After enabling Transport Layer Security (TLS) 1.2 only for communication the Password Capture Agent is unable to contact the Soap service. This issue also occurs when using an application server instead of the Soap service. The following error is displayed when the Password Capture Agent attempts to capture a password change:
"The client and server cannot communicate, because they do not possess a common algorithm."
Add the following two registry keys to the domain controller and the password capture agent hosts:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
The SchUseStrongCrypto is a dword with a Hexadecimal value of 1.
Support does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986 “Description of the Microsoft Windows registry” at Microsoft Support.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center