We Go Live on public cloud this weekend. While attempting to install Kinetic 2023.2 clients on all our user’s PCs, the install script would not run on our only two Windows 7 machines. The error message included “Could not create SSL/TLS secure channel”
After reading KB articles on EpicCare and Microsoft, and trying many different things that appeared to be related to unsuccessful secure connection, I finally found one registry fix that works for our Windows 7 machines. Microsoft KB3140245 (https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392) describes many updates and registry fixes. These machines were up-to-date on .NET 4.8, and TLS 1.2 was installed and enabled at the operating system level and browser level. But .NET 4.8 didn’t use TLS 1.2 until we created two new registry keys:
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
DWORD name: DisabledByDefault
DWORD value: 0
AND
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DWORD name: DisabledByDefault
DWORD value: 0
After making those two additions, and rebooting the PCs, we could install and run Kinetic 2023 without problems.
Consider this information ‘use at your own risk’. And yes, I do understand that Windows 7 computers are obsolete, and potentially unsafe. We will be replacing them soon.