The web agent running on Microsoft Windows 2008 R2 or 2012 fails to create a connection to an AM server that only has TLS 1.2 enabled. This issue does not occur on Microsoft Windows 2016 or 2019 servers.
The following error is shown in the agent debug log when this happens:
net_client_handshake_loop(): creating security context failed (0x80090308) wnet_connect(): failed to connect to 192.0.2.0:8443, error: -29 SSL/TLS connection to 192.0.2.0:8443 failed (operation not completed) unable to connect to 192.0.2.0:8443
The 0x80090308 code signifies a SEC_E_INVALID_TOKEN error.
The web agent cannot negotiate the acceptable cipher, which causes the connection to fail.
This issue can be resolved by applying the KB3140245 update: you can download this from: Microsoft Update Catalog: KB3140245.
See Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows for further information on this update.
Related Issue Tracker IDs