Enabling TLS v1.2 for secure communication between the Agent and OpManager MSP Probe server
The Transport Layer Security or TLS is a communication protocol that finds its application in VoIP, HTTPS, and instant messaging. The TLS 1.2 version is a step-up from previous versions of TLS and SSL, since it offers high security than it's predecessors SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1.
In order to ensure secure communication between OpManager MSP server and the agent, TLSv1.2 protocol has to be enabled in the agent-installed server.
NOTE: TLS v1.2 will be disabled by default for Windows 7, Windows 2008R2, and Windows 2012 devices. To enable it, carry out the following steps.
- Kindly check and apply the windows service pack version KB976932, if not applied already. Do not reboot the system now. Carry out the second step and then proceed to reboot the system.
- Enable TLS v1.2 using any one of the following.
1. Bat file execution method
- Download the text file from this page and save it as "OPMAgent_EnableTLSv1_2.bat" batch file.
- Login to the Agent-Installed Server, as an user with the required privilege. (Admin / Application installation privilege user).
- Right click on the bat file, and choose the 'Run as administrator' option or with "Run as other" option. (Admin / Application installation privilege user).
- The batch file will now be executed.
- Reboot the system
NOTE: The Batch File can also be executed in multiple machines in bulk, by executing via AD GPO / SCCM Configurations too.
2. Manual configuration in Registry level
- Click on the windows button, and search for "Internet Options" settings.
- Under the "Advanced tab", scroll down to security.
- Check the box "Use TLS 1.2", incase it's not enabled, and then click on the "Apply" button and then close it.
- Now, open the registry editor and update the below details.
- Create a registry subkey under the name DefaultSecureProtocols of type DWORD, with value 0x00000800 in the following path(s).
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp (Kindly carry out this step, only if the machine is 64 bit.)
- Create a new registry key, with the name TLS 1.2, if it does not exists under the path "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols"
- Create two new keys named Client and server, under the TLS 1.2 path "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2"
- Create two new subkeys, under both Client and server keys, with the mentioned details.
-
- Key Name :: DisabledByDefault
- Type :: DWORD
- value :: 0
-
- Key Name :: Enabled
- Type :: DWORD
- value :: 1
- Registry level configurations have been completed now.
- Reboot the system.
NOTE: In order to know more details about enabling TLSv1.2 protocol, kindly refer
this page by Microsoft.
Users can verify the proper functioning of the agent - server communication, by checking the Last Communicated Time for the respective agent, by navigating to Settings -> ITOM Agents -> Monitoring Agents page.
If you are still facing any issues with agent installation or communication, kindly write to our support team.