10.2.600.5 Kinetic forms not working in TEST

I have 2 environments at the same patch level but on different servers.
In my dev environment, everything’s working great. In my test environment, I am unable to access any kinetic form.
When I naviate to the active home page URL, dev works but test does not.
Dev:


Test:

Attempting to open any kinetic form in the test environment gives this error:
image

I have a feeling this is an IIS setting but not sure where to look as at first glance, both look similarly configured.

These are running on two separate boxes.

Any good place to start?

Same server?

Different servers

Do you have https binding enabled in IIS on the Dev server?

Yes, https binding is enabled on both servers. There are different certs however

Is the Cert valid? (can you generate a new one?)

Can you browse (Internet Explorer or Fire Fox) to just https://YourServer/

The cert is valid, I suppose I could try applying a different cert. This test environment is on the production machine and same IIS instance so I’m a little hesitant to make any changes to it :grimacing:

oh yeah no don’t touch it lol

Noticed it’s the same with the API help pages. The Dev server works just fine whereas the Prod server kicks back the same error: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY

Interesting; the URL for the Test environment works just fine in Edge but not chrome

Its using a lower (too low) TLS version. Probably your server just needs an update
Chrome is mighty bitchy about that stuff.

2 Likes

Ok, I’ll pass this info along to my sysadmin and see what he can do to upgrade to a higher TLS version.
I owe you so many beers!

Thanks

The cipher that cert is using is probably considered “weak” (by the google monster… they like to wave their big stick)

And Epicor uses embeded chrome for all their stuff.

1 Like

Chrome aside, upgrading to a higher TLS should theoretically fix the kinetics form issues I assume as well, but I’ll report back if that didn’t fix

1 Like

Well crud, TLS 1.2 was already enabled and the server rebooted but the same result persists. I also tried swapping out the ssl cert bound to 443 on Epicor, restarted the website, recycled IIS, but same results.

We did notice there are far less ciphers in the registry on the production server than on the dev server, and all works well on the dev server.
Is it perhaps we that we need to add those ciphers to the registry on the production server?

Maybe something in this older thread to help.

2 Likes

You can switch on schannel logging. It will require restart as well but at least you will be able to see viable info in event viewer

1 Like

Ok I’ll try that. Thanks guys much appreciated I’ll report back

here https://support.microsoft.com/en-ca/help/260729/how-to-enable-schannel-event-logging-in-iis
I would set 7 to get everything.

We ran this tool and applied the best practices, restarted the machine to make the registry edits stick but no luck. Ugh

1 Like