Can server upgrade to TLS 1.2 have impact on users, and how can it be corrected?

Justin Kraemer

September 27, 2018 19:05

Several weeks ago the server here had its IIS security updated to TLS 1.2. I made the necessary registry edits, and all services have behaved well ever since. The viewers work as before, except that some external users report they cannot connect for the past several weeks.

 

I wonder if this is connected to TLS 1.2, because some of these individuals were able to connect before it was implemented. Is there anything a user can do to re-enable their access to a Geocortex site after a TLS change on the server? If so, I find it strange that not everyone was impacted.

 

I would appreciate any suggestions, please.

 

Thanks,

 

Justin

0

• 

  Permanently deleted user

  September 27, 2018 20:03

  Hi Justin,

   

  I haven't heard of this behaviour and we've seen this change applied quite a bit recently.

   

  What does a user see that is affected?  Does the viewer load but no services?  Do you have any permissions set on the "Permissions" page?

   

  I would also be interested if anyone else has experienced any issues.

   

  Regards,

   

  Wayne Richard

   

  Latitude Geographics Group Ltd.

   

  Head Office: 300 – 1117 Wharf Street  Victoria, BC Canada V8W 1T7

   

  Tel: (250) 381-8130 | Fax: (250) 381-8132 | wrichard@latitudegeo.com 

   

  Developers of Geocortex web-based mapping software | www.geocortex.com

   

  An Esri Platinum Business Partner

   

   [Please purchase a license if usin

  0
• 

  Stefan Schweigert

  September 27, 2018 20:19

  Hello Justin,

  It may be that the clients who are attempting to connect to your system are requesting the viewer resources through an older protocol, most likely TLS 1.0, which can happen when clients are using Windows 7 with IE 8-10, Firefox 5.0 and earlier, mobile devices with Android 4.3 and earlier, or PCs using .NET 4.5 and lower without security patches/opt-in configuration applied. The easiest solution for PCs is to install .NET 4.7, as recommented by Microsoft, and use IE11 or other modern browsers.

   

  Thanks, Stefan

  0
• 

  Justin Kraemer

  September 27, 2018 20:20

  Thanks for the prompt reply, Wayne. The user I had heard from late yesterday was able to connect today after the server restore that was done this morning. So his was likely not a valid example of the problem. The next user, from whom I had last heard in August I phoned just now, and learned that today, for the first time since July, was able to load the map.

   

  So perhaps my question isn't even a thing. I will post back if someone still cannot connect.

  0
• 

  Justin Kraemer

  September 27, 2018 20:25

  Stefan, thank you to you, too! Your response was not yet on the page when I replied to Wayne, but I then found the notice in my inbox. What you've told me may prove very useful when I inevitably hear from that one user I did not mention yet in this thread. In light of this, I feel it's premature to mark a best answer, which I hope you don't mind. But thanks very much!

  0
• 

  Permanently deleted user

  September 27, 2018 20:25

  Hi Justin,

   

  While all modern browsers support TLS 1.2, anyone running older systems (Windows XP / IE 10) might have trouble connecting to a HTTPS server that only supports TLS 1.2.

   

  If you have your user visit a test page such as https://www.ssllabs.com/ssltest/viewMyClient.html they can confirm that TLS 1.2 is supported by their browser.

   

  If it is supported, and they still can't launch your viewer, please follow up here or open a support ticket describing what they see and we'll go from there!

   

  Regards,

   

  -Malcolm

  0
• 

  Stefan Schweigert

  September 27, 2018 20:26

  Haha, no worries. We're happy to help :).

  0
• 

  Justin Kraemer

  April 17, 2019 16:22

  The day I mentioned September 27 has come. She has TLS 1.2 and 1.3 enabled as she found in the September 27 link from Malcolm. This is what she sees when trying to load the viewer. So I ask for help, please_img_ alt="Error received by user trying to load the viewer" src="https://latitudegeo--c.na53.content.force.com/servlet/rtaImage?eid=907f2000000CoF9&feoid=Body&refid=0EMf20000002uT4" _/_img_ 

  0
• 

  Permanently deleted user

  April 17, 2019 16:31

  Hi Justin,

   

  The 3 steps we mentioned have worked in all cases so far:

   

  - apply all Windows updates

   

  - install dotnet 4.7 framework

   

  - apply registry settings in this article - https://support.geocortex.com/essentialsGSCkba?id=kA360000000L14bCAC

   

  After a restart all should be fine.  If not, I would recommend opening a support case with your support provider to confirm this is in fact, a TLS 1.2 issue.

   

  Regards,

   

   

  Wayne

  0
• 

  Permanently deleted user

  April 17, 2019 21:11

  Hi Justin, that error is a connection timeout, which isn't necessarily an SSL protocol failure.  We're able to launch your site from here (even with Firefox!) so something else could be the issue.  

   

  If your customer opens the Developer Tools window, are there any further clues about SSL negotiation or connection timeouts?

   

  If it's not obvious from there, please open a Support case with us or your reseller!

   

  Regards,

   

  -Malcolm

  0

Please sign in to leave a comment.