Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW

QlikView Server Error "SSL: Decrypt Message Error" when using Digital Certificate communication between QlikView services

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

QlikView Server Error "SSL: Decrypt Message Error" when using Digital Certificate communication between QlikView services

Last Update:

Feb 17, 2022 8:51:30 AM

Updated By:

Sonja_Bauernfeind

Created date:

Oct 12, 2016 7:00:12 AM

Attachments

The QlikView Server environment using certificate trust for communication stops working without any system changes other than Windows Updates being applied. 

QlikView Services have the status 'disconnected' in the QlikView Managment Console although they are definitely up and running. You see the following error in the respective QlikView service log:

SSL: Main loop error: -1
SSL: Decrypt Message Error: -2146893008

Environment: 

 

Microsoft has delivered patches that change how TLS communication is handled in Windows. It affects any application that relies on the .NET framework.

As QlikView 11.20 (up to SR15) relies on an older version of the framework, it cannot communicate using TLS 1.2 so allowing the QlikView binaries is the only workaround for the time being.

 

Resolution:

The issue can be resolved by uninstalling the following Windows Updates depending on the Server OS version:
 
Windows Server 2012 R2 with .Net Framework 4.6/4.6.1

KB3135998: https://support.microsoft.com/en-us/kb/3135998

KB3142036: https://support.microsoft.com/en-us/kb/3142036

KB3205402: https://support.microsoft.com/en-us/kb/3205402

Windows Server 2008 R2 with .Net Framework 4.5.2

KB3142033: https://support.microsoft.com/en-us/kb/3142033


If uninstalling the updates is not an option, the following workarounds are available currently:

For QlikView 11.20 up to SR15
 
Upgrade to the latest version of QlikView. 
 
For recent QlikView versions
 
TLS 1.2 will need to be enabled by running the PowerShell script attached. 

Allow all QlikView (and IIS service if being used) binaries by running the Version 12 specific .reg file attached to this article. It should be run on every server that runs a QlikView (and IIS) service. If the customer has installed QlikView in a custom folder, you need to edit the reg-file accordingly. I.e. Correct the file paths.  In order to run the file, rename the downloaded file by adding the .reg extension, then right-click the file and choose the Merge option, this will launch the Registry Editor and apply the changes.  Server reboots are required as well for the changes to fully take effect.

Please ensure that you have a system backup available in case of unforeseen issues. Should you have any questions regarding the workaround please contact Support. 

Labels (1)
Contributors
Version history
Last update:
‎2022-02-17 08:51 AM
Updated by: