Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Network Performance Monitor (NPM) > Enable TLS in Orion Platform products

Enable TLS in Orion Platform products

Table of contents

Updated December 7, 2017

Overview

Products running on Orion Platform must enable TLS.

On Windows Vista and Windows Server 2008 or later, TLS 1.0 is enabled by default.
On Windows 8 and Windows Server 2012 or later, TLS 1.1 and TLS 1.2 are enabled by default.

Refer this Microsoft article for detailed information on which TLS protocol versions are supported and enabled by default on supported Microsoft Windows version.

 

When TLS is disabled, some of the following errors may occur:

  • Log & Event Manager can fail to start
  • Kiwi CatTools fails to send emails
  • HTTPS monitoring can stop
  • Storage Manager can be unable to collect data from IBM SVC
  • NCM does not work as expected
  • IP Monitor Service can fail to start
  • Server & Application Monitor may have errors
  • SWIS cannot communicate with RabbitMQ (TLS 1.2)
  • Orion Web Console fails to stop working (TLS 1.2)

 

The TLS versions that your operating system support are enabled or disabled in the registry, and can be enabled or disabled for server and/or client communication.

For example:

  1. TLS 1.0 is disabled for client communication if the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client exists and if one of the following is true:
    • The entry Enabled exists with a value 0
    • The entry DisabledByDefault exists with a non-zero value and the entry Enabled does not exist or exists and has the value of 0.
  2. TLS 1.0 is disabled for server communication if the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server exists and if one of the following is true:
    • The entry Enabled exists with value 0
    • The entry DisabledByDefault exists with non-zero value and the entry Enabled does not exist or exists and has the value of 0.

SolarWinds requires that at least one of TLS 1.0 or TLS 1.1 is enabled for both client and server communication. 

Some legacy tools such as the Report Writer, Syslog Viewer, and Trap Viewer may require TLS 1.0.

View TLS compatibility with Orion Core Products to verify if your SolarWinds Orion products work with TLS 1.0 disabled.

Environment

All Orion products running on Orion Platform 2017.3 and earlier, such as:

  • NPM 12.2 and earlier
  • SAM 6.5 and earlier

Steps

SolarWinds strongly recommends that you back up your registry before making any edits to your system registry. You should only edit the registry if you are experienced and confident in doing so. Using a registry editor incorrectly can cause serious issues with your operating system, which could require you to reinstall your operating system to correct them. SolarWinds cannot guarantee resolutions to any damage resulting from making registry edits.

  1. Log in to the SolarWinds Orion server as an administrator.
  2. Back up your registry.
  3. Open the registry editor.
  4. To enable TLS 1.0, find or create the following keys:

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
  5. To enable TLS 1.1, find or create the following keys
    •  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
  6. To enable TLS 1.2, find or create the following keys:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

  7. In each key from previous steps, find or create the following REG_DWORD values:

    • DisabledByDefault with the value set to 0 decimal

    • Enabled with the value set to 1 decimal

  8. Reboot the computer.

TLS 1.0, TLS 1.1, and TLS 1.2 are now explicitly enabled.

 

If you are allowed to run only one TLS version at the same time and experience issues with desktop tools, such as Trap Viewer or Syslog Viewer, see the article about desktop tools not working when TLS 1.0 is disabled.

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified

Tags

Classifications

Public