Description | This article describes how to resolve the issue where the FortiSIEM Windows Agent installation fails on Windows Server 2012 R2, despite meeting .NET Framework and TLS 1.2 prerequisites. The root cause was traced to missing support for required SSL cipher suites on the server. |
Scope | FortiSIEM v7.x+ |
Solution |
Root Cause:
[1] ERROR FortiSIEM.Webproxy.AOWebService - Register exception The server's existing cipher suite configuration lacked support for these modern ciphers, only listing deprecated RSA-based suites. Specifically:
Steps to Resolve:
Example output:
SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite ECDH+AESGCM:DH+AESGCM:!aNULL:!MD5:!DSS:!SHA
Update Windows Server Cipher Suite Order:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_RSA_WITH_AES_128_CBC_SHA254
Steps to Modify Cipher Suite Order on Windows Server 2012 R2:
Result:
Related article: Technical Tip: Windows Agent Registration with Supervisor Troubleshooting |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.