This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
PeteSchaub
Beginner
Beginner
‎2017-11-08 01:37 PM

After Windows 10 Update, RSA Security Console site no longer available

We are currently using RSA Authentication Manager version 8.1 in our environment.

 

A few of our admins ran the most recent Windows 10 update (version 1709, OS build 16299.19).  After the update they can no longer reach our RSA Security Console site.  They receive the error in the screenshot.  All the usual tricks have been tried (clearing internet cache, enabling / disabling TLS in security settings, etc).  Users who have not applied this update can access the site with no problems.

 

Question: is there a change that we can make to our RSA Security Console website that will make it accessible by users on the latest version of Windows 10?

Labels (1)
Preview file
37 KB
0 Likes
Reply
3 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-11-08 01:55 PM

AM ver. 8.1 only supports TLSv1.1, TLSv1.0 and SSLv3 for SSL sessions to the Server consoles, so if your browser is locked down to only use TLSv1.2, the connection will be refused.

Immediate problem is to get console access, so you need to either allow at least TLSv1.1

IE_Advanced_TLS12.png

In your current browser, or if your browsers are locked down you need to find and download an older browser, something like virtual IE6.

After you get access you'll want to upgrade AM to at least AM 8.1 SP1 P15.  TLSv1.2 support was introduced in AM 8.1 SP1 P3, so roll-up patch 15 will include it, and you probably cannot find P3, nor should you use a lower patch.  AM 8.1 base is pretty old, so there have been a lot of bug fixes since.

 

There's a discussion on TLS versions, and Ciphers, in RSA link

https://community.rsa.com/community/products/securid/blog/2017/02/27/ssl-protocols-rc4-ciphers-and-authentication-manager 

Reply
PeteSchaub
Beginner
Beginner
In response to JayGuillette
‎2017-11-08 02:05 PM

Thanks for the quick reply Jay!

 

Currently I can access the console by opening the site on a Server 2008 machine, so I can run the upgrade that way.  Would you recommend that we just do the upgrade to 8.2?  Do we need to run intermediary patches between our version and 8.2?

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to PeteSchaub
‎2017-11-08 02:32 PM

Yes.  Your Win2008 Server has a browser that supports TLSv1.1, and maybe less, so you can use it to upload and patch your primary, then replica

0 Likes
Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.