Monthly Archives: February 2013

SCM 3.0 Windows 8 Baseline breaks Direct Access IPHTTPS Connectivity

When playing with SCM 3.0 and Windows 8 in my lab environment recently, I got an unpleasant surprise with my Direct Access connectivity in the Environment.

The Windows 8 client wouldn’t connect with IPHTTPS. When doing the usual troubleshooting with the netsh commands (netsh interface httpstunnel show interfaces) etc. I got the output “IPHTTPS interface not installed”.

Da_mailspintos
That output usually shows up when you’re inside the corporate network.

When troubleshooting further I found out that the system event log were full with error 36874/Schannel as below.

Schannel

The setting causing the problem was “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signingunder “Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options” .

The setting was Enabled by SCM and is by default Disabled.

SCM30

After changing back the setting to Disabled I restored the IPHTTPS connectivity in my environment.

I am planning to follow this up as FIPS compliance is important for many organisations.

Advertisements