I have two fully patched Server 2008 R2 VMs that have been running fine for years. It's (way past) time to disable TLS 1, so I've a GPO set to disable this in SCHANNEL for client and server, and add the reg keys under .net 2 and 4 as well as winhttp. These keys are as below
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00
After the second reboot, so these policies are fully effective, the server's single vmxnet3 will sit spinning for a bit in the taskbar then finally go to a red cross "disconnected" symbol, as if the cable was unplugged. Network and Connection Centre won't load. RDP is also not functioning to the hostname but will to the IP.
Host is v6.7, VM hardware V7. Latest VM Tools 10338. Exchange 2010 CAS/Hub roles on servers.
Any ideas?
Hi,
Welcome to VMTN. 🙂
Any particular reason why VM hardware version is 7 for this VM ?
Take a snapshot and upgrade the HW version to > 13 and then check and let us know if still facing issue.
thanks!
I'm new to the setup, but VMs have just been left untouched through various host updates over the last few years to the point where version 7 VMs are on 6.7 Vcenter hosts.
I'll try the HW upgrade and report back.
alas, the hardware version did not make any difference.
adding new network adaptors also made difference, neither did installing the newer VM Tools. TLS 1 disabled seems fine until SQL Server 2008 R2 is updated from SP3 RTM to the very latest KB that support TLS 1.2. After that the instances start but the network sits trying to negotiate a connection then finally fails after 10 mins. While this is happening the System log fills with "A fatal error occurred while creating an SSL client credential. The internal error state is 10013."
Have a look here:
Can you re-check and confirm if every hotfix and every patch released by Microsoft for Windows Server 2008 R2 has been installed on the affected servers ?