Error: Connecting To Symantec Fails on 14.x Builds Since Symantec Change Over to TLS 1.2 Only

Due to recent changes with Symantec hardening their API servers. We are not able to connect to their API over TLS 1.0, causing certificate enrollment to fail at stage 500 (posting CSR to the Symantec VeriSign Certificate Authority).

"There has been an unexpected error. Message: Object reference not set to an instance of the object."

It is not possible to release a patch for 14.2.x (and older) to enable TLS 1.2 to be used. 

For the 14.2 platform (or older), there is a work around that does not require a patch.  It involves setting a few registry values and rebooting. 


Add the following to enable TLS 1.2 for Windows Server 2008 R2 where it is disabled by default:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v DisabledByDefault /t REG_DWORD /d 0x0

reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v DisabledByDefault /t REG_DWORD /d 0x0
And the following 2 lines to allow .NET 4.5.1 to use TLS 1.2 which it doesn’t do by default:
reg add "HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /v SchUseStrongCrypto /t REG_DWORD /d 0x1

reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" /v SchUseStrongCrypto /t REG_DWORD /d 0x1


A patch is available for versions 14.3.x and 14.4.x.

 The next minimum version that this connectivity is available and tested in is 15.3.x.



Was this article helpful?
0 out of 0 found this helpful