Symptom: When you try to login to website protected with SSL, you get the following error message
“The client and server cannot communicate, because they do not possess a common algorithm”
If you look at the the website’s log file for e.g. it may be AgilePoint NX portal log file at the installed location for e.g.
“C:\Program Files\AgilePoint\AgilePointWebApplication\AgilePointPortal\App_Data\Logs\orchard-error-XXXXXXXX”
You might see following stack trace
AgilePoint.Portal.Users.Controllers.AccountController – Default – ValidateLogon Failed:
https://<domain name>/login/ActiveDirectory?ReturnUrl=%2F
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. —> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
— End of inner exception stack trace —
at AgilePoint.Portal.Users.Services.MembershipServiceUtilities.ValidateUser(String userNameOrEmail, String password)
at AgilePoint.Portal.Users.Controllers.AccountController.ValidateLogOn(String domain, String userNameOrEmail, String password, AuthProviders provider)
Reason: You have a certificate which has a TLS 1.0, 1.1 or 1.2 compatible algorithm but those have been disabled on the server side using registry.
Resolution: In order to determine if you have the server algorithms modified, download the security scan tool from following site
https://www.nartac.com/Products/IISCrypto
This helps setup your server security as per best practices. Check if following checkboxes are checked according to TLS compliance of your SSL certificate
Once this is done, restart the server machine.