Agent Communication Fails with WinHTTP Error 12030

Agent Communication Fails with WinHTTP Error 12030

Overview

This article explains how to troubleshoot WinHTTP Error 12030, which may occur when the Applications Manager Agent is unable to establish a secure HTTPS connection with the Applications Manager server.

In most cases, this issue is caused by TLS 1.2 being disabled or not configured as the default secure protocol on the Windows machine.


Symptom

The following error is recorded in the Access.log file under the Agent logs:

12030 - The connection with the server has been terminated or an incompatible SSL protocol was encountered.

Possible Causes

This error can occur due to one or more of the following reasons:

  • TLS 1.2 is disabled on the Windows system.
  • TLS 1.2 is not configured as the default secure protocol for WinHTTP (applicable to Windows Server 2008 R2, Windows Server 2012, and Windows 7).
  • The required Microsoft update (KB3140245) is not installed on supported Windows versions.
  • The Applications Manager server and the Agent do not support a common SSL/TLS protocol version.

Resolution

Verify that TLS 1.2 is enabled on the Windows server. For Windows Server 2008 R2, Windows Server 2012, and Windows 7, also verify that WinHTTP is configured to use TLS 1.2 as the default secure protocol.

Verify Whether TLS 1.2 Is Enabled

  1. Open Registry Editor.

  2. Navigate to the following registry path:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
  3. Verify the following registry values:

    Registry ValueExpected Value
    DisabledByDefault0
    Enabled1

Note:

  • If the DisabledByDefault registry value exists, it must be set to 0.
  • If the Enabled registry value exists, it must be set to 1.

Verify Whether TLS 1.2 Is the Default Secure Protocol for WinHTTP

Applicable to: Windows Server 2008 R2, Windows Server 2012, Windows 7

For these operating systems, enabling TLS 1.2 alone is not sufficient. TLS 1.2 must also be configured as the default secure protocol for WinHTTP.

Step 1: Verify the Required Microsoft Update

Ensure that Microsoft Update KB3140245 is installed on the server.

Step 2: Verify the WinHTTP Registry Configuration

Navigate to the following registry path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

Verify that the DefaultSecureProtocols registry value exists and is configured with one of the following values:

  • 0x00000A00 – Enables TLS 1.1 and TLS 1.2
  • 0x00000800 – Enables TLS 1.2 only

Step 3: Verify the Registry on 64-bit Systems

If the server is running a 64-bit version of Windows, verify the same registry value under:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

If the Registry Value Is Missing

If the DefaultSecureProtocols registry value is not present, create it and configure it as described in the Microsoft documentation. This ensures that WinHTTP uses TLS 1.2 as the default secure protocol for secure outbound connections.


Verification

After making the required changes:

  1. Restart the affected service or reboot the server, if required.

  2. Verify that the Applications Manager Agent is able to communicate with the Applications Manager server successfully.

  3. Confirm that the following error is no longer reported in the Access.log file:

    12030 - The connection with the server has been terminated or an incompatible SSL protocol was encountered.

If the issue persists after completing the above steps, collect the latest Agent logs and contact Support for further assistance.


                    New to ADSelfService Plus?

                      • Related Articles

                      • How to fix "Communication link failure The last packet sent successfully to the server"?

                        Issue: Communication link failure error message will trigger based on many reasons. Solution: Communication link failure error message is shown due to various reasons. Follow any of the steps mentioned below to resolve the issue: Insufficient user ...
                      • Troubleshooting communication between APM Insight Agent and Applications Manager

                        APM Insight agent communicates to the Applications Manager through the HTTP/HTTPS protocol. Make sure the communication between Applications Manager server and agent server via HTTP/HTTPS is allowed in firewall.To check , open a browser in the APM ...
                      • Troubleshoot - RUM Agent silent installation

                        RUM Agent silent installation can fail on various factors based on your environment, troubleshoot with the help of error message shown while running the script. Below are the list of the error messages thrown from the script and its troubleshooting ...
                      • APMInsight - NET Agent Onboarding - KB

                        This document provides a step-by-step guide to onboard and troubleshoot the APM Insight .NET Agent. It includes environment verification, permission checks, network connectivity validation, and solutions for common installation and configuration ...
                      • WMI/RPC Communication Errors

                        Applicable WMI Error Codes 0x800706BE – The remote procedure call failed 0x80010002 – Call was canceled by the message filter Overview These errors occur when Applications Manager is unable to establish or maintain WMI/RPC communication with the ...