Skip to main content

KCM Studio fails to start after disabling TLS 1.0 and other insecure protocols

Article # 3039760 - Page views: 34


After disabling insecure protocols, ciphers, hashes etc, it is not possible to start KCM Studio. It reports the following error on startup

System.ServiceModel.Security.SecurityNegotiationException: SOAP security negotiation failed. See inner exception for more details.


KCM Studio (and B&OM) does not function when TLS1.0 and SHA are disabled due to a security limitation in Windows Communications Foundation (WCF) in regard to Message Security. This is considered a defect which will be resolved in KCM 5.6.



Re-enable TLS 1.0, and enable SHA (SHA-1) in the SCHANNEL registry key. The program "IIS Crypto GUI" from nartac is a GUI program that can be used to change the SCHANNEL registry settings in Microsoft Windows Server. 

For more information on how to change the settings via the Windows Registry see the official Microsoft documentation


For KCM 5.5 a hotfix is available. It can be requested via Kofax Technical Support. When creating the case for requesting the fix, refer to this knowledge base article.

Level of Complexity 



Applies to  

Product Version Build Environment Hardware
Kofax Communications Manager 5.5 and earlier n/a n/a n/a


Article # 3039760