Skip to main content

Troubleshooting "Cannot create SSL/TLS secure channel" error.

Troubleshoot SSL/TLS channel issues on Windows Server 2012 R2

Written by Support Kappa

Prerequisites

You must have access to the Windows computer where OneIQ Pulse is installed.

Overview

The "Cannot create SSL/TLS secure channel" error typically occurs when establishing a secure connection using the SSL/TLS protocol is problematic. This error message indicates that the client could not negotiate a secure connection with the server.

To securely connect your OneIQ Pulse data connector to OneIQ servers, a certain level of SSL/TLS is required. When an SSL/TLS secure channel cannot be created, the following error is displayed in OneIQ Pulse:

Solution

If you run into this error and are using Windows Server 2012 R2, you may have the minimum SSL/TLS requirements, but they may not be enabled by default.

To enable TLS 1.2, run PowerShell as an administrator (right-click on the Windows PowerShell search result, and then click on "Run as administrator") and execute the following commands:ย 

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v2.0.50727' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord 
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v2.0.50727' -Name 'SystemDefaultTlsVersions' -Value '1' -Type Dword
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord 
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -Type Dword
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\' -Name 'DefaultSecureProtocols' -Value '2048' -Type Dword

New-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -Type Dword
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -Type DWord 

Restart-Computer -Confirm

These commands configure and enable specific encryption protocols and settings on a Windows system to ensure secure communication over the network.

Once the OneIQ Pulse Server is restarted, try specifying the connection key again and click OK.

Did this answer your question?