FIX: TN3270 Server service fails to start when RC4 encryption is disabled

Symptoms
Consider the following scenario:
  • You disable RC4 encryption to improve security according to the recommendations in the following TechNet blog post:


  • You configure the TN3270 Server service, which is included with Microsoft Host Integration Server 2013, to use TLS/SSL encryption.

However, when you try to start the TN3270 Server service, it fails to start, and the following event is logged in the Application log:

Security API AcquireCredentialsHandle failed with error code -2146893043L (The credentials supplied to the package were not recognized) in function SSLCreateSingleCredential.

Cause
This issue occurs because the Microsoft TN3270 Server Service requires RC4 encryption.
Resolution
Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To resolve this issue, apply this hotfix. Additionally, you must create the UseStrongCrypto registry entry. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TN3270\Parameters

  3. Right-click Parameters, point to New, and then click String (RegSz) Value.
  4. Type UseStrongCrypto as the name of the registry value, and then press Enter.
  5. Double-click UseStrongCrypto, type Yes in the Value data box to enable the feature, and then click OK.
  6. To disable the feature, type No in the UseStrongCrypto value data box.

Hotfix information

A supported hotfix is available from Microsoft Support. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

There are no prerequisites to apply this hotfix.

Restart information

You may have to restart the computer after you apply this hotfix.

Replacement information

This hotfix does not replace any previously released hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For Microsoft Host Integration Server 2013, 32-bit Edition
File nameFile versionFile sizeDateTimePlatform
Tn3servr.exe9.0.2356.2257,53622-Dec-201513:37Not Applicable
For Microsoft Host Integration Server 2013, 64-bit Edition
File nameFile versionFile sizeDateTimePlatform
Tn3servr.exe9.0.2356.2283,64822-Dec-201513:40Not Applicable
Note Because of file dependencies, the most recent fix that contains these files may also contain additional files.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology that Microsoft uses to describe software updates.
Properties

Article ID: 3121092 - Last Review: 01/27/2016 18:44:00 - Revision: 1.0

Microsoft Host Integration Server 2013

  • kbqfe kbsurveynew kbautohotfix kbhotfixserver kbfix kbexpertiseinter KB3121092
Feedback