Drive Error

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, January 6, 2013

Disable Weak SSL Ciphers and Protocols in Windows, IIS, ISA, TMG & UAG

Posted on 7:10 PM by Unknown
You should disable the weak SSL ciphers and protocols that are riddled with vulnerabilities and security flaws on any Microsoft Windows server running IIS, ISA, TMG and UAG.

The resolution for this weakness is rather simple. Merge the data below into your registry and reboot. That's it.

The easiest way to do that is to copy the text from the white box below, past it into notepad and save the file with a ".reg" extension (make sure to change the "Save as type" to "All Files". Backup your registry, then right-click the file and select "merge". Click "Yes" and you are done. If you are running UAC, you need to click "yes" twice. 





Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SaslProfiles]
"GSSAPI"="Kerberos"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"EventLogging"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168]
"Enabled"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA]
"Enabled"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS]
"Enabled"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest]
"Negotiate"=dword:00000000
"UTF8HTTP"=dword:00000001
"UTF8SASL"=dword:00000001

Caution: Use at your own risk. No warranty expressed or implied.
Also see: http://support.microsoft.com/kb/245030
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Ciphers, Hashes, IIS, ISA, Key Exchange Algorithms, PCT, sasl profiles, schannel ciphers, schannel protocols, Security, security providers, SSL, TLS, TMG, UAG, wdigest, Weak SSL, Windows Server | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Resolved: IDRAC Drive Error Either Virtual Media is detached or redirection for the selected virtual disk drive is already in use
    I haven't used Dell servers much in an enterprise environment, so working with their IDRAC (Integrated Dell Remote Access Controller) co...
  • The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).
    If you get the following error in the system event logs while trying to start the Distributed Transaction Coordinator service, we can help. ...
  • Resolution: Visual Studio Test Agent Unable to Connect to the controller. There is no agent registered...
    Problem: I discovered a weird quirk with the Visual Studio Test Agents (a.k.a. TFS Test Agents). We were trying to set them up to do some l...
  • How to Setup Visual Studio (TFS) Test Agents in the Cloud
    We ran into some issues trying to get the Visual Studio Test Agents to register and communicate with the Visual Studio Test Controller when ...
  • Fix Event ID# 7043 Load control template file /_controltemplates/TaxonomyPicker.ascx failed: Could not load type
    This is an error that's a little misleading. At first it might seem that the file is missing or that there is a permissions issue, but t...
  • How to Delegate Rights to Modify SPNs in Active Directory
    With Kerberos taking over as the preferred authentication protocol, system administrators need to be able to modify the SPN for their servic...
  • Error! Windows - No Disk: Exception Processing Message c0000013 Parameters 75a851d8 979a26dc 75a851d8 75a851d8
    This is one of those errors that doesn't really give you any information to go on. All you really get is this popup message that say Win...
  • How to Turn On Debug Logging for Group Policy
    When you are troubleshooting group policy issues, it's helpful to turn on some additional logging. Unfortunately, it's not just a si...
  • How to Configure Windows Event Logs as SNMP Traps
    There are a lot of different monitoring suites out there that monitor servers by using SNMP traps. If you want to be alerted when a specific...
  • Resolution: Error during encryption or decryption. System error code 997 in SharePoint
    I was recently ran into an issue in SharePoint where my Central Administration web app disappeared. When I tried to redeploy Central Adminis...

