on 06-15-2016 12:11 PM
Hi all
SBO version 9.0 PL 6 cannot be logged on at all after a windows 10 auto update today.
It has been fine with windows 10 before this new update.
The error is There is a problem with the server's security certificate. The security certificate is not from a trusted certifying authority.
SAP Business One is unable to connect to the server.
Please advise is it possible to overcome this error without upgrading SAP or downgrading windows 10?
Kedalene
EDIT: The actual correct answer was given by Mingbo Wo, down below. He's da man.
Hi Kedalene,
I just got the same error in one of my users (that's how I found your post).
I have uninstalled KB3163018 from the PC and SAP 9.0 is working again. Can you try that so we can be sure this is the culprit update?
On Windows 10, you go
Start
Settings
Update&Security
Advanced Options
View your update history
Uninstall updates
Then select the KB3163018 (it will be far down, under Microsoft Windows). It will require a reboot.
regards,
Joao S Veiga
Message was edited by: Joao Veiga My answer was marked as correct, but it's just the "correct reason and workaround". The actual correct solution was just posted by Mingbo Wo in this thread!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
If editing the server files are presenting too high a risk, you can run gpedit.msc on each pc or for your domain and do the following steps:
1. gpedit.msc on START-RUN
2. Expand Computer configuration
3. Expand Administrative Template
4. Network Network
5. Expand SSL Configuration
6. Enable SSL Cipher Order and copy (with thanks to MingBo!) his entry to the front of the Cipher Order.
TIP add a comma to the existing and then copy this in front of the comma.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
7. Restart
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Malcolm Larmour,
I try your advice but I can't modify SSL Cipher Order on windows 10 Pro, How do you modify SSL Cipher Order?
Thanks for helping.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Tran
I do a CTRL-A in the Cipher Order Box to select all and paste into notepad.
I then delete all that is in the Cipher Order box in gpedit
I then copy the following exactly as is in front of the copied data in notepad and check for and remove any duplicates.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA,
I hope that makes it a bit clearer.
You do not need to remove the particular Windows Updates which caused the issue.
Regards,
Malcolm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
Refer also to SAP Note 2334025 (released 01/07/2016) "Windows Updates are Causing issues in older versions of SAP Business One" for the SAP version of the work-around as suggested by Mingbo Wu on 23/06/2016 that may work for Windows 10.
SAP Note 2331786 (released 30/06/2016) "Older SAP Business One clients on Windows 10 are suddenly unable to connect to server" is far less helpful as the cause is attributed by SAP to "Usage of a SAP Business One version which is not supported for Windows 10. For information about SAP Business One's Platform Support Matrix...SAP Customers access Platform Support Matrix" (document version 1.15 dated 20/05/2016).
From the Platform Support Matrix, Windows 10 is supported as of SBO9.1PL10 and SBO9.2PL00.
Regards,
MVV
Hi everyone
THis is a workaround, we have some demanding customers, that ask for a solution that will be definitive or will solve this issue.
as some of them for IT Security politics, are forced to allow this update
Does anyone knows if this problem has been registered as a sap message, or if it has been part of a development roadmap?
Kind Regards,
Gabriela
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This Morning i had the same issue with the KB3172985 Update on windows 10
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I finally got the Fix had to uninstall KB3163018 on windows Update on my control Panel and Restarted the System.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I can confirm the issue is now happening for Windows 7 machines where the above update is installed. As W7 is shown in the list of supported OS's for Version 9 they will presumably have to come up with an official fix for the problem now. That combined with the fact the majority of users will be running Windows 7 so this will be a massive problem if left unaddressed.
With a bit of luck this will also fix the issues in Windows 8 and 10 at the same time.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
A quick update, the fix supplied by SAP for the Windows 7 issue was virtually identical to the one posted above by Mingbo. I've tested a client with KB3161608 installed after making the changes to the server and it works.
Today I plan to check that the Windows 10 machines we have also work now with update KB3163018 installed.
