Purpose
This document outlines the steps necessary to ensure that Shavlik Protect and Ivanti Patch for Windows can make use of TLS 1.2 when TLS 1.0 and TLS 1.1 are disabled.
Symptoms
When TLS 1.0 and TLS 1.1 are disabled, the Deployment Tracker will remain stuck at "Scheduled" or Executing".
Cause
The target machine has a process to send status updates back to the console. If TLS 1.2 isn't properly configured on the client machines and the protect console, these updates will fail to reach the console.
Resolution
- SQL Server needs to be updated per https://support.microsoft.com/en-us/kb/3135244.
- Per https://technet.microsoft.com/en-us/library/security/2960358.aspx follow the suggested actions
- For machines running Windows 7, 2K8R2, or 2K12, follow the instructions in https://support.microsoft.com/en-us/kb/3140245 to create the needed registry key and then install patch MSWU-1964.
Registry changes will need to be made to both client machines, and to the Shavlik Protect and Ivanti Patch for Windows console.
Additional Info
This document explains how to deploy registry changes via group policy: https://technet.microsoft.com/en-us/library/cc753092(v=ws.11).aspx
Affected Product(s)
Protect 9.2
Ivanti Patch for Windows 9.3+