{"id":6594,"date":"2023-01-29T10:08:58","date_gmt":"2023-01-29T10:08:58","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=6594"},"modified":"2023-07-18T13:01:28","modified_gmt":"2023-07-18T13:01:28","slug":"tls-1-0-and-1-1-disable-gotchas","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/tls-1-0-and-1-1-disable-gotchas","title":{"rendered":"TLS 1.0 and 1.1 Disable Gotchas"},"content":{"rendered":"\n
    \n
  1. RDS Connection Broker Server 2016 and Below ( WIDS ) Windows Internal Database does not support TLS1.2<\/li>\n<\/ol>\n\n\n\n

    https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-server\/remote\/rds-connection-broker-or-rdms-fails-caused-by-disabled-tls-10<\/p>\n\n\n\n

    2. Upgrade NPS Radius to Use it <\/p>\n\n\n\n

    \nhttps:\/\/warlord0blog.wordpress.com\/2017\/02\/09\/tls-and-nps\/\n<\/div><\/figure>\n\n\n\n

    and EAP\\<\/strong>26<\/p>\n\n\n\n

    <\/p>\n\n\n\n

    Upgrade Servers and Clients to use TLS1.2<\/p>\n\n\n\n

    Disable Servers and Clients from TLS1.0\\1.1<\/p>\n\n\n\n

    Min SQL Native Client Version to 11.0.7001.0 for TLS1.2<\/p>\n\n\n\n

    <\/p>\n\n\n\n

    3) AADconnect Still in 2023 uses TLS1.0!!<\/p>\n\n\n\n

    [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727] “SystemDefaultTlsVersions” = dword:00000001 “SchUseStrongCrypto” = dword:00000001 [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319] “SystemDefaultTlsVersions” = dword:00000001 “SchUseStrongCrypto” = dword:00000001<\/p>\n\n\n\n

    <\/p>\n\n\n\n

    Exception Data (Raw): System.InvalidOperationException: Failed to Disable staging mode. —> System.Management.Automation.CmdletInvocationException: Exception details =>
    Type => System.InvalidOperationException
    An error occurred, ..\\server.cpp(10880), code 80004005,<\/p>\n\n\n\n

    StackTrace =>
    at SyncEngineHandle.SetSSPRAndPHSStateForStagingMode(Boolean stagingModeEnabled)
    at SyncInvokeSetSSPRAndPHSStateForStagingMode(Object , Object[] , Object[] )
    at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
    at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
    —> System.ServiceModel.FaultException: Exception details =>
    Type => System.InvalidOperationException
    An error occurred, ..\\server.cpp(10880), code 80004005,<\/p>\n\n\n\n

    StackTrace =>
    at SyncEngineHandle.SetSSPRAndPHSStateForStagingMode(Boolean stagingModeEnabled)
    at SyncInvokeSetSSPRAndPHSStateForStagingMode(Object , Object[] , Object[] )
    at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
    at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)<\/p>\n\n\n\n

    Server stack trace:
    at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)<\/p>\n\n\n\n

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.Azure.ActiveDirectory.ADSyncManagement.Contract.IADSyncManagementService.SetSSPRAndPHSStateForStagingMode(Boolean stagingModeEnabled)
    at Microsoft.IdentityManagement.PowerShell.Cmdlet.SetADSyncGlobalSettingsCmdlet.ProcessRecord()
    — End of inner exception stack trace —
    at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
    at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
    at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
    at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection1 input, PSDataCollection<\/code>1 output, PSInvocationSettings settings)
    at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection1 input, PSDataCollection<\/code>1 output, PSInvocationSettings settings)
    at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
    at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
    at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
    at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary2 commandParameters, Boolean isScript) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.GlobalSettingsConfigAdapter.SetGlobalSettings(GlobalSettings globalSettings) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.GlobalSettingsConfigAdapter.SetGlobalConfigurationParameters(Hashtable globalParameters) at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.SetStagingMode(Boolean value) at Microsoft.Online.Deployment.Types.Configuration.StagingModeConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext<\/code>1 executionContext, IAadSyncConfigurationResults& results)
    — End of inner exception stack trace —
    at Microsoft.Online.Deployment.Types.Configuration.StagingModeConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext1 executionContext, IAadSyncConfigurationResults& results) at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask<\/code>1.ConfigureSyncEngine(TContext context)
    at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.Execute()
    at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
    [22:20:13.421] [ 27] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
    [22:20:13.421] [ 27] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\\ProgramData\\AADConnect\\PersistedState.xml, isAddProtection: False
    [22:20:13.422] [ 27] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\\ProgramData\\AADConnect\\PersistedState.xml, isAddProtection: True
    [22:20:13.424] [ 27] [INFO ] PerformConfigurationPageViewModel.PerformWorkflowInstallationAndUpdateState: result of installation operations – Failed
    [22:20:13.424] [ 27] [ERROR] ExecuteADSyncConfiguration: configuration failed. Skipping export of synchronization policy. resultStatus=Failed
    [22:20:13.459] [ 27] [ERROR] PerformConfigurationPageViewModel: We encountered a problem and couldn\u2019t complete the integration.
    [22:20:13.459] [ 27] [ERROR] PerformConfigurationPageViewModel: An error occurred executing Configure AAD Sync task: Failed to Disable staging mode.
    [22:22:58.911] [ 1] [INFO ] Opened log file at path C:\\ProgramData\\AADConnect\\trace-20230718-221208.log<\/p>\n\n\n\n

    <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-server\/remote\/rds-connection-broker-or-rdms-fails-caused-by-disabled-tls-10 2. Upgrade NPS Radius to Use it and EAP\\26 Upgrade Servers and Clients to use TLS1.2 Disable Servers and Clients from TLS1.0\\1.1 Min SQL Native Client […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6594","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t