Hi
For Windows 8.1 also does not work I do not know that the update uninstall
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Slawomir
Do this even if the update is installed:
If editing the server files are presenting too high a risk, you can run gpedit.msc on each pc or for your domain and do the following steps:
1. gpedit.msc on START-RUN
2. Expand Computer configuration
3. Expand Administrative Template
4. Expand Network
5. Expand SSL Configuration
6. Enable SSL Cipher Order and copy (with thanks to MingBo!) his entry to the front of the Cipher Order.
TIP add a comma to the existing and then copy this in front of the comma.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
7. Restart
Is anyone having the same issue in relation Windows 7 or Server where its not Windows 10??? We have a site with a similar issue but they are not using Windows 10
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We have done some research and finally get a solution for this windows update as we dont want to upgrade SAP version to 9.1 or 9.2.
1.
simply go to your server.xml in tomcat directory , for example ,
C:\Program Files (x86)\SAP\SAP Business One ServerTools\System Landscape Directory\tomcat\conf\server.xml
modify the connector add ciphers property into it.
like this
Connector
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
SSLEnabled="true" clientAuth="false" keystoreFile="C:\Program Files (x86)\SAP\SAP Business One ServerTools\Common\sapjvm_6\jre\bin\keystore.p12" keystorePass="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJkmw69Q7pUCZGoArhmk2RQQAAAAOAAAASgBEAFAAQQBQAEkAAAADZgAAwAAAABAAAACviR3rTsfYHl9d/N6EHUXWAAAAAASAAACgAAAAEAAAALwuzxnn2I1gIiraS/1Zb+gIAAAAh6ni6aKPBjMUAAAAPSDFqRHWijcOiIquVfZ33G6Id0g=" keystoreType="PKCS12" maxThreads="150" port="30010" protocol="org.apache.coyote.http11.SLDHttp11Protocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1,SSLv3,SSLv2Hello" sslProtocol="TLS"/>
2.
and do the same thing for SAP intergation service which is in
C:\Program Files (x86)\SAP\SAP Business One Integration\IntegrationServer\Tomcat\conf\server.xml
modify the port 8443 connector add ciphers property same as above.
3.
restart SAP SLD and Intergrtion service.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I've been having the same problem and removing KB3163018 does work in the short term. As mentioned above though, this isnt a long term fix as the issue reoccurs each time windows 10 installs updates.
I am not keen on blocking the update because the rest of the security fixes contained in the cumulative update are then not installed, potentially leaving a security flaw unpatched which could then be exploited.
Hopefully someone can find a workaround that solves the issue whilst enabling the update to remain installed.
PS I tried the "show and hide updates" troubleshooter provided by Microsoft and it only worked on 1 out of 5 affected client machines. I gave up using it after that.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Graham,
One thing that did work for me was to disable Windows Updates via Group Policy on the Windows PC's. I know its not a great solution. But it does allow you to "Manage" the windows updates in the mean time for each machine.
This article does include the details on disabling windows update
How to Prevent Windows 10 From Automatically Downloading Updates
Look for the section named:
Use Group Policy to Disable Automatic Updates — Professional Editions Only
In a nutshell
open up gpedit.mcs on the machine and hunt for the "configure automatic updates"
This seems to have stoped the auto updates on the machines I have changed this setting.
Again not perfect, but until I get round to upgrading SAP B1 to a version that supports this issue, its my only work around
Regards
Hi
I have the same problem but in this case i idon´t have the update KB3163018 and i can´t restore to previous point.
Someone have had this case? what suggest i do?
Thanks for the help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
SAP just released SAP note 2331786 - Older SAP Business One clients are suddenly unable to connect to server
best, peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I Just want to add to this.
Just uninstalling the update in windows 10 doesnt quite fix the issue. If you have windows update set to automatically install, the update is re-applied the very next day!
You can however stop a specific update from windows
see:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, in my case, I use WSUS (the updates are distributed by my server), so I marked it to "Romove" there.
