Skip to main content
Kofax

KCM Studio fails to start after disabling TLS 1.0 and other insecure protocols

Article # 3039760 - Page views: 32

Issue

After disabling insecure protocols, ciphers, hashes etc, it is not possible to start KCM Studio. It reports the following error on startup

System.ServiceModel.Security.SecurityNegotiationException: SOAP security negotiation failed. See inner exception for more details.

Cause

KCM Studio (and B&OM) does not function when TLS1.0 and SHA are disabled due to a security limitation in Windows Communications Foundation (WCF) in regard to Message Security. This is considered a defect which will be resolved in KCM 5.6.

Solution

Workaround

Re-enable TLS 1.0, and enable SHA (SHA-1) in the SCHANNEL registry key. The program "IIS Crypto GUI" from nartac is a GUI program that can be used to change the SCHANNEL registry settings in Microsoft Windows Server. 

For more information on how to change the settings via the Windows Registry see the official Microsoft documentation https://docs.microsoft.com/en-us/win...istry-settings

Hotfix

For KCM 5.5 a hotfix is available. It can be requested via Kofax Technical Support. When creating the case for requesting the fix, refer to this knowledge base article.

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
Kofax Communications Manager 5.5 and earlier n/a n/a n/a

 

Article # 3039760
  • Was this article helpful?