cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

windows 10 update 15 Jun 2016

Go to solution
kedalenechong
Participant

on ‎06-15-2016 12:11 PM

0 Kudos

Hi all

SBO version 9.0 PL 6 cannot be logged on at all after a windows 10 auto update today.

It has been fine with windows 10 before this new update.

The error is There is a problem with the server's security certificate.  The security certificate is not from a trusted certifying authority.

SAP Business One is unable to connect to the server.

Please advise is it possible to overcome this error without upgrading SAP or downgrading windows 10?

Kedalene

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-15-2016 8:00 PM
0 Kudos

EDIT: The actual correct answer was given by Mingbo Wo, down below. He's da man.

Hi Kedalene,

I just got the same error in one of my users (that's how I found your post).

I have uninstalled KB3163018 from the PC and SAP 9.0 is working again. Can you try that so we can be sure this is the culprit update?

On Windows 10, you go

Start

Settings

Update&Security

Advanced Options

View your update history

Uninstall updates

Then select the KB3163018 (it will be far down, under Microsoft Windows). It will require a reboot.

regards,

Joao S Veiga

Message was edited by: Joao Veiga My answer was marked as correct, but it's just the "correct reason and workaround". The actual correct solution was just posted by Mingbo Wo in this thread!

Show replies
Show replies

Answers (20)

Answers (20)

malcolm_lamour
Explorer
‎06-24-2016 10:49 AM

Hi

If editing the server files are presenting too high a risk, you can run gpedit.msc on each pc or for your domain and do the following steps:

1. gpedit.msc on START-RUN

2. Expand Computer configuration

3. Expand Administrative Template

4. Network Network

5. Expand SSL Configuration

6. Enable SSL Cipher Order and copy (with thanks to MingBo!) his entry to the front of the Cipher Order.

TIP add a comma to the existing and then copy this in front of the comma.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA

7. Restart

Show replies
Show replies
kedalenechong
Participant
‎06-27-2016 11:00 AM
0 Kudos

Hi all

It also happens to SBO version 9 on Windows 7.

former_member320649
Member
‎07-29-2016 6:19 AM
0 Kudos

Hi Malcolm Larmour,

I try your advice but I can't modify SSL Cipher Order on windows 10 Pro, How do you modify SSL Cipher Order?

Thanks for helping.

Show replies
Show replies
malcolm_lamour
Explorer
‎07-29-2016 1:15 PM
0 Kudos

Dear Tran

I do a CTRL-A in the Cipher Order Box to select all and paste into notepad.

I then delete all that is in the Cipher Order box in gpedit

I then copy the following exactly as is in front of the copied data in notepad and check for and remove any duplicates.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA,

I hope that makes it a bit clearer.

You do not need to remove the particular Windows Updates which caused the issue.

Regards,

Malcolm

Former Member
‎08-23-2016 2:15 PM
0 Kudos

Hi Malcom!!

Thanks a lot for the solution!!

I`ve tried in Windows Server 2012R2 and works fine!!

A last question. This workarround works for the mobile aplication certificate issue too?? or is necessary another activities.

Greetings

Juan

malcolm_lamour
Explorer
‎08-23-2016 2:43 PM
0 Kudos

Hi Leonardo

We do not use the mobile application so I'm not able to advise you on that.

Kind regards,

Malcolm

Former Member
‎08-26-2016 2:49 AM
0 Kudos

Thanks Malcolm Lamour. It's work with my updated Win 10 Pro with SAP B1 9.0

Former Member
‎07-28-2016 11:01 AM
0 Kudos

I had similar issue.

I upgrade my PC from Win 8.1 to Win 10.

I got the below message when i am trying to log into SAP. My SAP ver. is B1 Ver 9.0 PL 11.

If you are doing in the UK you must uninstall the following update.

"Security update for Microsoft Windows KB3172985.

This worked for me.

Thanks

Suminda

Show replies
Show replies
yakoair1
Explorer
‎07-18-2016 5:17 PM
0 Kudos

Sorry!

