RC4 Cipher Disablement
The Team wants to disable the RC4 from the Orchestrator server after disabling the same they are getting one pop-up on screen to fill the credential.
- Typically, this is encountered when a server is using old cipher suites that are no longer considered strong. For a full list of cipher suites that are black listed for HTTP/2 communication see TLS 1.2 Cipher Suite Black List .
- This is not an Orchestrator issue, but a Windows infrastructure issue. It is highly recommended you get the assistance of your system admin and security team to resolve this issue.
First level of troubleshooting:
Note: Verify what Cipher suite is being used by using WireShark. However, checking the group policies is a simpler check.
- If using the latest version of Windows Server, the default cipher suites should be valid for the connection.
- To determine if the default Cipher suite configuration is being used, check the group policy for the server and for the client.
- Read Microsoft - Manage Transport Layer Security for information on how to access the cipher suite group policy:
- Start by checking the policy on the Orchestrator server.
- If a policy is defined, the same policy is probably defined on both the client and the server.
- If no policy is defined, check the client to see if it has a policy defined.
- If no policy is defined for either the client or server go to the section Updating Windows
- If a policy is defined, go the section Resolving Misconfigured Cipher Suites
Disable the RC4 from security:
Local security Policy --->Security option
Resolution: Follow the below steps
- Go to IE> Security > custom Level > select the automatic Login
If GPO setting is Disabled:
Check Notes about 1200, 1A00, 1A10, 1E05, 1C00, and 2000 Document i.e. registry key to work.
"Logon setting (1A00) may have any one of the following values (hexadecimal):
0x00000000 Automatically logon with current username and password
0x00010000 Prompt for user name and password
0x00020000 Automatic logon only in the Intranet zone
0x00030000 Anonymous logon .