Share via

Problem with SSL/TLS secure channel on intune windows devices

Marcus Moen 0 Reputation points
2024-07-03T07:21:09.32+00:00

We are experiencing issues on our windows devices in intune, with applications that use a SSL/TLS secure channel to for example verify licenses, or user sign-ins. Whenever we try to launch that side of the application, it fails to connect, and in multiple application logs the same error is provided "Could not create secure SSL/TLS channel" or similiar. When accessing the url's over https, or by tnc in powershell we dont have any issues, it only occurs when the applications trigger the connection. The following troubleshooting has been done:

  • We have verified nothing is stopped in the firewalls,
  • The timlines on the devices in microsoft defender doesn't state much, and even says "connection accepted"
  • Tested different versions of TLS
  • Checked registry settings for SCHANNEL and .NET versions so they are supported
  • Installed applications, and launched them with admin rights
  • Verified root certifcates
  • Gone over our intune policyes
  • Enabled logging in event viewer, which haven't given us much yet.

I (and google + chatgpt) are running out of ideas. Can anyone her point me in a new direction?

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,972 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,736 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 46,256 Reputation points Microsoft Vendor
    2024-07-04T01:27:01.36+00:00

    @Marcus Moen, Thanks for posting in Q&A. Based as I know, Microsoft Intune has moved to support Transport Layer Security (TLS) 1.2+. If you application is still using TLS 1.0 and 1.1, it may affect. Please change it to TLS 1.2 and higher to see if it can work.

    https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-final-disablement-of-tls-1-0-and-tls-1-1-in-intune/ba-p/3058999#:~:text=Move%20to%20the%20Hybrid%20Modern%20Authentication%2C%20update%20to,can%20prepare%20for%20potential%20impact%20to%20email%20access.

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.