Can you browse (Internet Explorer or Fire Fox) to just https://YourServer/
The cert is valid, I suppose I could try applying a different cert. This test environment is on the production machine and same IIS instance so I’m a little hesitant to make any changes to it 
oh yeah no don’t touch it lol
Noticed it’s the same with the API help pages. The Dev server works just fine whereas the Prod server kicks back the same error: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY
Interesting; the URL for the Test environment works just fine in Edge but not chrome
Its using a lower (too low) TLS version. Probably your server just needs an update
Chrome is mighty bitchy about that stuff.
2 Likes
Ok, I’ll pass this info along to my sysadmin and see what he can do to upgrade to a higher TLS version.
I owe you so many beers!
Thanks
The cipher that cert is using is probably considered “weak” (by the google monster… they like to wave their big stick)
And Epicor uses embeded chrome for all their stuff.
1 Like
Chrome aside, upgrading to a higher TLS should theoretically fix the kinetics form issues I assume as well, but I’ll report back if that didn’t fix
1 Like
Well crud, TLS 1.2 was already enabled and the server rebooted but the same result persists. I also tried swapping out the ssl cert bound to 443 on Epicor, restarted the website, recycled IIS, but same results.
We did notice there are far less ciphers in the registry on the production server than on the dev server, and all works well on the dev server.
Is it perhaps we that we need to add those ciphers to the registry on the production server?
Maybe something in this older thread to help.
2 Likes
You can switch on schannel logging. It will require restart as well but at least you will be able to see viable info in event viewer
1 Like
Ok I’ll try that. Thanks guys much appreciated I’ll report back
here Enable Schannel event logging in Windows - Internet Information Services | Microsoft Learn
I would set 7 to get everything.
We ran this tool and applied the best practices, restarted the machine to make the registry edits stick but no luck. Ugh
1 Like
Did you start log?
I enabled it and rebooted the VM but I can’t find any event log for it or any events. Sorry, that’s probably purely my incompetence with server administration
Changed value from 1 to 3
Then rebooted machine.
I’m not really sure where to look in the event viewer…IIS-Logging is empty.
Well holy sh*t boys, I figured it out. There was a old version of the task agent from a previous version of this environment running in the background this whole time and it was registered under the Live environment in EAC. Event viewer was throwing tons of errors regarding it.
Very weird, but stopping the windows service for the old task agent (which happens to run on the same windows service for the production environment, apparently)
Went into EAC into the production environment and saw a old 3.2.2 TA was running for this test environment, went to actions>delete, it threw an error but removed it, then I’m able to run kinetic forms.
I think applying the ciphers and such also fixed the issues related to Chrome as I’m now able to get to the API help page for this server, thanks @Olga @danbedwards @josecgomez you guys are awesome.
Thanks all, sorry for the wild goose chase. Hopefully this helps someone who performs an upgrade with a similar environment setup…
2 Likes
Haha what that didn’t make any sense why would task agent make a difference for kinetic 
Glad you figured it out but wtf
1 Like
I checked where it logs, and all messages are going into Windows Logs\System with Schannel Source
They are not specific for IIS, they are for all crypto operations
1 Like
I’m still gonna take a peak there to see if it was logging anything weird prior to removing that old task agent. Good to know, thank you!