
  5. Save changes

  6. Delete the %temp%/casm folder

  7. Re-run the RU installer

Additional Information

The Java installation that is involved in the MDB update is usually the Java runtime that comes with the RU installer as shown above.  In some cases. the installer may also be leveraging the existing AdoptOpenJDK installation and the java.security file may also need to be modified.  A way to tell is to review the install_mdb.log and locate a line such as

01-01,23:46:33 Loading mdb...
                       using Service_Desk 
01-01,23:46:33 "D:\PROGRA~1\CA\SC\JRE\110~1.18\bin\java.exe" -Dfile.encoding=UTF-8 -Djava.library.path=".\lib" -Xmx256m -classpath "D:\Program Files (x86)\CA\Service Desk 


In this case, the java.security file to modify is the one that is associated with the above Java installation, which works out to D:\PROGRA~1\CA\SC\JRE\110~1.18\conf\security

An alternative is to adjust TLS on the given SQL Server, either by disabling TLS entirely or by enabling all TLS related encryptions.  See KB Article 375465 for further guidance.

Powered by Wolken Software