Challenge
After disabling TLS 1.0/1.1, Veeam functionality which utilizes the SCHANNEL security provider, such as license auto-update, license usage reporting and Veeam explorers with remote mounts stop working.You can see the following error in the Svc.VeeamBackup.log log file and/or in the pop-up error window.
The client and server cannot communicate, because they do not possess a common algorithm
Cause
The currently targeted .NET Framework version, 4.5.2, defaults to TLS 1.0 and doesn’t switch automatically to 1.2 when TLS 1.0/1.1 is disabled.Solution
The following registry keys will need to be added on machines where TLS 1.0/1.1 has been disabled to force the usage of TLS 1.2.Locations: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
Name: SchUseStrongCrypto
Type: DWORD
Value: 1
Name: SystemDefaultTlsVersions
Type: DWORD
Value: 1
A .reg file is provided by Microsoft that will set these keys to their most safe values:
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry
More Information
Microsoft .NET Framework Best practices for TLShttps://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls