CloudLink or Folder Sync fail to log into the Arctera Unified Platform web service after enabling TLS 1.2

Description

Error Message

In Folder Sync, the following error occurs when performing a connection test:

Connection failed: Error logging into a web service. Source error: The client and server cannot communicate, because they do not possess a common algorithm.

In CloudLink, the following entry is produced in the Trace.Log file:

Application: [Info, PID 6408, TID 7, SID, No Session, 12:30:49.511] The URL for the exchange web service is https://exch01/EWS/Exchange.asmx

Application: [Error, PID 6408, TID 7, SID, No Session, 12:30:49.543] \nException Message: The underlying connection was closed: An unexpected error occurred on a receive. (type WebException)



Exception Stack Trace:    at System.Net.HttpWebRequest.GetResponse()

   at ArchiveTools.CloudLink.Application.Exchange2007.SetAuthenticationType(String url, ExchangeServiceBinding service)



Inner Exception Details

\nException Message: The client and server cannot communicate, because they do not possess a common algorithm (type Win32Exception)

Cause

TLS 1.2 is not correctly configured properly on the CloudLink or Folder Sync server.

Resolution

To correctly enable TLS 1.2 only on the server, the following registry keys should be configured.

Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:000000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto" = dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocol"=dword:0x00000800

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocol"=dword:0x00000800

Restart the server after implementing these registry values and retry the connection.

Issue/Introduction

CloudLink or Folder Sync are unable to communicate to the Arctera Unified Platform web service on the same TLS algorithm, after TLS 1.2 only is enabled on the server.

Welcome to "KB Articles"