How to remove insecure TLS protocols on your Password Reset System
(Last updated on August 2, 2018)
A customer recently reported a problem with their Specops DMZ server after users were unable to reset their passwords via the password reset mobile app. The customer reinstalled the DMZ server, but still no success.
Typically when we run into these problems, we check if the mobile service is installed on the IIS. This can be done by opening IIS and expanding the Specops Password section, checking to see if the “Service” folder is there. If it’s not there, the mobile service is not installed, and you will need to run the Setup assistance on the server, and install the mobile service during the Web setup.
In this case, the service was already installed, and the app was returning “the socket is not connected” error message. After doing some digging, we were able to get the customer up and running with the following:
- Installing .NET 4.6.2 or later on both machines.
- Upgrading to Specops Password Reset 6.6 and above.
- Using the IISCrypto tool to make sure that TLS 1.0 was disabled on both boxes (if we ticked TLS 1.0 it all started to work again, but as that is insecure, we switched it off).
- Enabling Use FIPS compliant algorithms for encryption, hashing, and signing. To do this we used Local Group Policy Editor on both machines and set the setting to enable.
- Rebooting the server so the settings take effect.
- If using the Specops password reset app on Android devices, upgrading the App to the latest version (7.11.17237.2).
This may come as a surprise to some, but you don’t need to grant domain admin rights for common administrative tasks, like unlocking accounts and resetting passwords. There’s a better way, and it is so easy, you’ll wonder why you haven’t done it all along. Open Active Directory Users and Computers. Right-click on the user…Read More
With less than a year until the EU General Data Protection Regulation (GDPR) takes effect, all organizations collecting or processing data for individuals within the EU are in the midst of developing their compliance strategy. The new regulation will carry an impact well beyond Europe. A recent PwC pulse survey found that over half of…Read More
Many organizations are making the move to cloud, specifically Office 365 (O365). Recognized as the most common business productivity software, O365 offers many benefits to today’s mobile workforce. There’s also some perks for the IT staff. Freed up internal resources, from servers to personnel, easy access to the latest and greatest, and best of all,…Read More