RC4 Cipher Disablement

News Knowledge Base
,
1

How to disable RC4 Cipher?

Issue Description:

Disable the RC4 from the Orchestrator server. After disabling the same one pop-up on screen to fill the credential appears.

Note:

  • Typically, this is encountered when a server is using old cipher suites that are no longer considered strong. For a full list of cipher suites that are black listed for HTTP/2 communication see TLS 1.2 Cipher Suite Black List .
  • This is not an Orchestrator issue, but a Windows infrastructure issue. It is highly recommended you get the assistance of your system admin and security team to resolve this issue.

First level of troubleshooting:

Diagnosing Steps:

Note: Verify what Cipher suite is being used by using WireShark. However, checking the group policies is a simpler check.

  • If using the latest version of Windows Server, the default cipher suites should be valid for the connection.
  • To determine if the default Cipher suite configuration is being used, check the group policy for the server and for the client.
    • Read Microsoft - Manage Transport Layer Security for information on how to access the cipher suite group policy:
    • Start by checking the policy on the Orchestrator server.
    • If a policy is defined, the same policy is probably defined on both the client and the server.
    • If no policy is defined, check the client to see if it has a policy defined.
  • If no policy is defined for either the client or server go to the section Updating Windows
  • If a policy is defined, go the section Resolving Misconfigured Cipher Suites

Disable the RC4 from security:

Local security Policy --->Security option

Resolution:

Follow the below steps

  • Go to IE> Security > custom Level > select the automatic Login

If GPO setting is Disabled:

Check Notes about 1200, 1A00, 1A10, 1E05, 1C00, and 2000 Document i.e. registry key to work.

"Logon setting (1A00) may have any one of the following values (hexadecimal):

---------------------------------------------------------------

0x00000000 Automatically logon with current username and password

0x00010000 Prompt for user name and password

0x00020000 Automatic logon only in the Intranet zone

0x00030000 Anonymous logon .