Removal of TLS 1.0 and 1.1 from registry causes Enterprise Manager install failure.

Document ID : KB000046508
Last Modified Date : 14/02/2018
Show Technical Document Details

Question: 

Our system security requirements have TLS 1.0 and 1.1 disabled so how can I install Enterprise Manager in such an environment? 

Environment:  

REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA" /F 

REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /V Enabled /T REG_DWORD /D 0x00000001 /F 
REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" /V DisabledByDefault /T REG_DWORD /D 0x00000000 /F 

REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /V Enabled /T REG_DWORD /D 0x00000001 /F 
REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" /V DisabledByDefault /T REG_DWORD /D 0x00000000 /F 

REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /V Enabled /T REG_DWORD /D 0x00000001 /F 
REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /V DisabledByDefault /T REG_DWORD /D 0x00000000 /F 

REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /V Enabled /T REG_DWORD /D 0x00000001 /F 
REG.EXE ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /V DisabledByDefault /T REG_DWORD /D 0x00000000 /F

Answer: 

It is requested to have this registry values enabled (allowing TLS 1.0 and TLS 1.1) during the install of Enterprise Manager and remove them (disable) after the install to allow a complete install of the product.