1. Automox
  2. Using Automox
  3. Device Connection & Management

Proxy Blocks Downloads from Automox Due to TLS Setting

Avatar
Adam
Updated:

Proxy Blocks Downloads from Automox Due to TLS Setting

Issue Description

Certain proxies block downloads from Automox if TLS is set to versions earlier than 1.2. This commonly occurs on Windows devices running PowerShell versions prior to 4.0, as these default to TLS 1.0.

Symptoms in the Automox agent logs might include:

Download of C:\Windows\TEMP\file.exe failed

Error: Exception calling "DownloadFile" with "2" argument(s): "The operation has timed out"

Steps to Resolve

1. Enable TLS 1.2 on the Device

Follow these steps to configure your system to use TLS 1.2 or later:

Configure Strong Cryptography for .NET Framework:

Update the following registry keys:
For 32-bit systems or 64-bit applications on 64-bit OS:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

For 32-bit applications on 64-bit OS:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

2. Disable Weak Ciphers

Add the following registry configurations to disable weak ciphers:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]

"Enabled"=dword:00000000

...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256]

"Enabled"=dword:ffffffff

3. Restart the Device

Reboot the machine to apply the changes.

Verification Steps

  1. Use a diagnostic tool (e.g., tlschk) to confirm TLS 1.2 is enabled.
  2. Check the proxy logs to ensure downloads are no longer blocked.

Troubleshooting Tips

  • If issues persist, verify the proxy's configuration to confirm it allows TLS 1.2 traffic.
  • Inspect the Automox agent logs for additional errors.

 

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful