Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Patch Manager > Patch Manager 2.1.5 Administrator Guide > Installing Patch Manager > Failed to Send Partitioned task to management server after server hardening

Failed to Send Partitioned task to management server after server hardening

Updated

Overview

Failed to Send Partitioned task to management server

Environment

  • PM 1.5 +

 

Cause 

Customer has disabled schannel to harden the security on the server.

 

The registry settings are known to cause this and need to be set back to defualt

 

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -RegType DWORD -RegName "Enabled" -RegValue "4294967295"

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -RegType DWORD -RegName "DisabledByDefault" -RegValue "0"

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -RegType DWORD -RegName "Enabled" -RegValue "4294967295"

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -RegType DWORD -RegName "DisabledByDefault" -RegValue "0"

 

Resolution

  1. Set the following back to default

 

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -RegType DWORD -RegName "Enabled" -RegValue "4294967295"

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -RegType DWORD -RegName "DisabledByDefault" -RegValue "0"

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -RegType DWORD -RegName "Enabled" -RegValue "4294967295"

RegPath "HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -RegType DWORD -RegName "DisabledByDefault" -RegValue "0"

*note those are the hardened settings. It is entirely possible these keys do not exist on a default. Check it against a known working widows server.

 

 

 

 

 

Last modified
13:36, 9 Mar 2017

Tags

This page has no custom tags.

Classifications

Internal Use Only