Enabling TLS 1.2 For Shavlik Protect

Version 2

    Purpose

     

    This document outlines the steps necessary to ensure that Protect 9.2 can make use of TLS 1.2 when TLS 1.0 and TLS 1.1 are disabled.

     

    Symptoms

     

    When TLS 1.0 and TLS 1.1 are disabled, the Deployment Tracker will remain stuck at "Scheduled" or Executing".

     

    Cause

     

    The target machine has a process to send status updates back to the console. If TLS 1.2 isn't properly configured on the client machines and the protect console, these updates will fail to reach the console.

     

    Resolution

     

    1. SQL Server needs to be updated per https://support.microsoft.com/en-us/kb/3135244.
    2. Per https://technet.microsoft.com/en-us/library/security/2960358.aspx follow the suggested actions
    3. For machines running Windows 7, 2K8R2, or 2K12, follow the instructions in https://support.microsoft.com/en-us/kb/3140245 to create the needed registry key and then install patch MSWU-1964.

     

    Registry changes will need to be made to both client machines, and to the Protect console.

     

    Additional Info

     

    This document explains how to deploy registry changes via group policy: https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx

     

    Affected Product(s)

     

    Protect 9.2+