cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JDCast11
Level 9
Report Inappropriate Content
Message 1 of 6
‎04-22-2019 08:09 AM

SSL troubles

I am unable to make my ePO Server and SQL server connect via SSL. This is a problem as it is required and the only way it connects is if I use the setting "never use SSL". Has anyone encountered this issue and if so, how do I fix this?

0 Kudos
Reply
5 Replies
cdinet
Employee
Employee
Report Inappropriate Content
Message 2 of 6
‎04-22-2019 09:11 AM

Re: SSL troubles

KB87731 lists some issues with ssl connections.  The easiest way to resolve it is to download IISCrypto and run it on epo and sql servers, choose best practices, then reboot.  If there is a GPO that overrides any ssl settings, then they will either need to update the gpo to allow the required ciphers, or remove those systems from the gpo.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
JDCast11
Level 9
Report Inappropriate Content
Message 3 of 6
‎04-23-2019 10:46 AM

Re: SSL troubles

I tried the recommendations you gave but I'm still unable to get SSL to work. It works perfectly fine when I configure it to never use SSL but when I switch it to Always use SSL, I get error: Networkerror IOexception: Null

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 4 of 6
‎04-23-2019 11:00 AM

Re: SSL troubles

Please follow kb91115 to get an nmap output from the sql and epo servers. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
JDCast11
Level 9
Report Inappropriate Content
Message 5 of 6
‎04-29-2019 05:44 AM

Re: SSL troubles

So it did come down to the Ciphers being incorrect. Once I ran IISCrypto everything worked fine. Only issue I have now is the GPOs keep reverting my changes. I tried to manually input the Ciphers based off the recommendations from McAfee KB but for some reason those are not working. Is there another GPO setting I must disable? Seems like the only GPO setting for SSL is the Cipher suite order.

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 6 of 6
‎04-29-2019 06:01 AM

Re: SSL troubles

First of all, see if there is a local security policy set - go to start, run, gpedit.msc, computer configuration, administrative templates, network, ssl configuration settings.  Double-click ssl cipher suite order and make sure that is set to not configured.

If your Active Directory admins are setting a global gpo for your systems, then you will need to get with them to exclude your server from that setting or gpo.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC