Why is the Action Center installer not able to connect to Orchestrator even if the Orchestrator server is reachable from the Action Center machine?
Issue:
When trying to install Action Center, users cannot get past the section asking for the Orchestrator and Identity URLs. Users may receive an error stating the connection to Orchestrator could not be established and that it was closed by the server. Please see the screenshot below:
When using Fiddler 4 to trace the request, the tunnel to the Orchestrator server cannot be created, and the error will state: "The client and server cannot communicate because they do not possess a common algorithm".
Resolution:
Enable TLS1.0 on the machine, until installation finishes.
Methods of enabling TLS protocols:
- Through Registry:
- Navigate in the registry to HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
- Under this segment, you should find the different TLS protocols and their settings, as shown below:
- On both Client and Server set the "Enabled" DWORD to 1:]
- Restart the machine after altering the registry
- Through Powershell
- Active TLS protocols can be checked with the following command:
- [Net.ServicePointManager]::SecurityProtocol
- In order to activate the TLS 1.0 protocol, please use the following command:
- [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls;
- Active TLS protocols can be checked with the following command:
If enabling the TLS 1.0 protocol through Powershell fails, please check the registry, and enable it from there.
If the registry does not show any TLS protocol keys in the path mentioned above, no TLS protocol is restricted and all of them should be enabled.