FIX: TN3270 Server service fails to start when RC4 encryption is disabled


Consider the following scenario:
  • You disable RC4 encryption to improve security according to the recommendations in the following TechNet blog post:

  • You configure the TN3270 Server service, which is included with Microsoft Host Integration Server 2013, to use TLS/SSL encryption.

However, when you try to start the TN3270 Server service, it fails to start, and the following event is logged in the Application log:

Security API AcquireCredentialsHandle failed with error code -2146893043L (The credentials supplied to the package were not recognized) in function SSLCreateSingleCredential.


This issue occurs because the Microsoft TN3270 Server Service requires RC4 encryption.


Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To resolve this issue, apply this hotfix. Additionally, you must create the UseStrongCrypto registry entry. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following registry key:

  3. Right-click Parameters, point to New, and then click String (RegSz) Value.
  4. Type UseStrongCrypto as the name of the registry value, and then press Enter.
  5. Double-click UseStrongCrypto, type Yes in the Value data box to enable the feature, and then click OK.
  6. To disable the feature, type No in the UseStrongCrypto value data box.

Hotfix information

A supported hotfix is available from Microsoft Support. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


There are no prerequisites to apply this hotfix.

Restart information

You may have to restart the computer after you apply this hotfix.

Replacement information

This hotfix does not replace any previously released hotfix.

File information


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.

Article ID: 3121092 - Last Review: Jan 27, 2016 - Revision: 1

Microsoft Host Integration Server 2013