Issue:
Elements EPP for Servers shows "protection malfunction" status in the local user interface due to it being unable to download updates from GUTS2 server.
AUA.log shows:
I: Checking for updates from https://guts2.sp.f-secure.com
I: Update check failed, error=71 (protocol error)
Example errors:
*I: [fslib] downloading updates list 'https://guts2.sp.f-secure.com/u;t=deepguard-db;hydra-win64;lynx-win64;oneclient-psb-win32;sccore-win64;ulcore-win64;ulupdater-win64;uss-win64;virgo-win64';
*E: [fslib] WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR
2023-01-31 09:29:31.744 [06bc.1b38] *E: [fslib] Error occurred during WinHttpSendRequest, error 12175, flags 0x80000000
*W: [fslib] Got ERROR_WINHTTP_SECURE_FAILURE with only WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR in flags, retrying
*E: [fslib] WINHTTP_CALLBACK_STATUS_FLAG_SECURITY_CHANNEL_ERROR
Resolution:
Usually this issue is caused by non-default or misconfigured Windows SSL/TLS settings in the Windows registry.
Follow this troubleshooting guide:
- Download IIS Crypto GUI and run this tool https://www.nartac.com/Products/IISCrypto/Download
- Navigate to Advanced tab and press Backup button to backup SSL/TLS settings as .reg-file. It can be used to compare the settings with working systems or for restoring the original settings.
- Navigate to Templates tab, select "Server Defaults" item from the dropdown list and click Apply button. The tool will write the default Windows SSL/TLS settings to the registry.
- Alternatively, "Best practices" or "Strict" templates could be used as well if you would like to use more strict SSL/TLS settings than default. We support those templates as well.
- Reboot the system
Article no: 000041769