Microsoft 漏洞更新可能导致 Dell Encryption 中的通信故障

Summary: Microsoft 漏洞更新可能会导致 Dell Encryption(以前称为 Dell Data Protection |)中的通信故障加密)。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

受影响的产品:

  • Dell Encryption
  • Dell Data Protection | Encryption

Cause

在 Microsoft 发送安全更新以解决漏洞时,我们看到这些更新会影响 Dell Encryption 通信。在允许在 Dell Security Management Server(以前称为 Dell Data Protection |)上使用 Diffie-Hellman 导出 (DHE) 加密套件的环境中Enterprise Edition) 服务器,安装 Microsoft 更新后可能会出现以下行为:

在此示例中,激活失败。在护罩日志中,有以下消息:

[07.08.16 11:54:38:824 CredantServerIn: 211] [ERROR] SSL request failed.. HTTP error An error occurred in the secure channel support [MS ec=12157].
[07.08.16 11:54:38:824 CredantServerIn: 211] [ERROR] HTTP error. HTTP error A security error occurred [MS ec=12175].


[07.08.16 11:54:38:864 XmlRpcActivate: 128] Activating user...
[07.08.16 11:54:38:924 XmlRpcActivate: 415] SSL Failure status code. HTTP error(-2147483648) -
[07.08.16 11:54:38:934 XmlRpcActivate: 415] SSL request failed.. HTTP error(12157) - An error occurred in the secure channel support
[07.08.16 11:54:38:934 XmlRpcActivate: 415] HTTP error. HTTP error(12175) - A security error occurred
[07.08.16 11:54:38:934 XmlRpcActivate: 148] Activation request failed [code:0x2f8f]:
[07.08.16 11:54:38:934 Activator: 709] [SUPPORT] [W] Activation - Unable to activate new user XXXXXXX [error = 0x2f8f]
[07.08.16 11:54:38:934 Activator: 711] Activation - Verify that the CMG Shield is properly installed.
[07.08.16 11:54:38:934 Activator: 716] Activation - Verify network connectivity to the CMG Server at "XXXXXXX" and CMG Device Server at
[07.08.16 11:54:38:934 ] - Device Server Connection error (12175)

端点可以 ping 服务器,并成功将 telnet 连接到端口。即使是某些浏览器(如 Chrome)也可以访问网站,而 IE 无法访问。

SChannel 组件的 Windows 系统事件日志中存在条目:


- 


36888
0
2
0
0
0x8000000000000000

19178


System
XXXXXXXXXXXXXXX.com



- 

40
808

Resolution

提醒:将服务器升级到 v9.4.1 可解决此问题。

如果看到这些行为,请检查哪些 Microsoft 更新已应用于端点。已看到导致问题的两个更新包括:

  • Microsoft 安全更新 MS15-055/KB3061518
  • Microsoft 安全更新KB3161608

其中一项更新将端点上的最小 DHE 密钥长度从 512 位更改为 1024 位。默认情况下,Dell Security Management Server 允许使用 768 位 DHE 组,从而在应用这些更新后导致 SSL 或 TLS 握手失败。要恢复端点以允许使用最小 512 位 DHE 密钥长度,您必须更新端点上的注册表。在注册表中找到以下子项:

警告:下一步是 Windows 注册表编辑:
  1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
  2. 然后添加 DWord ClientMinKeyBitLength 并将值设置为 00000200 。

要联系支持部门,请参阅 Dell Data Security 国际支持电话号码
转至 TechDirect,在线生成技术支持请求。
要获得更多见解和资源,请加入戴尔安全社区论坛

Affected Products

Dell Encryption
Article Properties
Article Number: 000126675
Article Type: Solution
Last Modified: 05 Jul 2023
Version:  9
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.