cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Business One Certificate error

Former Member
0 Kudos

Hello all!

Out of nowhere upon opening B1 Client we get the message "There is a problem with the server's security certificate.

The Security certificate is not from a trysted certifying authority. SAP Business one is unable to connect to the server."

Logging from the server is successful without any problems, this only appears when trying to log in from a client, before even asking for credentials.

The users were working and it was noticed as one of them restarted their computer.

The ones who were still logged in were able to continue working.

The server was restarted in case it would have been helpful and all users now have the same problem. Still logging in B1 through remote desktop is possible.

What is this certificate mentioned? Why did it occur without any other problems? How can it be fixed?

Accepted Solutions (1)

Accepted Solutions (1)

Johan_H
Active Contributor
0 Kudos

Hi Nikos,

I just saw a similar issue posted here. In their case it appeared to due to a Windows 10 automatic update from yesterday:

Are you running Windows 10 on the affected machines, or is Windows update set to update automatically ?

Regards,

Johan

Former Member
0 Kudos

Thank you Johan!

That was the problem!

0 Kudos

It works. Thanks!

Former Member
0 Kudos

Hi Juan,

did you uninstall a update to make it work? Which one? In my case, uninstalling KB3163018 did it (Windows 10, SAP B1 9.0).

Joao S Veiga

0 Kudos

Hi Joao.

I uninstalled that one, exactly, my customer has SBO 9.0 PL12 and after uninstalling I had restart the machine, and SBO works fine.

Regards.

Former Member
0 Kudos

Thank you Juan,

I'm opening a support ticket with Microsoft. I suggest everyone with the same problem does the same.

Best regatds,

Joao

0 Kudos

But take on mind that SBO 9.0 is not supported on Windows 10.

Regards.

Former Member
0 Kudos

It appears to affect B1 9.1 as well, and I believe that is a supported version.

Former Member
0 Kudos

According to the Compatibility Matrix, 9.1 does not support Windows 10. Only 9.2 does.

Great day!

Former Member
0 Kudos

Yes, in italy work.

i have uninstalled KB3163018

TKS

mario_schoenberg
Contributor
0 Kudos

Slight correction:

For Windows 10 SAP Business One 9.1 PL10 and higher is supported.


Best regards
Mario Schoenberg
SAP Business One Global Support

Answers (8)

Answers (8)

Former Member
0 Kudos

Hi Folks,

I've had this error this morning on an Terminal Server 2012R2 after installing some Windows patches..

After deleting the patches SAP Business One is working fine but now I can't install the security updates.. do any of you have an idea what I can do so installing windows updates won't give problems?

Greetz,

David

Phylax ICT

Former Member
0 Kudos

Hi David, Mingbo Wu's workaround worked for me (since then I've upgraded to 9.1 PL12, which does not present the issue, but I could install the windows updates and still work with 9.0 for about a month). See his workaround below:

Former Member
0 Kudos

For those not subscribing to the other thread, Mingbo Wu, saviour of the universe, has posted a solution there:

malcolm_lamour
Explorer
0 Kudos

Hi

If editing the server files are presenting too high a risk as posted by Mingbo Wu, you can run gpedit.msc on each pc or for your domain and do the following steps:

1. gpedit.msc on START-RUN

2. Expand Computer configuration

3. Expand Administrative Template

4. Network Network

5. Expand SSL Configuration

6. Enable SSL Cipher Order and copy (with thanks to MingBo!) his entry to the front of the Cipher Order.

TIP add a comma to the existing and then copy this in front of the comma.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA

7. Restart

Former Member
0 Kudos

From Brazil reporting it also works well after uninstalling update KB3163018. Tks

mario_schoenberg
Contributor
0 Kudos

Please be aware that uninstalling a security update might expose the affected machines. SAP does not recommend such a "solution". Therefore Microsoft's security gap should be closed again by reinstalling the updates as soon as possible. Refer to SAP note 2331786

http://service.sap.com/sap/support/notes/2331786

Kind regards
Mario Schoenberg

SAP Business One Global Support

Former Member
0 Kudos

Thank you Mario for the info.

The problem is that for some of us that are unable to update to version 9.2 due to things like tax configuration or some other structure issue, there seems to be no other option at the moment. Is there anything else we could try in the mean time?

Thank you!

Former Member
0 Kudos

Has anyone gotten the group policy change to work?  I made the Microsoft recommended changes and still no joy.

Former Member
0 Kudos

What about trying to update the SLD certificate with a stronger one? Can anyone try this?

How to generate and install a self-signed PKCS12 certificate for SLD of B1 90 or B1H 9.0 or higher v...,

https://service.sap.com/sap/support/notes/2046101

I don't have a test server with a running SAP B1, so I didn't have the courage to try it (and end up with an invalid certificate which won't work even without the windows update).

I just tried to replace the pkcs12 keystore pointed to by

C:\Program Files (x86)\SAP\SAP Business One ServerTools\System Landscape Directory\tomcat\conf\server.xml

(at the entry keystoreFile="C:\Program Files (x86)\SAP\SAP Business One ServerTools\Common\sapjvm_6\jre\bin\keystore.p12")

...with a keystore I use which has a stronger certificate (I use it on my web/IM server), but it didn't work; it looks like either SLD has to be reinstalled to see the new keystore, or the procedures I linked above have to be used.

Former Member
0 Kudos

From Hungary reporting it also works well after uninstalling update KB3163018. Thanks!!!

Former Member
0 Kudos

My guess is that it seems like WIndows 10 no longer likes the weak certificate used by the SLD. Would replacing the certificate with a stronger one in the server work? Is that even possible?

I tried adding the certificate provided by the server on port 30010 to the client's trusted certificates, but it still doesn't work.

Former Member
0 Kudos

From México reporting it also works well after uninstalling update KB3163018. Have a great day!

edwin_delacruz
Explorer
0 Kudos

For us here in Panama it was KB3163018. After uninstalling it it worked.

mike_taylor3
Contributor
0 Kudos

This solved my client's issue.  In Canada it was actually KB3163017.

I did try a reinstall and it didn't have any effect.  Thanks!

Mike