BUT, this is the Windows 10 Cumulative update, so there are two BIG issues here:
1 - Uninstalling/blocking this update is preventing not only a specific update that causes the SAP problem, but actually a set of unrelated updates too.
2 - On the next cumulative update, the change that is incompatible with SAP will probably return, so we are condemned to never allow cumulative updates again!
Removing KB3163018 does work, thank you!
I did some research as to the culprit yesterday.
It seems Sap initially goes to https://sapserverip:30010/sld/sld.svc
If you go there using Chrome you will see 2 ssl cert errors(at least with mine).
SHA-1 Certificate
The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.
Certificate Error
There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).
So most likely Windows 10 is saying this is unacceptable from now on. I did not find any settings to make this acceptable. I went to control panel internet options and try to put the domain in trusted sites, I tried to put the cert in trusted in windows 10 certmgr.msc to no avail.
My next option before I found this post would have been to pay for a cert using godaddy or alike and make it compliant with the 2 errors in hopes that may cure the problem.
I could not find any other work around in any setting or anything in windows 10. So to buy and install a cert that is more compliant to the new windows 10 standard would have been and might be the long term 100% cure.
But my dealing with certs and levels that OS's can inherently do this may present a problem. I'm running Server 2008, I know that its security can only do certain levels of TLS like to enable tls 2.0 on 2008 R2 you can see here what to do.
How to enable TLS 1.2 on Windows Server 2008 R2 - QuoVadis Customer Support
So this may become a bigger issue...
Thanks for the help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have been trying to workaround it too.
C:\Program Files (x86)\SAP\SAP Business One ServerTools\System Landscape Directory\tomcat\conf\server.xml points to a pkcs12 key at
<Connector port="30010" sslProtocol="TLS" sslEnabledProtocols="TLSv1,SSLv3,SSLv2Hello" secure="true" scheme="https" protocol="org.apache.coyote.http11.SLDHttp11Protocol" maxThreads="150" keystoreType="PKCS12" keystorePass="xxx" keystoreFile="C:\Program Files (x86)\SAP\SAP Business One ServerTools\Common\sapjvm_6\jre\bin\keystore.p12" clientAuth="false" SSLEnabled="true"/>
I tried to replace that with a new, valid pkcs12 key and restart the SLD, but nothing changed. I did not try rebooting the server.
(and btw, you can get free SSL keys at https://letsencrypt.org/ I've been using that on my web/webmail/im server for a while; the only caveat is that you have to renew them before 90 days; I tried the same pkcs12 key I use for my Openfire server, generated from this cert).
Is there a correct way to replace that key (if that is even the one SLD is using and causing the issue)?
My Cert is located in IIS, when you go here https://sapserverip:30010/sld/sld.svc
Is pulling from IIS cert installed there.
Are you sure? My understanding is that the SLD server is answering on port 30010, not IIS.
There's a procedure for updating the SLD certificate (), but I don't have access to the note it refers to:
https://service.sap.com/sap/support/notes/2046101
(my SAP Marketplace user/pass is not working; I haven't used it for years, maybe it expired; I requested support to my vendor)
I'm not sure its 100% using the cert in IIS. I am sure that the cert in IIS is the exact same cert when I go https://sapserverip:30010/sld/sld.svc
Got same issue this morning, and got it to work by removing the aforementioned update : KB3163018.
Working ok so far!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm opening a support ticket with Microsoft. I suggest everyone with the same problem does the same.
Best regatds,
Joao S Veiga
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
FYI:-
Windows 10 supports only from 9.1 PL10 and 9.2 PL00.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kedalene,
You might be able to get away with just uninstalling this most recent Windows 10 update.
Another option may be to just uninstall and reinstall the B1 client, and DI API.
Regards,
Johan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I had the same problem this morning, i wasn't sure which update caused this problem, now i figured it.
i uninstalled the following update, and it works now:
Security Update for Microsoft Windows (KB3163018)
but i assume this isn't a final solution, so we'll still need a solution that works with this security update!
Thanks
Pinny
User | Count |
---|---|
103 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.