How to Configure Netwrix Auditor to process NetApp Clustered Data ONTAP 9.x using TLS 1.2

File Server
9.0-9.7
9.8
https://kb.netwrix.com/582
Copy Article URL Copied

How to configure Netwrix Auditor to process NetApp Clustered Data ONTAP 9.x using TLS 1.2?


If you are to use .NET 4.5 or later (CLR 4.0), do the following:

  1. Make sure .NET 4.5 (or later) is installed on the machine where Netwrix Auditor server runs.
  2. In the registry editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 and specify the key value
    “SchUseStrongCrypto”=dword:00000001
  3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2 and make sure the necessary key values are configured:
    • under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
      “DisabledByDefault”=dword:00000000
      “Enabled”=dword:00000001
    • under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
      “DisabledByDefault”=dword:00000000
      “Enabled”=dword:00000001

If you are to use .NET 3.5 SP1 (CLR 2.0), do the following:

  1. Make sure .NET 3.5 SP1 is installed on the machine where Netwrix Auditor server runs.
  2. Install update KB3154520 (for Windows Server 2012R2) from Microsoft.
  3. In the registry editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 and specify the key value
    “SystemDefaultTlsVersions”=dword:00000001
  4. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 and specify the key value
    “SystemDefaultTlsVersions”=dword:00000001
  5. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2  and make sure the necessary key values are configured:
    • under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
      “DisabledByDefault”=dword:00000000
      “Enabled”=dword:00000001
    • under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
      “DisabledByDefault”=dword:00000000
      “Enabled”=dword:00000001

 

Original KB Article 2120

Go Up