Categories

  • %windir%\system32\evntwin.exe
  • $TOPS
  • 0x80300001
  • 2010
  • 404
  • 997
  • Active Directory
  • Active Directory Federation Services
  • ADDS
  • ADFS
  • ADFSRelyingPartyTrust
  • adminvs
  • Adsense
  • Adsense Association
  • Advertising Income
  • AIDS
  • Amazon AWS
  • Android
  • Apple
  • associate an adsense account
  • Attribute objecttypecode
  • Authentication is Required
  • AxQuickMksAxCtl
  • bcdedit
  • block
  • BYOD
  • cell phone
  • certificate of authenticity
  • Channel
  • Ciphers
  • Citrix
  • cloud
  • commerce server 2007
  • commerce server 2009
  • configure
  • connection pooling
  • ControlTemplates
  • corrupt
  • could not load type
  • crash
  • credential caching
  • CurrentNavSiteMapProvider
  • Data Execution Prevention
  • dbo.DependencyBase
  • DC
  • debug
  • decryption
  • definition files
  • Dell
  • demotion
  • DEP
  • Destop
  • detached
  • devices
  • devmgmt.msc
  • devmgr_show_nonpresent_devices
  • Disable ADFS Credential Caching
  • discovery service
  • disk drive
  • disk space
  • distributed computing
  • Distributed Transaction Coordinator service
  • DNS
  • domain
  • domain account
  • Domain Controllers
  • Drivers
  • dsacls
  • duplicate key
  • DynamicChildLimit
  • EC2
  • education
  • email router
  • encryption
  • enterprise
  • error
  • error code 997
  • error status: 1603
  • event ID# 1033
  • event ID# 16192
  • Event ID# 26234
  • event id# 7024
  • event ID# 7043
  • Event Logs
  • Event Sources
  • Event to Trap Translator
  • Exception
  • exception processing message
  • facebook
  • failed
  • FarmAdmin
  • fight aids
  • FightAIDS@Home
  • filter
  • fix
  • free
  • free disk space
  • free download
  • freeware
  • fsutil
  • game
  • games
  • Generate Trap
  • ghost devices
  • Google
  • Google Adsense
  • google-corpeng
  • GPO
  • gpresult
  • grid computing
  • group policy debug logging
  • group policy logging
  • hard drive
  • Hashes
  • HBA
  • hiberfil.sys
  • hibernation
  • hidden devices
  • hotfix
  • how to
  • IDRAC
  • IIS
  • index
  • Install
  • Integrated Dell Remote Access Controller
  • invalid code received
  • invalid operation exception
  • invites
  • IP Address
  • ISA
  • iso
  • KB
  • kerberos
  • key code
  • Key Exchange Algorithms
  • libraries
  • license key
  • limit
  • list
  • lists
  • load testing
  • lockdown
  • Log Management
  • LogFiles
  • logons per second
  • loopback
  • LSA
  • LsaLookupCacheMaxSize;
  • Mac OS X
  • Macs
  • management
  • menu
  • metadata cleanup
  • Microsoft
  • Microsoft Dynamics CRM 2011
  • Microsoft Dynamics CRM 4.0
  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft TechEd
  • Microsoft.VisualStudio.TestTools.Exceptions.EqtException
  • mobile phone
  • Monetization
  • Monitoring Suites
  • MSCRMEmail
  • msdtc. resetlog
  • Multiple Logins
  • Navigation
  • ndx_UniqueDependencyNodes
  • network adapter
  • Network connections
  • news feed
  • NIC
  • no disk
  • ntdsutil
  • open source
  • Operating System
  • OS
  • package management
  • page file
  • pagefile
  • pagefile.sys
  • pages
  • Passive Income
  • patch
  • patch management
  • patches
  • PCT
  • performance tuning
  • picklist
  • PortalSiteMapProvider
  • powercfg
  • powershell
  • PrincipalObjectAccessReadSnapshot
  • product key
  • psconfig
  • query group policy
  • r2
  • RAID controller
  • reclaim disk space
  • redirection
  • reference
  • registry key
  • remove
  • remove selected server
  • resolution
  • resource unavailable
  • rights
  • rights delegation
  • root hints
  • RSPO
  • run error detected
  • sasl profiles
  • SCCM
  • schannel ciphers
  • schannel protocols
  • script
  • scripting
  • SCSI controller
  • Security
  • security event logs
  • security providers
  • server
  • Server Administration
  • service account
  • Service Control Manager
  • service principle name
  • servicePrincipleName
  • services
  • session
  • shadow copy storage
  • SharePoint
  • sharepoint 2007
  • Sharepoint 2010
  • sharepoint 2013
  • shrink
  • Simian
  • sitemap
  • sites
  • smart phone
  • SNMP
  • SNMP Monitoring
  • SNMP Traps
  • social networking
  • software
  • software deployment
  • solution
  • sql
  • SSL
  • STIGS
  • stsadm
  • subsites
  • Symantec Endpoint Protection
  • system event logs
  • TaxonomyPicker.ascx
  • temporary internet files
  • Test Agents
  • Test Controller
  • Test Tools
  • TFS
  • the farm is unavailable
  • timeout
  • TLS
  • TMG
  • TokenLifetime
  • tops file
  • training
  • transaction resource manager
  • troubleshooting
  • troubleshooting group policy
  • UAG
  • unexpected error
  • update rollups
  • UpdateFarmCredentials
  • upgrade
  • user
  • users
  • videos
  • virtual adapter
  • Virtual Infrastructure Client
  • virtual media
  • virus definitions
  • Visual Studio
  • VM
  • VMWare
  • VSphere client
  • vss storage
  • Walk-Through
  • wcat
  • wcat.wsf
  • wcclient
  • wcctl
  • wdigest
  • Weak SSL
  • web services
  • web.config
  • webs
  • website
  • Windows
  • Windows 2000
  • Windows 2003
  • Windows 2008
  • Windows 2008 R2
  • Windows 2012 R2
  • Windows 7
  • Windows 8.1
  • Windows Azure
  • windows desktop
  • Windows Live ID Sign-in Assistant
  • Windows Server
  • windows update service
  • Windows Vista
  • Windows XP
  • Windwos DNS
  • WMI
  • wmic
  • work around
  • Workstation
  • world community grid
  • xml
  • YouTube
  • YouTube Publishing

Blog Archive

  • ▼  2013 (42)
    • ►  October (4)
    • ►  September (3)
    • ►  July (2)
    • ►  June (1)
    • ►  May (1)
    • ►  April (4)
    • ►  March (10)
    • ►  February (4)
    • ▼  January (13)
      • SharePoint Navigation Limited to 50 Items
      • Powershell Script to Delete Out Temporary Internet...
      • IIS Log Management Script in Powershell
      • Configuring a CRM Email Router to Run Under a Doma...
      • MSCRMEmail: Metadata contains a reference that can...
      • Tips on How to Free Disk Space on Your PC or Server
      • How to Configure Your Page File to Save Disk Space
      • How to associate a second YouTube channel with a G...
      • Error! Windows - No Disk: Exception Processing Mes...
      • Disable Weak SSL Ciphers and Protocols in Windows,...
      • Phantom space used in Windows 7, Windows Server 20...
      • How to delete hiberfil.sys on Windows 2008/Vista/W...
      • Symantec Endpoint Protection 12.1 clients are hold...
  • ►  2012 (1)
    • ►  December (1)
Powered by Blogger.

About Me

Unknown
View my complete profile