TLS 1.0 and 1.1 Disable Gotchas

  1. RDS Connection Broker Server 2016 and Below ( WIDS ) Windows Internal Database does not support TLS1.2

https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/rds-connection-broker-or-rdms-fails-caused-by-disabled-tls-10

2. Upgrade NPS Radius to Use it

https://warlord0blog.wordpress.com/2017/02/09/tls-and-nps/

and EAP\26

Upgrade Servers and Clients to use TLS1.2

Disable Servers and Clients from TLS1.0\1.1

Min SQL Native Client Version to 11.0.7001.0 for TLS1.2

3) AADconnect Still in 2023 uses TLS1.0!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] “SystemDefaultTlsVersions” = dword:00000001 “SchUseStrongCrypto” = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] “SystemDefaultTlsVersions” = dword:00000001 “SchUseStrongCrypto” = dword:00000001

Exception Data (Raw): System.InvalidOperationException: Failed to Disable staging mode. —> System.Management.Automation.CmdletInvocationException: Exception details =>
Type => System.InvalidOperationException
An error occurred, ..\server.cpp(10880), code 80004005,

StackTrace =>
at SyncEngineHandle.SetSSPRAndPHSStateForStagingMode(Boolean stagingModeEnabled)
at SyncInvokeSetSSPRAndPHSStateForStagingMode(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
—> System.ServiceModel.FaultException: Exception details =>
Type => System.InvalidOperationException
An error occurred, ..\server.cpp(10880), code 80004005,

StackTrace =>
at SyncEngineHandle.SetSSPRAndPHSStateForStagingMode(Boolean stagingModeEnabled)
at SyncInvokeSetSSPRAndPHSStateForStagingMode(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Azure.ActiveDirectory.ADSyncManagement.Contract.IADSyncManagementService.SetSSPRAndPHSStateForStagingMode(Boolean stagingModeEnabled)
at Microsoft.IdentityManagement.PowerShell.Cmdlet.SetADSyncGlobalSettingsCmdlet.ProcessRecord()
— End of inner exception stack trace —
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary2 commandParameters, Boolean isScript) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.GlobalSettingsConfigAdapter.SetGlobalSettings(GlobalSettings globalSettings) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.GlobalSettingsConfigAdapter.SetGlobalConfigurationParameters(Hashtable globalParameters) at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.SetStagingMode(Boolean value) at Microsoft.Online.Deployment.Types.Configuration.StagingModeConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext1 executionContext, IAadSyncConfigurationResults& results)
— End of inner exception stack trace —
at Microsoft.Online.Deployment.Types.Configuration.StagingModeConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext1 executionContext, IAadSyncConfigurationResults& results) at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask1.ConfigureSyncEngine(TContext context)
at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.Execute()
at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
[22:20:13.421] [ 27] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[22:20:13.421] [ 27] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[22:20:13.422] [ 27] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[22:20:13.424] [ 27] [INFO ] PerformConfigurationPageViewModel.PerformWorkflowInstallationAndUpdateState: result of installation operations – Failed
[22:20:13.424] [ 27] [ERROR] ExecuteADSyncConfiguration: configuration failed. Skipping export of synchronization policy. resultStatus=Failed
[22:20:13.459] [ 27] [ERROR] PerformConfigurationPageViewModel: We encountered a problem and couldn’t complete the integration.
[22:20:13.459] [ 27] [ERROR] PerformConfigurationPageViewModel: An error occurred executing Configure AAD Sync task: Failed to Disable staging mode.
[22:22:58.911] [ 1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20230718-221208.log

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...