Category Archives: Howto Tutorials (EN)

Knowledge Network for Tutorials, Howto’s, Workaround, DevOps Code for Professionals.

Howto Tutorials (EN)

Enable TLS 1.1 and 1.2 on Windows using REG ADD

Home  »  Howto Tutorials (EN)
Leave a comment

The SSL vulnerabilities discovered in the SSLv3 protocol no longer allow the use and also TLS 1.0. It is recommended to use TLS 1.2 or higher. This post aims to help to increase Windows Server TLS security by editing the registry with REG ADD.

In order for Windows TLS 1.1 and TLS 1.2 to be enabled and negotiated on Windows Server, as described in the Microsoft article:

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows“.

The TLS SSL settings must create the entry “DisabledByDefault” in the appropriate subkey (client) and set it to “0”. These subkeys are not created in the registry because these protocols are disabled by default.

Most applications now support TLS 1.2 or higher and use Schannel over HTTP and .NET APIs.

However, some older programs call the Security Support Provider Interface (SSPI) directly and also specify the TLS version at the same time. TLS 1.0 or 1.1 is then often negotiated. Once Microsoft disables these outdated protocols in Windows, such software fails.

Create the subkeys for TLS 1.1 and TLS 1.2 using REG ADD

To create the DisabledByDefault DWORD subkeys and set them to 0 using REG ADD and without opening Registry Editor, the following lines can be run at a command prompt as administrator.

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" /v "Enabled" /t REG_DWORD /d "1" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "DisabledByDefault" /t REG_DWORD /d "0" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "Enabled" /t REG_DWORD /d "1" /f

After creating the subkeys for TLS 1.1 and TLS 1.2 with using REG ADD on Windows. The Windows must be restarted for activation.

Transport Layer Security (TLS) 1.2 is the successor to Secure Sockets Layer (SSL) used by endpoint devices and applications to authenticate and encrypt data securely when transferred over a network. TLS protocol is a widely accepted standard used by devices.

A similar post that might also interest you here.

Howto Tutorials (EN)

Power BI Report Server Schedules SQLServer Error 15404

Home  »  Howto Tutorials (EN)
Leave a comment

When working with Power BI Reports, you want dashboards and reports to be regularly updated with data sources. The Interactive Reports and Data Visualizations should reflect current information and charts.

Symptom

SQLServer Error: 15404, Could not obtain information about Windows NT group/user COM\sales, error code 0x5 ConnIsLoginSysAdmin>SQLSTATE 42000

Updating the reports is performed by the Power BI Report Server scheduler. You get the SQL Server Error 15404 during a SQL Server On-Prem installation. Log File Viewer can found in the SQL Server Management Studio – SQL Server Agent – Log File Viewer.

Power BI Report Schedules
Microsoft SQL Server Management Studio – SQL Server Agent – Log File Viewer

Power BI Report Server Schedules

Cause

The upgrade tasks scheduled by Microsoft SQL Server Reporting Services (SSRS) and Power BI Report Server (PBRS) are performed by SQL Server Agent. SQL Server Agent is a Windows service that performs scheduled management tasks (jobs). For permission to perform the update task to be fulfilled, authentication of an Active Directory domain account is required. The Microsoft SQL Server installation involves running the SQL Server Agent service as NT SERVICE\SQLSERVERAGENT thereby Active Directory is refusing access to SQL Agent.

Solution

Use an Active Directory domain user account to log on.

SQL Server Configuration Manager

SQL Server Configuration Manager

Change SQL Server Agent authentication with ran the services.msc MMC-console to enable SQL Server Agent service through PropertiesLog on, or use the SQL Server Configuration Manager.

What is Power BI Report Server

Power BI Report Server is an on-premises report server with a web portal in which you display and manage reports and KPIs. Along with it come the tools to create BI reports, paginated reports, mobile reports, and KPIs. Your users can access those reports in different ways: viewing them in a web browser or mobile device, or as an email in their in-box.

PBI Report Server is similar to both SQL Server Reporting Services and it’s online service, but in different ways. Like the PBI service, PBI Report Server hosts PBI reports (.pbix), Excel files, and paginated reports.