on 06-15-2016 1:08 PM
Hello all!
Out of nowhere upon opening B1 Client we get the message "There is a problem with the server's security certificate.
The Security certificate is not from a trysted certifying authority. SAP Business one is unable to connect to the server."
Logging from the server is successful without any problems, this only appears when trying to log in from a client, before even asking for credentials.
The users were working and it was noticed as one of them restarted their computer.
The ones who were still logged in were able to continue working.
The server was restarted in case it would have been helpful and all users now have the same problem. Still logging in B1 through remote desktop is possible.
What is this certificate mentioned? Why did it occur without any other problems? How can it be fixed?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Folks,
I've had this error this morning on an Terminal Server 2012R2 after installing some Windows patches..
After deleting the patches SAP Business One is working fine but now I can't install the security updates.. do any of you have an idea what I can do so installing windows updates won't give problems?
Greetz,
David
Phylax ICT
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
If editing the server files are presenting too high a risk as posted by Mingbo Wu, you can run gpedit.msc on each pc or for your domain and do the following steps:
1. gpedit.msc on START-RUN
2. Expand Computer configuration
3. Expand Administrative Template
4. Network Network
5. Expand SSL Configuration
6. Enable SSL Cipher Order and copy (with thanks to MingBo!) his entry to the front of the Cipher Order.
TIP add a comma to the existing and then copy this in front of the comma.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
7. Restart
From Brazil reporting it also works well after uninstalling update KB3163018. Tks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please be aware that uninstalling a security update might expose the affected machines. SAP does not recommend such a "solution". Therefore Microsoft's security gap should be closed again by reinstalling the updates as soon as possible. Refer to SAP note 2331786
http://service.sap.com/sap/support/notes/2331786
Kind regards
Mario Schoenberg
SAP Business One Global Support
What about trying to update the SLD certificate with a stronger one? Can anyone try this?
https://service.sap.com/sap/support/notes/2046101
I don't have a test server with a running SAP B1, so I didn't have the courage to try it (and end up with an invalid certificate which won't work even without the windows update).
I just tried to replace the pkcs12 keystore pointed to by
C:\Program Files (x86)\SAP\SAP Business One ServerTools\System Landscape Directory\tomcat\conf\server.xml
(at the entry keystoreFile="C:\Program Files (x86)\SAP\SAP Business One ServerTools\Common\sapjvm_6\jre\bin\keystore.p12")
...with a keystore I use which has a stronger certificate (I use it on my web/IM server), but it didn't work; it looks like either SLD has to be reinstalled to see the new keystore, or the procedures I linked above have to be used.
From Hungary reporting it also works well after uninstalling update KB3163018. Thanks!!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My guess is that it seems like WIndows 10 no longer likes the weak certificate used by the SLD. Would replacing the certificate with a stronger one in the server work? Is that even possible?
I tried adding the certificate provided by the server on port 30010 to the client's trusted certificates, but it still doesn't work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
From México reporting it also works well after uninstalling update KB3163018. Have a great day!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For us here in Panama it was KB3163018. After uninstalling it it worked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This solved my client's issue. In Canada it was actually KB3163017.
I did try a reinstall and it didn't have any effect. Thanks!
Mike
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
69 | |
14 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.