000034507 - After disabling SSL/TLS protocols, images are missing from Notifications in RSA Archer

Document created by RSA Customer Support Employee on Dec 6, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034507
Applies ToRSA Product Set: Archer
RSA Version/Condition: 5.X and 6.X
Platform: Windows
 
IssueAfter disabling TLS 1.0 and 1.1 and enabling TLS1.2, images are missing from Notifications. The image displays when accessed by service account in IE on both Services and Web servers.
The following lines are from IIS Logs:
 
2016-10-06 16:12:13 130.5.40.213 GET ......../company_files/50000/icons/CSOsol_Header_2016.jpg - 443 - XXX.X.XX.XXX Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.2;+WOW64;+Trident/6.0;+.NET4.0E;+.NET4.0C;+.NET+CLR+3.5.30729;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729)

 
401 2 5 15 Archer: ArcherTech.Notifications Error loading the bytes for an embedded image in the email generated for notification template XXXXXXXXXXXXXXXXXXXXXXXwith id = 'XXX'. 
ArcherTech.JobFramework.Job.exe ArcherTech.Common.Exceptions.ImageLoadingNotificationException, ArcherTech.Common, Version=5.5.40100.1013, Culture=neutral, PublicKeyToken=null
Error loading the bytes for an embedded image in the email generated for notification template 'XXXXXXXXXXXXXXXXXX' with id = 'XXX'. 
Please verify that you have access to the location where the image is stored. For further support, please contact your system administrator.
CSOsol_Header_2016.jpg https://XXXXXXXXXXXXXX/XXXXXX/company_files/50000/icons/XXXXX_Header_2016.jpg 
System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The underlying connection was closed: An unexpected error occurred on a send. System 
at System.Net.HttpWebRequest.GetResponse()
at ArcherTech.Notifications.ExtensionMethods.EmailMessageExtensionMethods.GetImage(SessionContext sessionContext, KeyValuePair`2 imageName, Notification notification)
System.IO.IOException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. System 
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async) System.Net.Sockets.SocketException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
An existing connection was forcibly closed by the remote host System 
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

 
CauseDisabling SSL 3.0 and TLS 1.0 channels when using HTTPS communication prevents communication to the Company_Files directory.
The RSA Archer Job Engine service is unable to access the image to insert it into the email notification.
WorkaroundTwo registry entries must be made to resolve on EACH Archer server:
  1. Backup Registry
  2. Make the following Registry entries:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001

  1. Restart the server

Attachments

    Outcomes