err_ssl_version_or_cipher_mismatch

Question

I have deployed a device that is Azure joined and managed by Intune. My customer has some strange implementations of certificates, however all required certificates are being deployed successfully from Intune to the built devices. When I try connect to the internal print server to install my printers I  get two errors:

  1. When using the new Edge browser I get the error in the subject line I am not able to proceed
  2. When using the standard Edge browser I don’t get my SSO and I have to logon using old AD authentication, domainusername, but I get in, then when I try and install the printer I need I get an error stating that the print server is not in a trusted zone

I am currently using WHfB for authentication on my device and I think this has something to do with the second error above.

I am hoping someone has seen these errors before:

  1. How to fix the SSL version mis-match in new Edge browser
  2. How to enable SSO on my browser when using WHfB

It appears when accessing legacy file shares I get the same issue, I get prompted for my username and password (confirm my PIN) and when I do it keeps prompting me, but when I enter my AD username and PWD it works.

 

Thanks…

solved 0
Blythgb 2020-05-06T11:00:03+05:30 2 Answers 268 views Beginner
0

Answers ( 2 )

  2. Blythgb
    1
    2020-05-06T13:42:15+05:30
    Reply

    Thanks Anoop,

    Yes you are correct, Edge Chromium, and the issue was related to TLS version mis-match. The server was running TLS1.0 and Edge did not like ti. We will be upgrading this in the coming weeks.

    The SSO is harder, we have password hash sync enabled as the 3rd party tool for AD to Azure AD sync does not support WHfB or password hash sync, we went native there. WHfB server is 2016, but I will have to get the other pre-requisites checked.

    Best answer
  4. Anoop C Nair
    0
    2020-05-06T12:51:59+05:30
    Reply

    Declaimer – I don’t have an answer but the following are some thoughts

    Hello – I hope this is Edge Chromium …

    I think this behavior depends on WHfB and ADFS (if you are using one) configuration

    Are you using on prem ad for authentication…this could be because pass hash is not synced with Azure AD

    Also, another point to be noted … this is more SSO topic .. ideally, this should get SSO in an ideal world …

    I think on-prem sever should have some prerequisites on the server version for Hybrid WHfB and SSO … minimum it should be server 2016 or something

    https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs

Leave an answer

Sorry, you do not have permission to answer to this question .