How to create schannel registry keys on SFB server

How to create schannel registry keys on SFB server

Procedure to create schannel registry keys on SFB server

• Open registry Editor on SFB server
• Navigate to the location “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL”and take the backup of it
• Post that create below DWORD registry’s in it

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Create 32 bit DWORD

ClientAuthTrustMode and set value to 2 ( decimal )

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Create 32 bit DWORD

SendTrustedIssuerList and set value to 0 ( decimal )

HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel

Create DWORD (32-bit) value.

EnableSessionTicket, set value to 2 ( decimal )

Once the registry’s are created on SFB server post that reboot is mandatory as we have made changes in  HKEY_LOCAL_MACHINE

1. -EnableSessionTicket, Required for Windows Server 2012 R2 https://support.microsoft.com/en-gb/kb/2901554
2. -ClientAuthTrustMode, https://technet.microsoft.com/en-us/library/dn786429(v=ws.11).aspx
3. -SendTrustedIssuerList, Only for Windows Server 2008 R2 or earlier versions. https://support.microsoft.com/en-gb/kb/2464556

Conclusion: Post reading this blog I can create Schannel registry keys successfully