"This page can't be displayed. Make sure TLS and SSL protocols are enabled" appears when starting the Data Insight console in Internet Explorer

Problem

The Data Insight Administrator, or user, is unable to log into the Management Console due to the login screen failing to display.

Error Message

When accessing Data Insight 5.0 Management Console in Internet Explorer (IE) 10 or 11, user may see the following message in the browser window:

This page can't be displayed- Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security

Cause

This message is displayed because, in Data Insight 5.0, SSL and weak ciphers that were previously supported have been disabled. TLS has been enabled for better security.

Solution

If you see the above error message, you can resolve the issue by:

1. Updating DI 5.0 to 5.0.1 by installing Rolling Patch 1 (RP1).  The patch can be downloaded from SORT: https://sort.veritas.com/patch/detail/10821
2. Installing the appropriate Windows, or Internet Explorer, updates.
3. Editing the Data Insight server.xml file to enable support for some weak ciphers.

Note: Use (c) only if attempts to access the Data Insight 5.0 Management Console, from Internet Explorer 10, or 11, fail despite installing the latest Windows, or Internet Explorer, updates relating to CipherSuites and TLS protocols.

Installing Windows/Internet Explorer Updates

The table below lists the Windows, and Internet Explorer, updates to get around the error message, while accessing Data Insight 5.0 Management Console in Internet Explorer.
 

Windows Server	Internet Explorer	Update
Windows Server 2012 R2	IE 11 (by default installed on R2)	KB2919355
Windows Server 2008 R2	IE 11 (Upgraded from an earlier version)	https://download.microsoft.com/download/F/7/5/F75FAACF-506A-4F3D-B055-47266E62AD30/IE11-Windows6.1-KB3021952-x64.msu https://download.microsoft.com/download/F/7/5/F75FAACF-506A-4F3D-B055-47266E62AD30/Windows6.1-KB3023607-x64.msu *Note: You must apply Windows Server 2008 R2 SP1 before installing the above updates

 
 

Additional Steps in Case of Windows Server 2008 R2

1. Download the IISCrypto tool from Nartac. The tool requires .NET Framework 4.0 or later to be installed on the system.

Note: This is a not a Veritas utility.

1. Install and run the tool.
2. Select TLS 1.0, TLS 1.1 and TLS 1.2 and clear the SSL 2.0 and SSL3.0 checkboxes in the Protocols Enabled list, as shown in the screenshot below.

 
 
This disables SSL 2 and SSL 3 by setting the following values in this Windows Registry key: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.

 

Editing Data Insight server.xml File

 
Warning: Use this approach only if attempts to access the console fail despite applying latest Windows, and Internet Explorer, updates.

1. Open ~INSTALLDIR/DataInsight/tomcat/conf/server.xml in any text editor. By default, the installdir is C:\Program Files\veritas\DataInsight.

         Please take a backup of the existing server.xml file before editing it.

1. Find this snippet within the server.xml file:

“ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM…”

1. Add these ciphers to the existing list

           “TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA”


The modified ciphers should be like this snippet:
 
“ciphers=" TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM…”

1. Verify that the list of uncommented ciphers is modified, not the example that is commented out.
2. Stop all Data Insight Services

DataInsightComm
DataInsightConfig
DataInsightWatchdog
DataInsightWeb
DataInsightWorkflow