Another App Catalog Fix

We installed the App Catalog today in production and got the dreaded "Cannot connect to the application server" error when opening the catalog.  There are a number of reasons this can happen.  Microsoft has listed many of them here.  We came up with a new reason on our own: TLS 1.0.  Knowing that SSL 3.0 and TLS 1.0 are no longer considered secure protocols, we disabled them long ago.  There are a number of places in CM where disabling those can break things.  Well, you can add the app catalog to the list.  It needs TLS 1.0 enabled (both client and server).  Enabling without restarting any services cleared the error up immediately.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

I found no blog posts for forum questions mentioning this setting, but I assume as more people move towards removing old protocols, it might pop up more often.  And I do expect Microsoft to address this at some point so I can go back and disable TLS 1.0 again (and hopefully 1.1 as well).

  • Created on .
Copyright © 2018 - The Minnesota System Center User Group