Tyler Workflow - Legacy TLS disabled on the server

Owned by Knowledge Assistant
Dec 29, 2023
2 min read
Description of Issue

Testing the Tyler Workflow Connection gives the following error:

Tyler Workflow cannot be reached

Time and Attendance Applicaiton log showed the following error message from the failed test Workflow conneciton:

500 Internal Server Error - An error has occurred

When browsing to the DiagnosticSummary endpoint, https://hostname/instance/tylerworkflow/api/api/diagnosticsummary, it gives the following error:

An error has occurred

In the Event Viewer, the following Schannel errors are shown in the Windows System logs:

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.
 The SSPI client process is svchost[TermService] (PID: 1948).

An unknown connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.
 The SSPI client process is SYSTEM (PID: 4).

An TLS 1.1 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.
 The SSPI client process is SYSTEM (PID: 4).

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
 The SSPI client process is w3wp (PID: 12144).

The Workflow dashboard, https://hostname/instance/tylerworkflow/dashboard, doesn't show the status graph.

Pressing F12 for the Developer tools while on the Workflow dashboard, under Console shows the HealthCheck chart source URL with the following errors:

An error occurred while sending the request

The underlying connection was closed: An unexpected error occurred on a receive

The client and server cannot communicate, because they do not possess a common algorithm

Context

  • Time and Attendance

  • ExecuTime

  • TWF

  • Tyler Workflow

  • Schannel

  • TLS 1.0/1.1./1.2

  • Registry

Cause

Legacy TLS 1.0 and 1.1 disabled on the server causing Tyler Workflow is lose communication with the server

Resolution

  1. Select Windows Start

  2. Type Regedit and press Enter

  3. Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

  4. Right click in the empty white space and select New > DWORD (32-bit) Value

  5. Type SystemDefaultTlsVersions and press Enter

  6. Double click the entry and select Decimal

  7. Type 1 in the Value Data field

  8. Right click in the empty white space and select New > DWORD (32-bit) Value

  9. Type SchUseStrongCrypto and Press Enter

  10. Double click the entry and select Decimal

  11. Type 1 in the Value Data field

  12. Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]

  13. Repeat steps 4-11 to add the same registry entry and values to this location

  14. Reboot the server for the changes to apply

Additional Information

How to check and confirm if TLS 1.0 and 1.1 are disabled: See https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#tls-10

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
  
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
  
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
  
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000