000034507 - After disabling SSL/TLS protocols, images are missing from Notifications in RSA Archer

Document created by RSA Customer Support Employee on Dec 6, 2016Last modified by RSA Customer Support on Jun 17, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000034507
Applies ToRSA Product Set: Archer
RSA Version/Condition: All
Platform: Windows
 
IssueAfter disabling TLS 1.0 and 1.1 and enabling TLS1.2, images are missing from Notifications. The image displays when accessed by service account in IE on both Services and Web servers.

The following lines are from IIS Logs:
 

2016-10-06 16:12:13 130.5.40.213 GET ......../company_files/50000/icons/CSOsol_Header_2016.jpg - 443 - XXX.X.XX.XXX Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.2;+WOW64;+Trident/6.0;+.NET4.0E;+.NET4.0C;+.NET+CLR+3.5.30729;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729)

 


401 2 5 15 Archer: ArcherTech.Notifications Error loading the bytes for an embedded image in the email generated for notification template XXXXXXXXXXXXXXXXXXXXXXXwith id = 'XXX'.
ArcherTech.JobFramework.Job.exe ArcherTech.Common.Exceptions.ImageLoadingNotificationException, ArcherTech.Common, Version=5.5.40100.1013, Culture=neutral, PublicKeyToken=null
Error loading the bytes for an embedded image in the email generated for notification template 'XXXXXXXXXXXXXXXXXX' with id = 'XXX'. 
Please verify that you have access to the location where the image is stored. For further support, please contact your system administrator.
CSOsol_Header_2016.jpg https://XXXXXXXXXXXXXX/XXXXXX/company_files/50000/icons/XXXXX_Header_2016.jpg 
System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The underlying connection was closed: An unexpected error occurred on a send. System 
at System.Net.HttpWebRequest.GetResponse()
at ArcherTech.Notifications.ExtensionMethods.EmailMessageExtensionMethods.GetImage(SessionContext sessionContext, KeyValuePair`2 imageName, Notification notification)
System.IO.IOException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. System 
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async) System.Net.Sockets.SocketException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
An existing connection was forcibly closed by the remote host System 
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)


 
CauseDisabling SSL 3.0 and TLS 1.0 channels when using HTTPS communication prevents communication to the Company_Files directory.
The RSA Archer Job Engine service is unable to access the image to insert it into the email notification.
WorkaroundTwo registry entries must be made on EACH Archer web server. 
Backup the registry before making changes.  For instructions, see: 
https://support.microsoft.com/en-us/help/322756/how-to-back-up-and-restore-the-registry-in-windows


Use the attached PowerShell script to make registry changes



  1. Download the attached file UseStrongCrypto.ps1

  2. Log on to the web server with elevated privileges.  



  3. Copy the file to the desktop.



  4. Right-click on the file and select Run with PowerShell.



Alternatively:



Log on to each web sever with elevated privileges. Open a PowerShell window and execute the following script.



# set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord



# set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord




 

Attachments

Outcomes