Enable TLS1.2 on windows server 2008 R2 SP1 x64

asked 2021-04-27T13:56:07.533+00:00
Scott Gao 286 Reputation points

Dear

I read tens of link and try too. I still can not success. below is 2 key I think it's important.
https://support.site24x7.com/portal/en/kb/articles/how-to-check-if-tls-1-2-is-enabled
https://improveandrepeat.com/2019/10/how-to-activate-tls-1-2-on-windows-server-2008-r2-and-iis-7-5/

group the information.

  1. create DWORD item under below path call DefaultSecureProtocols, value is 800 or a00.
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
  2. add below item and value too. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001

but after many try and reboot, I don't get luck.
I try to download and install x64 KB4019276, but reply said my system not support this patch.
KB4019276
my server already have kb3140245.
https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245

Official link I also ready many.
https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-
update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392
update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows-server-2008-sp2-windows-embedded-posready-2009-and-windows-embedded-standard-2009-b6ab553a-fa8f-3f5e-287c-e752eb3ce5f4

Can anyone guide my way? Thanks for your valuable time.
Thank you.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,148 questions
{count} votes

3 answers

Sort by: Most helpful
  1. answered 2021-04-27T14:15:46.783+00:00
    Dave Patrick 328.8K Reputation points Microsoft MVP

    I'd verify system and servicing health by running;
    sfc /scannow

    also system update readiness tool

    https://learn.microsoft.com/en-US/troubleshoot/windows-server/deployment/fix-windows-update-errors#resolution-for-windows-7-service-pack-1-sp1-and-windows-server-2008-r2-sp1

    Then check for errors in;
    %SYSTEMROOT%\Logs\CBS\CheckSUR.log

    --please don't forget to Accept as answer if the reply is helpful--


  2. answered 2021-04-28T02:56:10.953+00:00
    Dave Patrick 328.8K Reputation points Microsoft MVP

    KB4019276 is for 2008 (non R2) vista kernel. This one should apply to 2008 R2
    https://support.microsoft.com/en-us/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

    --please don't forget to Accept as answer if the reply is helpful--


  3. answered 2021-04-28T13:19:42.07+00:00
    Dave Patrick 328.8K Reputation points Microsoft MVP

    Any progress or updates?

    --please don't forget to Accept as answer if the reply is helpful--