SBX - Search With Button

SBX - Forum Post Title

How can I shut down TLS 1.0 in RMS 2.0.2000

Microsoft Dynamics RMS Forum

Nathan Jung asked a question on 6 Jun 2018 7:14 PM

Question Status

Unanswered

I'm having trouble shutting down TLS 1.0 on my Windows 7 SP1 client machines and still being able to process credit cards.

Specs:

 Windows 7 Pro Sp1

  SQL Server 2008 R2 SP3 with TLS 1.2 hotfix

 RMS 2.0.2000

 Retail Realm Cayan Processing Manager plug in Ver 1.0.0.8

 Cayan Genius Terminal

RMS works fine with TLS 1.0 disabled in registry Protocol keys, until I run a credit card transaction and then I get the following error:

As soon as I enable TLS 1.0 in the registry, it works fine.

How can I fix this so that I can turn off TLS 1.0 to be PCI compliant on July 1 2018?

Reply
Nathan Jung responded on 6 Jun 2018 7:17 PM

Sorry that the error didn't show up. Here it is in text:

Heading "RR RMS Cayan Payment Processing - Sale"

Error Message "Result: An error occurred while making the HTTP request to transport.merchantware.net/.../transportService.asmx"

Reply
Kevin Antosh responded on 7 Jun 2018 8:36 AM
My Badges

Hi Nathan, I'm get conflicting information from different processors as to whether the solution you have can be TLS compliant. I'll let you know if I get a clear and concise answer from Cayan or Retail Realm. For now we have been advising customers to have stand alone payment terminals (or Square) ready just in case the processing stops working (or switch to another solution for RMS like Card Defender/upgrade to Retail Management Hero/Cloud Retailer). You should also ask your Microsoft Dynamics RMS Partner for advice as well. If you do not have a Microsoft Dynamics RMS Partner, paid support is available from Microsoft by calling 888-477-7877. We also offer paid support at RITE: 888-267-7483.

Reply
Nathan Jung responded on 7 Jun 2018 8:19 PM

I thought I had the latest Retail Realm Cayan Processing Manager plug in. It wasn't. However Version 1.0.0.11 seems to have fixed the problem. I'll do some more testing and let you all know if it is truly fixed.

Thanks all.

Nathan

Reply
David Anderson responded on 14 Jan 2019 11:10 AM

Hi Nathan, Did the 1.0.0.11 version of RR Cayan Processing Manager fix the issue with the TLS error?

Thanks, David

Reply
Nathan Jung responded on 14 Jan 2019 12:38 PM

Ok, here is what I've figured out so far by trial and error and it now works: (be aware, I'm an amateur)

The newer version of the RR software did fix the Retail Realm issue, but some other things need to be setup before TLS 1.0 is disabled enough to allow Genius machine to work.

A number of patches will have to be installed:

Depending on your SQL version you will probably have to patch it to enable TLS 1.1 and TLS 1.2. Older versions don't support TLS 1.1 or 1.2.

The Native Client component may also have to be patched for the same reason

OLE DB may need to be patch also (same reasons).

Registry changes:

Windows 7 - Server computer: Add the following keys to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

add Dword "DisabledByDefault" value = 1

add Dword "Enabled" value = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server

add Dword "DisabledByDefault" value = 1

Windows 7 Client Computers: Add the following keys to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

add Dword "DisabledByDefault" value = 1

All Windows 7 computers: Add the following keys to the registry (TLS 1.1 keys may not be necessary though they won't hurt either):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

add Dword "DisabledByDefault" value = 0

add Dword "Enabled" value = 1

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

add Dword "DefaultSecureProtocols" value = 2560 decimal (this allows both TLS 1.1 and TLS 1.2 to be the defaults)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

add Dword "DefaultSecureProtocols" value = 2560 decimal (this allows both TLS 1.1 and TLS 1.2 to be the defaults)

I'm sure I've missed something, but I believe those were the steps I made to get things to work on Windows 7. I'm now setting up Windows 10 on all my computers and going through a similar process. I've got it working on Win10 machines but I can't access the database in RMS from the server computer itself. just from other client machines. I believe it is because the SQL server is not only a server, but also a client to TSYS (Genius device processor).

Nathan Jung

Reply

SBX - Two Col Forum

SBX - Migrated JS