[KBA-79121] Unable to add a SharpV G3 unit if TLS 1.3 is active on the Security Center server - When adding the SharpV G3 unit to the LPM role, you get an error while waiting for the unit to connect. The unit never appears in the unit list even if the Sharp Portal indicates that the extension is "Security Center (LPM protocol)". - SharpOS 14.0.2 and earlier | SharpV G3

Product
SharpV
Internal reference number
3181079
Content type
KB articles
Version
14.0
Language
English
Last updated
2022-07-25

[KBA-79121] Unable to add a SharpV G3 unit if TLS 1.3 is active on the Security Center server

When adding the SharpV G3 unit to the LPM role, you get an error while waiting for the unit to connect. The unit never appears in the unit list even if the Sharp Portal indicates that the extension is "Security Center (LPM protocol)".

The Sharp logs display the following error messages:

The Server Console displays the following logs:

Applies to

SharpV G3 with SharpOS 14.0.2 and earlier

Cause

Certain versions of Windows (for example, Windows Server 2022) use TLS 1.3 to negotiate HTTPS connections. The SharpV G3 does not properly negotiate with TLS 1.3.

Workaround

CAUTION:
This workaround will affect ALL applications on the server, not only Sharp's, as they will not be able to negotiate TLS 1.3 with any client application.

Edit the Windows Registry that the LPM role is installed on:

  1. Back up the current Windows Registry.
  2. Open the Windows Registry Editor and navigate to the following location:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

  3. Create a key called TLS 1.3.
  4. Under TLS 1.3 create the key: Server.
  5. Under Server create the DWORD Value: DisabledByDefault.
  6. Double-click the new entry and enter a value of 1 (default value of 0).
  7. Under Server create the DWORD Value: Enabled.
  8. Restart Windows.

You can now add the SharpV G3 to the LPR role using TLS 1.2.

Status

This issue is resolved in SharpOS 14.1.0.