I found the SAP Note in

KR

GLL

Show replies
Show replies
matthew_vanvuuren
Discoverer
‎07-19-2016 7:21 AM
0 Kudos

Hi All,

Refer also to SAP Note 2334025 (released 01/07/2016) "Windows Updates are Causing issues in older versions of SAP Business One" for the SAP version of the work-around as suggested by Mingbo Wu on 23/06/2016 that may work for Windows 10.

SAP Note 2331786 (released 30/06/2016) "Older SAP Business One clients on Windows 10 are suddenly unable to connect to server" is far less helpful as the cause is attributed by SAP to "Usage of a SAP Business One version which is not supported for Windows 10. For information about SAP Business One's Platform Support Matrix...SAP Customers access Platform Support Matrix" (document version 1.15 dated 20/05/2016).

From the Platform Support Matrix, Windows 10 is supported as of SBO9.1PL10 and SBO9.2PL00.

Regards,

MVV

yakoair1
Explorer
‎07-18-2016 3:50 PM
0 Kudos

Hi everyone

THis is a workaround, we have some demanding customers, that ask for a solution that will be definitive or will solve this issue.

as some of them for IT Security politics, are forced to allow this update

Does anyone knows if this problem has been registered as a sap message, or if it has been part of a development roadmap?

Kind Regards,

Gabriela

Show replies
Show replies
kedalenechong
Participant
‎07-19-2016 2:32 AM
0 Kudos

Hi Gabriela

Please refer SAP Note 2331786.

Former Member
‎07-15-2016 2:54 PM
0 Kudos

This Morning i had the same issue with the KB3172985 Update on windows 10

Show replies
Show replies
kedalenechong
Participant
‎07-18-2016 3:55 AM
0 Kudos

Hi Frederic

So SAP Business One version 9 is fine after uninstall this new offensive windows 10 update KB3172985?

Kedalene

kedalenechong
Participant
‎07-18-2016 7:52 AM
0 Kudos

Hi all

Anyone tried this workaround from Microsoft?

https://support.microsoft.com/en-us/kb/3163017

Former Member
‎07-18-2016 12:56 PM
0 Kudos

Hi Kedalene,


Yes my SAP version 9 work fine after removing the KB3172985 windows update

wale_adegbola
Participant
‎06-30-2016 2:29 PM
0 Kudos

Hello,

I finally got the Fix had to uninstall KB3163018 on windows Update on my control Panel and Restarted the System.

Show replies
Show replies
grahamheath
Explorer
‎06-29-2016 11:29 AM
0 Kudos

I can confirm the issue is now happening for Windows 7 machines where the above update is installed.  As W7 is shown in the list of supported OS's for Version 9 they will presumably have to come up with an official fix for the problem now.  That combined with the fact the majority of users will be running Windows 7 so this will be a massive problem if left unaddressed.

With a bit of luck this will also fix the issues in Windows 8 and 10 at the same time.

Show replies
Show replies
grahamheath
Explorer
‎06-30-2016 9:08 AM
0 Kudos

A quick update, the fix supplied by SAP for the Windows 7 issue was virtually identical to the one posted above by Mingbo.  I've tested a client with KB3161608 installed after making the changes to the server and it works.

Today I plan to check that the Windows 10 machines we have also work now with update KB3163018 installed.

Former Member
‎06-29-2016 8:29 AM
0 Kudos

Hi

For Windows 8.1 also does not work I do not know that the update uninstall

Show replies
Show replies
malcolm_lamour
Explorer
‎06-29-2016 11:07 AM
0 Kudos

Hi Slawomir

Do this even if the update is installed:

If editing the server files are presenting too high a risk, you can run gpedit.msc on each pc or for your domain and do the following steps:

1. gpedit.msc on START-RUN

2. Expand Computer configuration

3. Expand Administrative Template

4. Expand Network

5. Expand SSL Configuration

6. Enable SSL Cipher Order and copy (with thanks to MingBo!) his entry to the front of the Cipher Order.

TIP add a comma to the existing and then copy this in front of the comma.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA

7. Restart

Former Member
‎06-29-2016 11:14 AM
0 Kudos

I believe the updates in question causing the issues are listed below -

Windows 7 - Update for Windows 7 (KB3161608)

Windows 8 - Update for Windows 8.1 for x64-based Systems (KB3161606)

Windows 10 - Security Update for Windows (KB3163018)

kedalenechong
Participant
‎06-30-2016 9:02 AM
0 Kudos

Hi all

Windows 10 update also affects Hana SAP Business One 9.1 patch level 5.

Kedalene

tom_platts
Explorer
‎07-28-2016 9:32 AM
0 Kudos

Hi there,

Did anyone test this successfully on a client level? As described here?

Many thanks

former_member184708
Participant
‎06-24-2016 12:49 AM
0 Kudos

Is anyone having the same issue in relation Windows 7 or Server where its not Windows 10??? We have a site with a similar issue but they are not using Windows 10

Show replies
Show replies
former_member464260
Explorer
‎06-24-2016 5:59 AM
0 Kudos

Hi Marilyn

See the thread I posted a day or so ago

http://scn.sap.com/thread/3922951

Former Member
‎06-23-2016 12:27 AM
0 Kudos

We have done some research and finally get a solution for this windows update as we dont want to upgrade SAP version to 9.1 or 9.2.

1.

simply go to your server.xml in tomcat directory , for example ,

C:\Program Files (x86)\SAP\SAP Business One ServerTools\System Landscape Directory\tomcat\conf\server.xml

modify the connector add ciphers property into it.

like this

Connector

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

SSLEnabled="true" clientAuth="false" keystoreFile="C:\Program Files (x86)\SAP\SAP Business One ServerTools\Common\sapjvm_6\jre\bin\keystore.p12" keystorePass="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJkmw69Q7pUCZGoArhmk2RQQAAAAOAAAASgBEAFAAQQBQAEkAAAADZgAAwAAAABAAAACviR3rTsfYHl9d/N6EHUXWAAAAAASAAACgAAAAEAAAALwuzxnn2I1gIiraS/1Zb+gIAAAAh6ni6aKPBjMUAAAAPSDFqRHWijcOiIquVfZ33G6Id0g=" keystoreType="PKCS12" maxThreads="150" port="30010" protocol="org.apache.coyote.http11.SLDHttp11Protocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1,SSLv3,SSLv2Hello" sslProtocol="TLS"/>

2.

and do the same thing for SAP intergation service which is in

C:\Program Files (x86)\SAP\SAP Business One Integration\IntegrationServer\Tomcat\conf\server.xml

modify the port 8443 connector add ciphers property same as above.

3.

restart SAP SLD and Intergrtion service.

Show replies
Show replies
Former Member
‎06-23-2016 11:55 AM
0 Kudos

Brilliant!

You, sir, are a genius.

Thanks a bunch!

Here's a virtual box of beers from Brazil: [BEEEEEERS]

Best regards,

Joao S Veiga

grahamheath
Explorer
‎06-23-2016 2:48 PM
0 Kudos

Thanks Mingbo, before I try that are there any potential risks if this goes wrong?  Obviously I will back up all the files being changed first just in case, but I dont want to void our support and make things worse.

PS Thanks Brendan for the GPO tips, I'm using them as a temporary fix.

Former Member
‎06-23-2016 3:36 PM
0 Kudos

Thank you Mingbo Wu for your research.

I'm pretty new to this so I'm not fully understanding your comment. Should I just add the ciphers property to my current Connector definition, or replace it with your full command above?

Have a great day!

matthew_vanvuuren
Discoverer
‎07-18-2016 10:27 AM
0 Kudos

Many Thanks Mingbo Wu and Malcolm Lamour. Either solution works.

grahamheath
Explorer
‎06-22-2016 12:12 PM
0 Kudos

I've been having the same problem and removing KB3163018 does work in the short term.  As mentioned above though, this isnt a long term fix as the issue reoccurs each time windows 10 installs updates.

I am not keen on blocking the update because the rest of the security fixes contained in the cumulative update are then not installed, potentially leaving a security flaw unpatched which could then be exploited.

Hopefully someone can find a workaround that solves the issue whilst enabling the update to remain installed.

PS I tried the "show and hide updates" troubleshooter provided by Microsoft and it only worked on 1 out of 5 affected client machines.  I gave up using it after that.

Show replies
Show replies
Former Member
‎06-22-2016 11:05 PM
0 Kudos

Hi Graham,

One thing that did work for me was to disable Windows Updates via Group Policy on the Windows PC's. I know its not a great solution. But it does allow you to "Manage" the windows updates in the mean time for each machine.

This article does include the details on disabling windows update

How to Prevent Windows 10 From Automatically Downloading Updates

Look for the section named:


Use Group Policy to Disable Automatic Updates — Professional Editions Only

In a nutshell

open up gpedit.mcs on the machine and hunt for the "configure automatic updates"

This seems to have stoped the auto updates on the machines I have changed this setting.

Again not perfect, but until I get round to upgrading SAP B1 to a version that supports this issue, its my only work around

Regards

malcolm_lamour
Explorer
‎06-27-2016 11:17 AM
0 Kudos

Hi Graham

If you do my suggested solution then you can install the updates.

Regards,

Malcolm

araceli_jurez
Discoverer
‎06-17-2016 5:02 PM
0 Kudos

Hi

I have the same problem but in this case i idon´t have the update KB3163018 and i can´t restore to previous point.

Someone have had this case? what suggest i do?

Thanks for the help.

Show replies
Show replies
Former Member
‎06-17-2016 5:09 PM
0 Kudos

Hi Araceli,

Try update KB3163017 instead. Some users have reported this number to be the culprit.

Have a great day!

Former Member
‎06-17-2016 5:33 PM
0 Kudos

Do you have the KB3163017? It seems it depends on the region. Note that this is on the client machine, not on the server.

former_member186605
Active Contributor
‎06-17-2016 9:48 AM
0 Kudos

Hi all,

SAP just released SAP note 2331786 - Older SAP Business One clients are suddenly unable to connect to server

best, peter

Show replies
Show replies
Former Member
‎06-16-2016 10:14 PM
0 Kudos

I Just want to add to this.

Just uninstalling the update in windows 10 doesnt quite fix the issue. If you have windows update set to automatically install, the update is re-applied the very next day!

You can however stop a specific update from windows

see:

https://support.microsoft.com/en-us/kb/3073930

Show replies
Show replies
Former Member
‎06-16-2016 10:45 PM
0 Kudos

Thanks!

kedalenechong
Participant
‎06-17-2016 2:38 AM
0 Kudos

Hi all

How to permanently stop Windows 10 update?

Former Member
‎06-17-2016 6:04 AM
0 Kudos

Hi try this,

How to Prevent Windows 10 From Automatically Downloading Updates

Former Member
‎06-17-2016 12:06 PM
0 Kudos

Yes, in my case, I use WSUS (the updates are distributed by my server), so I marked it to "Romove" there.

BUT, this is the Windows 10 Cumulative update, so there are two BIG issues here:

1 - Uninstalling/blocking this update is preventing not only a specific update that causes the SAP problem, but actually a set of unrelated updates too.

2 - On the next cumulative update, the change that is incompatible with SAP will probably return, so we are condemned to never allow cumulative updates again!

Former Member
‎06-16-2016 5:37 PM
0 Kudos

Removing KB3163018 does work, thank you!

I did some research as to the culprit yesterday.

It seems Sap initially goes to https://sapserverip:30010/sld/sld.svc

If you go there using Chrome you will see 2 ssl cert errors(at least with mine).

SHA-1 Certificate

The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.

Certificate Error

There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).

So most likely Windows 10 is saying this is unacceptable from now on. I did not find any settings to make this acceptable. I went to control panel internet options and try to put the domain in trusted sites, I tried to put the cert in trusted in windows 10 certmgr.msc to no avail.


My next option before I found this post would have been to pay for a cert using godaddy or alike and make it compliant with the 2 errors in hopes that may cure the problem.


I could not find any other work around in any setting or anything in windows 10. So to buy and install a cert that is more compliant to the new windows 10 standard would have been and might be the long term 100% cure.


