Unable to Connect to SSPR Server through CLE

  • 7016836
  • 15-Sep-2015
  • 12-Jan-2017

Environment

Self Service Password Reset v 3.2
SSPR 3.2
Client Login Extension v 3.9
CLE 3.9

Situation

Can't connect to SSPR server through CLE "forgotten password" link
"Page cannot be displayed" error
"Host Unreachable error"

Resolution

Solution 1.  Upgrade to SSPR 3.3.

Solution 2.
If upgrading to SSPR 3.3 is not possible, disable TLS 1.2 on workstations where CLE is installed. In the Client Login Extension Configuration Utility, uncheck the box for "Enable TLS 1.2" on the "Advanced," "Security Settings" tab, and then reinstall CLE.  This box MUST be unchecked for CLE 3.9 to connect to SSPR 3.2.  It should remain enabled for CLE 3.9 attaching to SSPR 3.3.



Solution 3. 
We have found that in some circumstances CLE 3.9 is unable to reset Protocol settings after TLS 1.2 is disabled.  If disabling TLS 1.2 does not resolve the problem, or to verify that TLS 1.2 has been disabled, check the workstation registry.  Go to
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings

 Double click on the SecureProtocols (or create it as a DWORD if not present) and set the data value to 4768 decimal value as shown below.

This will set the SSL3, TLS1.0, TLS 1.1 protocol in the Internet Options for the System account. (CLE on the logon screen runs under the System account.)  The screen shot below illustrates for a user (non-system) account:

Status

Reported to Engineering

Additional Information


Also, you can test from the user’s desktop to see if the restricted browser can reach the site, as follows:

1.    Open Command prompt.
2.    Go to System32 folder
3.    Type “RestrictedBrowserEXE.exe –-url  https://whatever.com/sspr/public/ForgottenPassword”   (Insert the link URL)