cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
maximillianx
Engaged Sweeper
We need to disable the TLS 1.0 protocol on our IIS server running Lansweeper (per a compliance audit), but when we do, we get a dialog box stating that Lansweeper is upgrading 1 of 145 components (paraphrased, I don't have a screenshot available), and it just hangs there. Re-enabling 1.0 and restarting IIS resolves this issue.

We were able to successfully disable SSL 3.0 with no issue but as soon as we disable TLS 1.0, we get problems.

Anyone else successfully disabled TLS 1.0 with no issues?

We're using the Nartac IIS Crypto tool to do this, btw. Performing the changes via the registry yielded the same results.

Thank you!
1 ACCEPTED SOLUTION
Bruce_B
Lansweeper Alumni
Just to follow up on this. We've tested this further internally, and the current effect of disabling TLS 1.0 on your Lansweeper server is the following:
  • For connections to your database from your service to be successful you need to have SQL Server 2008 or newer installed and need to have the latest Microsoft Cumulative Update installed for your SQL Server installation. Older SQL Server versions don't seem to have an update available specific to this and Microsoft no longer provides support for these SQL Server versions.
  • New Advanced Lansweeper installations on SQL Server will fail on the database connection part of the install. We'll look into fixing this in a future Lansweeper release, though we can't provide a release date for this yet.


In short, if you want to disable TLS 1.0, it appears that this is fine, if your Lansweeper is already installed and your database is installed on SQL Server 2008 or newer, with the latest Cumulative Update.

Edit: further testing has revealed that disabling TLS 1.0 will also negatively impact the scanning of warranty information for assets. This is also something we'll resolve in a future release.

View solution in original post

5 REPLIES 5
banthon1
Engaged Sweeper
https://support.microsoft.com/en-us/help/3135244/tls-1.2-support-for-microsoft-sql-server

for anyone else that needs this...
Bruce_B
Lansweeper Alumni
Just to follow up on this. We've tested this further internally, and the current effect of disabling TLS 1.0 on your Lansweeper server is the following:
  • For connections to your database from your service to be successful you need to have SQL Server 2008 or newer installed and need to have the latest Microsoft Cumulative Update installed for your SQL Server installation. Older SQL Server versions don't seem to have an update available specific to this and Microsoft no longer provides support for these SQL Server versions.
  • New Advanced Lansweeper installations on SQL Server will fail on the database connection part of the install. We'll look into fixing this in a future Lansweeper release, though we can't provide a release date for this yet.


In short, if you want to disable TLS 1.0, it appears that this is fine, if your Lansweeper is already installed and your database is installed on SQL Server 2008 or newer, with the latest Cumulative Update.

Edit: further testing has revealed that disabling TLS 1.0 will also negatively impact the scanning of warranty information for assets. This is also something we'll resolve in a future release.
Marvin
Engaged Sweeper
+1 for this.
Disabling TLS 1.0 will be required for us as well.
maximillianx
Engaged Sweeper
TLS 1.0 will be deprecated next year, will you be updating the framework before then?
Bruce_B
Lansweeper Alumni
Edit: not entirely correct, check post below.