But my dealing with certs and levels that OS's can inherently do this may present a problem. I'm running Server 2008, I know that its security can only do certain levels of TLS like to enable tls 2.0 on 2008 R2 you can see here what to do.


How to enable TLS 1.2 on Windows Server 2008 R2 - QuoVadis Customer Support


So this may become a bigger issue...


Thanks for the help.

Show replies
Show replies
Former Member
‎06-16-2016 6:31 PM
0 Kudos

I have been trying to workaround it too.

C:\Program Files (x86)\SAP\SAP Business One ServerTools\System Landscape Directory\tomcat\conf\server.xml points to a pkcs12 key at

<Connector port="30010" sslProtocol="TLS" sslEnabledProtocols="TLSv1,SSLv3,SSLv2Hello" secure="true" scheme="https" protocol="org.apache.coyote.http11.SLDHttp11Protocol" maxThreads="150" keystoreType="PKCS12" keystorePass="xxx" keystoreFile="C:\Program Files (x86)\SAP\SAP Business One ServerTools\Common\sapjvm_6\jre\bin\keystore.p12" clientAuth="false" SSLEnabled="true"/>

I tried to replace that with a new, valid pkcs12 key and restart the SLD, but nothing changed. I did not try rebooting the server.

(and btw, you can get free SSL keys at https://letsencrypt.org/ I've been using that on my web/webmail/im server for a while; the only caveat is that you have to renew them before 90 days; I tried the same pkcs12 key I use for my Openfire server, generated from this cert).

Is there a correct way to replace that key (if that is even the one SLD is using and causing the issue)?

Former Member
‎06-16-2016 6:38 PM
0 Kudos

My Cert is located in IIS, when you go here https://sapserverip:30010/sld/sld.svc

Is pulling from IIS cert installed there.

Former Member
‎06-17-2016 12:55 PM
0 Kudos

Are you sure? My understanding is that the SLD server is answering on port 30010, not IIS.

There's a procedure for updating the SLD certificate (), but I don't have access to the note it refers to:

https://service.sap.com/sap/support/notes/2046101

(my SAP Marketplace user/pass is not working; I haven't used it for years, maybe it expired; I requested support to my vendor)

Former Member
‎06-17-2016 4:49 PM
0 Kudos

I'm not sure its 100% using the cert in IIS. I am sure that the cert in IIS is the exact same cert when I go https://sapserverip:30010/sld/sld.svc

Former Member
‎06-16-2016 5:08 PM
0 Kudos

Got same issue this morning, and got it to work by removing the aforementioned update : KB3163018.

Working ok so far!

Show replies
Show replies
Former Member
‎06-15-2016 8:22 PM
0 Kudos

I'm opening a support ticket with Microsoft. I suggest everyone with the same problem does the same.

Best regatds,

Joao S Veiga

Show replies
Show replies
kedalenechong
Participant
‎06-16-2016 2:50 AM
0 Kudos

Hi Joao

The reply from SAP is just standard reply saying refer to compatibility support matrix.

We will try your workaround since it works for you, thanks!

kothandaraman_nagarajan
Active Contributor
‎06-15-2016 1:38 PM
0 Kudos

Hi,

FYI:-

Windows 10 supports only from 9.1 PL10 and 9.2  PL00.

Thanks

Show replies
Show replies
Johan_H
Active Contributor
‎06-15-2016 12:31 PM
0 Kudos

Hi Kedalene,

You might be able to get away with just uninstalling this most recent Windows 10 update.

Another option may be to just uninstall and reinstall the B1 client, and DI API.

Regards,

Johan

Show replies
Show replies
former_member755292
Explorer
‎06-15-2016 6:45 PM
0 Kudos

Hi,

I had the same problem this morning, i wasn't sure which update caused this problem, now i figured it.

i uninstalled the following update, and it works now:

Security Update for Microsoft Windows (KB3163018)



but i assume this isn't a final solution, so we'll still need a solution that works with this security update!


Thanks

Pinny

former_member755292
Explorer
‎06-15-2016 7:03 PM
0 Kudos

In edition to the previous post,

i have tried uninstalling and reinstalling the SAP Software, but this didn't solve the problem,

Thanks

Pinny

Ask a Question