When playing with SCM 3.0 and Windows 8 in my lab environment recently, I got an unpleasant surprise with my Direct Access connectivity in the Environment.
The Windows 8 client wouldn’t connect with IPHTTPS. When doing the usual troubleshooting with the netsh commands (netsh interface httpstunnel show interfaces) etc. I got the output “IPHTTPS interface not installed”.
When troubleshooting further I found out that the system event log were full with error 36874/Schannel as below.
The setting causing the problem was “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” under “Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options” .
The setting was Enabled by SCM and is by default Disabled.
After changing back the setting to Disabled I restored the IPHTTPS connectivity in my environment.
I am planning to follow this up as FIPS compliance is important for many organisations.