10.2.600.5 Kinetic forms not working in TEST

Aaron_Moreng · July 28, 2020, 7:34pm

I have 2 environments at the same patch level but on different servers.
In my dev environment, everything’s working great. In my test environment, I am unable to access any kinetic form.
When I naviate to the active home page URL, dev works but test does not.
Dev:

Test:

Attempting to open any kinetic form in the test environment gives this error:

I have a feeling this is an IIS setting but not sure where to look as at first glance, both look similarly configured.

These are running on two separate boxes.

Any good place to start?

josecgomez · July 28, 2020, 7:38pm

Same server?

Aaron_Moreng · July 28, 2020, 7:38pm

Different servers

josecgomez · July 28, 2020, 7:52pm

Do you have https binding enabled in IIS on the Dev server?

Aaron_Moreng · July 28, 2020, 7:53pm

Yes, https binding is enabled on both servers. There are different certs however

josecgomez · July 28, 2020, 7:58pm

Is the Cert valid? (can you generate a new one?)

josecgomez · July 28, 2020, 7:59pm

Can you browse (Internet Explorer or Fire Fox) to just https://YourServer/

Aaron_Moreng · July 28, 2020, 8:00pm

The cert is valid, I suppose I could try applying a different cert. This test environment is on the production machine and same IIS instance so I’m a little hesitant to make any changes to it

josecgomez · July 28, 2020, 8:00pm

oh yeah no don’t touch it lol

Aaron_Moreng · July 28, 2020, 8:03pm

Noticed it’s the same with the API help pages. The Dev server works just fine whereas the Prod server kicks back the same error: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

Interesting; the URL for the Test environment works just fine in Edge but not chrome

josecgomez · July 28, 2020, 8:04pm

Its using a lower (too low) TLS version. Probably your server just needs an update
Chrome is mighty bitchy about that stuff.

Aaron_Moreng · July 28, 2020, 8:05pm

Ok, I’ll pass this info along to my sysadmin and see what he can do to upgrade to a higher TLS version.
I owe you so many beers!

Thanks

josecgomez · July 28, 2020, 8:06pm

The cipher that cert is using is probably considered “weak” (by the google monster… they like to wave their big stick)

And Epicor uses embeded chrome for all their stuff.

Aaron_Moreng · July 28, 2020, 8:06pm

Chrome aside, upgrading to a higher TLS should theoretically fix the kinetics form issues I assume as well, but I’ll report back if that didn’t fix

Aaron_Moreng · July 30, 2020, 1:08am

Well crud, TLS 1.2 was already enabled and the server rebooted but the same result persists. I also tried swapping out the ssl cert bound to 443 on Epicor, restarted the website, recycled IIS, but same results.

We did notice there are far less ciphers in the registry on the production server than on the dev server, and all works well on the dev server.
Is it perhaps we that we need to add those ciphers to the registry on the production server?

danbedwards · July 30, 2020, 1:25am

Maybe something in this older thread to help.

Olga · July 30, 2020, 1:29am

You can switch on schannel logging. It will require restart as well but at least you will be able to see viable info in event viewer

Aaron_Moreng · July 30, 2020, 1:31am

Ok I’ll try that. Thanks guys much appreciated I’ll report back

Olga · July 30, 2020, 1:34am

here Enable Schannel event logging in Windows - Internet Information Services | Microsoft Learn
I would set 7 to get everything.

Aaron_Moreng · July 31, 2020, 12:54am

We ran this tool and applied the best practices, restarted the machine to make the registry edits stick but no luck. Ugh