Kaspersky
Solved

using TLS v1.2 strict on KSC server

  • 29 April 2020
  • 9 replies
  • 372 views

Userlevel 4
Badge +2

Hello guys,
I want to use TLS v1.2 only on server with KSC. 

  1. changed settings according to https://help.kaspersky.com/KSC/11/en-US/174316.htm
  2. restarted KSC service, everything is working fine
  3. when I set up the windows server to use only TLS v1.2 https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
  4. then MMC console won’t connect to KSC server, restarting KSC service doesn’t help, restarting windows server doesn’t help:
    KSC fails to connect

     

  5. only allowing TLS v1.0 from step 3 helps to recover the KSC

KSC is running on Windows Server 2016 Standard
SQL is running on Windows Server 2012 R2
SQL 2016
 

Thanks for your ideas,
Milan

icon

Best answer by MilanBortel 25 May 2020, 16:30

Let me close this topic - see attached instructions which helped to solve the situation.

 

Now, we are TLS 1.2 strict.

 

Cheers,
Milan

View original

9 replies

Userlevel 3
Badge +1

when you restart the ksc service, it takes a while (a few minutes) in order to be able to connect to it again. Maybe the service was not started yet?

I have not tried to change that setting, I cannot tell you if this works.

Userlevel 4
Badge +2

when you restart the ksc service, it takes a while (a few minutes) in order to be able to connect to it again. Maybe the service was not started yet?

I have not tried to change that setting, I cannot tell you if this works.

I waited… and waited … and waited … trust me, that didn’t help :disappointed_relieved:

Userlevel 3
Badge +1

does the service start up well and keep running? What is the state of the service?

Maybe the eventlog of Kaspersky (own category) tells you something interesting…

Userlevel 4
Badge +2

does the service start up well and keep running? What is the state of the service?

Maybe the eventlog of Kaspersky (own category) tells you something interesting…

Well, this event appears in the event log:

KSC can’t connect to DB

 

Userlevel 4
Badge +2

and after few seconds the event log displays:

 

Userlevel 3
Badge +1

MSSQL communication can also be encrypted with SSL/TLS…

Or you have a database problem (is it running?).

Userlevel 4
Badge +2

MSSQL communication can also be encrypted with SSL/TLS…

Or you have a database problem (is it running?).

  • with “MSSQL communication can also be encrypted with SSL/TLS” you mean exactly what? I found this article and the way I see it - SQL 2016 supports TLS v1.2, you don’t need to explicitly set this up
  • SQL is running, no problems at all..
Userlevel 4
Badge +2

Let me close this topic - see attached instructions which helped to solve the situation.

 

Now, we are TLS 1.2 strict.

 

Cheers,
Milan

Hello,

 

Please following URLs 1 and 2:

  1. https://support.kaspersky.com/KSC/12/en-US/174316.htm
  1. https://support.kaspersky.com/KSC/12/en-US/198526.htm

 

 

Reply