Managing Cipher Suites across different versions of Windows OS
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 0%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Richard Ruth
40
Reputation points
I'm not sure I'm dropping this into the right Tag cloud but this is related to dropped connections and other cipher related problems on Windows Server OS on VM machines built in Azure.
We are setting up SharePoint 2016 on a virtual machine in Azure. We need to run on it for 6 months until our vendor catches up and supports SE. I was given three servers and installed minroles on 2 of them.
Before I am even done configuring the services the SChannel source is filling up with EventID 36874 . THis was pulled from our WFE but they also are on our App server : An [sic] TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.
I am using Edge and am the only user at the moment. I verified Edge is set to use TLS 1.2 and TLS 1.3. The others are unchecked.
We set up a QA farm and are running the wfe and app servers on Microsoft Windows Server 2019 Datacenter 10.0.17763
We are runningThe SharePoint Database is running in compatibility mode 110 on Microsoft SQL Server 2022 (RTM-CU19) running on Microsoft Windows Server 2022 Datacenter 10.0.20348
We have a hosted application server running on Microsoft Windows Server 2025 Datacenter 10.0.26100 (this server is not yet a part of our SP 2016 Farm andis only mentioned as it may be the next problem)
8 of the 10 Cipher Suites on our DB Server are also on our app and wfe servers. I did not find them on the computer that I am accessign the site from so could my computer be the client machine referred to in the error message? I am running Windows 10 on my computer but I dont think it is referring to my machine and instead is happening between the DB and the SP servers>
Any tips on how to prove this or can you correct me and provide a resolution? I am tempted to go back to infrastructure and request a consistent OS across servers and do a rebuild. That may be the best way but I am hoping to get more info before taking that step.
Below is a comparison betwee the ciphers on the DB (left side) and the App/WFE servers on the right.
Why does a cipher (in yellow for example) not have anything listed in exchange/cipher/hash or certificate? WOuld all of these be available for use or only those that have a value in the certificate column?
I know I can reorder but can they be added? We have a similar issue on our 2013 sharepoint farm.
Windows for business | Windows Server | Devices and deployment | Other
Sign in to answer