How to Enable TLS 1.2 on Windows 7 SVP and Remote Ops SVP Agent

How to enable TLS 1.2 on a Windows 7 SVP to ensure that it will continue to function after TLS 1.0 and 1.1 are disabled on the HRO endpoints.

Environment

• Hitachi Remote Ops SVP Agent DA (and later)
• Service Processor (SVP)
• Microsoft Windows 7 Embedded

Procedure

1. Windows 7 should be updated (KB3080079 must be installed, or a patch that rolled up KB3080079 must be installed)
   1. VSP Gx00, Fx00, and Nx00: Follow How to Manually Install Windows 7 Updates on a VSP Gx00 and VSP Fx00 SVP, make sure everything under the General Windows Updates section is installed. The "one-off" updates are optional. The .NET updates are optional, but reccommended.
   2. VSP G1x00 and F1500: Open a case to have a field engineer install the supported Windows Updates. These updates cannot be installed by the customer as they are on a special CD with special scripts. Manually installing unsupported updates may break the SVP. After the CD is ran, manually install KB3080079.
      1. Required: Update for Windows 7 for x64-based Systems (KB3080079)
      2. Download from Microsoft Update Catalog
          

2. Download (right click -> Save As) the registry file or create your own with the following keys:

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
   "DisabledByDefault"=dword:00000000
   "Enabled"=dword:00000001

   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
   "DisabledByDefault"=dword:00000000
   "Enabled"=dword:00000001

    

3. Copy the file to the Site Manager Server and the SVP or on a Standalone SVP.
   Double click to open registry file.
   
   

   
   
   Click the Yes button to continue
   
   

   

    

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2

   Verify the both Client and Server are installed using regedit:
   

    

    

4. Stop the SVP Agent Service , and if applicable, the Site Manager Service and click the Apply button
   

5. Exit out of Remote Ops SVP Agent
   

6. Open <SVP Agent Install Media>\Service Processor Agent\ and run dotNetFx46_full_x86_x64.exe as Administrator
   
    

7. Run a Repair of .NET 4.6
   
   
   Note: See Additional Notes if there is an error

8. Reboot the Site Manager Server and the SVP, and/or the standalone SVP.

9. Validate the SVP Agent Service , and if applicable, the Site Manager Service are Running.
   

Additional Notes

• To control which TLS 1.2 cipher suites are used (and to disable TLS 1.0 and TLS 1.1 by not allowing their cipher suites to be used) see: How to Modify Microsoft Schannel Cipher Suites in Microsoft Windows 7 and 10 Using Group Policy Editor
• For Step 7 - Repair .NET, if the following screen appears, it means that .NET is already up-to-date and does not need repair. Close the screen and proceed to Step 8 - Reboot.
  
• Remember to install Microsoft Updates: Service Stack Update KB4490628 (or higher) AND Monthly Rollup KB4489878 (or higher) on the SVP per VSP Gx00, VSP Fx00, and VSP Nx00 Hitachi Device Manager - Storage Navigator Storage Device List Errors After Firmware Upgrade on Windows 7 SVP