I have 2 environments at the same patch level but on different servers.
In my dev environment, everything’s working great. In my test environment, I am unable to access any kinetic form.
When I naviate to the active home page URL, dev works but test does not.
Attempting to open any kinetic form in the test environment gives this error:
I have a feeling this is an IIS setting but not sure where to look as at first glance, both look similarly configured.
These are running on two separate boxes.
Any good place to start?
Do you have https binding enabled in IIS on the Dev server?
Yes, https binding is enabled on both servers. There are different certs however
Is the Cert valid? (can you generate a new one?)
Can you browse (Internet Explorer or Fire Fox) to just
The cert is valid, I suppose I could try applying a different cert. This test environment is on the production machine and same IIS instance so I’m a little hesitant to make any changes to it
oh yeah no don’t touch it lol
Noticed it’s the same with the API help pages. The Dev server works just fine whereas the Prod server kicks back the same error: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY
Interesting; the URL for the Test environment works just fine in Edge but not chrome
Its using a lower (too low) TLS version. Probably your server just needs an update
Chrome is mighty bitchy about that stuff.
Ok, I’ll pass this info along to my sysadmin and see what he can do to upgrade to a higher TLS version.
I owe you so many beers!
The cipher that cert is using is probably considered “weak” (by the google monster… they like to wave their big stick)
And Epicor uses embeded chrome for all their stuff.
Chrome aside, upgrading to a higher TLS should theoretically fix the kinetics form issues I assume as well, but I’ll report back if that didn’t fix
Well crud, TLS 1.2 was already enabled and the server rebooted but the same result persists. I also tried swapping out the ssl cert bound to 443 on Epicor, restarted the website, recycled IIS, but same results.
We did notice there are far less ciphers in the registry on the production server than on the dev server, and all works well on the dev server.
Is it perhaps we that we need to add those ciphers to the registry on the production server?
Maybe something in this older thread to help.
You want your connection to look like this.
The connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with X25519 (a strong key exchange), and AES_256_GCM (a strong cipher).
You can use IIS Crypto 2.0 to eliminate the obsolete SSL/TLS properties, which I am not sure why are showing on IIS 10. You can run the tool, select best practices, and then apply. You may want to redo your certificate after as well.
You can switch on schannel logging. It will require restart as well but at least you will be able to see viable info in event viewer
Ok I’ll try that. Thanks guys much appreciated I’ll report back
We ran this tool and applied the best practices, restarted the machine to make the registry edits stick but no luck. Ugh