Overview
The Cisco Umbrella Roaming Client and AD Connector are built against .NET Framework 3.5. The .NET 3.5 does not support TLS 1.2 by default (ref Microsoft article). If TLS 1.0 and SSL protocols are disabled on the Windows end point, it will break the SSL handshake between Roaming Client/AD Connector and the Umbrella API.
Technical Detail
Prior to disabling TLS 1.0 and SSL protocols on the Windows end point, you will need to verify if any older .NET versions are installed, and apply the registry keys as per the Microsoft article above.
Below is a step-by-step guide:
1. Verify what .NET Framework version is installed on the Windows machine
2. If only .NET version 4 (and above) is installed, the latest .NET Framework requires you to toggle with stronger cipher using these registry keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
3. If both .NET version 4 and 3.5 are installed, on top of the registry keys for .NET version 4, .NET 3.5 would also require you to toggle the following registry keys in order to support TLS protocols:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
Comments
0 comments
Article is closed for comments.