There are several reasons why the RSA Archer Platform will allow a job to drop its schedule. Recently an increase in this behavior has been observed and correlated to a Microsoft patch and KB released between February and March 2020.
Environmental or configuration issues can also cause a job to error during the reschedule phase of a job. This can lead to the schedule being lost. Additional retry logic has been added to RSA Archer 220.127.116.11 and newer versions to recover jobs whose reschedule phase was interrupted.
If you continue to see job schedules that are lost after applying both the Microsoft patch and/or upgrading to RSA Archer 18.104.22.168 or newer, then additional investigation will be required with RSA Technical Support resources to identify if there is a problem or if there are other environmental issues contributing to the job failing to reschedule.
Any job that has lost its schedule can have a new scheduled job that is created by saving the job again.
To resolve this issue,
Validate in the RSA Archer logs if either of these two errors are present:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.)
The exact error text may vary slightly in your environment.
The patch or workaround must be applied to all servers in the RSA Archer environment.
If you are using Windows Server 2012 R2, then you will have to use the listed workaround.
Using Group Policy
TLS_DHE_* ciphers can be disabled by using Group Policy. See Prioritizing Schannel Cipher Suites to configure the SSL Cipher Suite Order group policy. Policy URL: Computer Configuration > Administrative Templates > Network > SSL Configuration Settings. Policy Setting: SSL Cipher Suite Order setting. It is necessary to restart the computer after modifying this setting for the changes to take effect.
If you are using Windows Server 2016 or 2019, then the listed patches can be applied.
Windows versions that contain the leading zero fixes for TLS_DHE: