using TLS v1.2 strict on KSC server

[MilanBortel]

Hello guys,
I want to use TLS v1.2 only on server with KSC. 

1. changed settings according to https://help.kaspersky.com/KSC/11/en-US/174316.htm
2. restarted KSC service, everything is working fine
3. when I set up the windows server to use only TLS v1.2 https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
4. then MMC console won’t connect to KSC server, restarting KSC service doesn’t help, restarting windows server doesn’t help:

   

   KSC fails to connect

    

5. only allowing TLS v1.0 from step 3 helps to recover the KSC

KSC is running on Windows Server 2016 Standard
SQL is running on Windows Server 2012 R2
SQL 2016
 

Thanks for your ideas,
Milan

[ak01]

when you restart the ksc service, it takes a while (a few minutes) in order to be able to connect to it again. Maybe the service was not started yet?

I have not tried to change that setting, I cannot tell you if this works.

[MilanBortel]

when you restart the ksc service, it takes a while (a few minutes) in order to be able to connect to it again. Maybe the service was not started yet?

I have not tried to change that setting, I cannot tell you if this works.

I waited… and waited … and waited … trust me, that didn’t help 😥

[ak01]

does the service start up well and keep running? What is the state of the service?

Maybe the eventlog of Kaspersky (own category) tells you something interesting…

[MilanBortel]

does the service start up well and keep running? What is the state of the service?

Maybe the eventlog of Kaspersky (own category) tells you something interesting…

Well, this event appears in the event log:

KSC can’t connect to DB

 

[MilanBortel]

and after few seconds the event log displays:

 

[ak01]

MSSQL communication can also be encrypted with SSL/TLS…

Or you have a database problem (is it running?).

[MilanBortel]

MSSQL communication can also be encrypted with SSL/TLS…

Or you have a database problem (is it running?).

• with “MSSQL communication can also be encrypted with SSL/TLS” you mean exactly what? I found this article and the way I see it - SQL 2016 supports TLS v1.2, you don’t need to explicitly set this up
• SQL is running, no problems at all..

[MilanBortel]

Let me close this topic - see attached instructions which helped to solve the situation.

 

Now, we are TLS 1.2 strict.

 

Cheers,
Milan

[mshurman]

Hello,

 

Please following URLs 1 and 2:

1. https://support.kaspersky.com/KSC/12/en-US/174316.htm

2. https://support.kaspersky.com/KSC/12/en-US/198526.htm

 

 

[swoopy]

On 5/25/2020 at 3:30 PM, MilanBortel said:

Let me close this topic - see attached instructions which helped to solve the situation.

 

Now, we are TLS 1.2 strict.

 

Cheers,
Milan

Hello

What were the attached insturctions ?

I've got the same issue whereby enabling TLS 1.2 on KSC but disabling 1.0 & 1.1 in the registry causes connectivity errors to KSC.

Thanks.

Edited August 4, 2023 by swoopy

[Reza.alr]

hi dear friend

The problem you talked about often when happen that ،The problem you talked about usually happens when antivirus services are disabled

Did You Check Them???

[THask]

Hello swoopy,

you can use this Help Article for the strict Options in the KSC.

https://support.kaspersky.com/KSC/14.2/en-US/245773.htm

 

Best Regards

THask