This article explains how to troubleshoot WinHTTP Error 12030, which may occur when the Applications Manager Agent is unable to establish a secure HTTPS connection with the Applications Manager server.
In most cases, this issue is caused by TLS 1.2 being disabled or not configured as the default secure protocol on the Windows machine.
The following error is recorded in the Access.log file under the Agent logs:
12030 - The connection with the server has been terminated or an incompatible SSL protocol was encountered.
This error can occur due to one or more of the following reasons:
Verify that TLS 1.2 is enabled on the Windows server. For Windows Server 2008 R2, Windows Server 2012, and Windows 7, also verify that WinHTTP is configured to use TLS 1.2 as the default secure protocol.
Open Registry Editor.
Navigate to the following registry path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
Verify the following registry values:
| Registry Value | Expected Value |
|---|---|
DisabledByDefault | 0 |
Enabled | 1 |
Note:
DisabledByDefault registry value exists, it must be set to 0.Enabled registry value exists, it must be set to 1.Applicable to: Windows Server 2008 R2, Windows Server 2012, Windows 7
For these operating systems, enabling TLS 1.2 alone is not sufficient. TLS 1.2 must also be configured as the default secure protocol for WinHTTP.
Ensure that Microsoft Update KB3140245 is installed on the server.
Navigate to the following registry path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
Verify that the DefaultSecureProtocols registry value exists and is configured with one of the following values:
If the server is running a 64-bit version of Windows, verify the same registry value under:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
If the DefaultSecureProtocols registry value is not present, create it and configure it as described in the Microsoft documentation. This ensures that WinHTTP uses TLS 1.2 as the default secure protocol for secure outbound connections.
After making the required changes:
Restart the affected service or reboot the server, if required.
Verify that the Applications Manager Agent is able to communicate with the Applications Manager server successfully.
Confirm that the following error is no longer reported in the Access.log file:
12030 - The connection with the server has been terminated or an incompatible SSL protocol was encountered.
If the issue persists after completing the above steps, collect the latest Agent logs and contact Support for further assistance.