Moved to 1.1.1.1 and resolved issue
I’ve been using 1.1.1.1 more and more lately. I’ve seen MS 365 services resolving to higher (250ms) IP addresses when using 8.8.8.8. This causes slow and freezing issues in Outlook on RDS or other setups using non-cached mode.
Having this problem today. First install at this site and its on a file/print/AD/DNS server. Removed the forwarder to 1.0.0.1, /flushdns and still nothing. Changing DNS forwarders and flushing isn’t making a difference.
So, the problem still exists with both MSI and EXE installers.
%g
My issue was related to TLS. Windows Server 2016. TLS 1.0 and 1.1 protocols were already disabled, and TLS 1.2 was enabled. But weaker cipher suites were enabled. That seems to be enough to block Syncro communication. Once I disabled weaker cipher suites and rebooted, then installer worked. I used IIS Crypto to manage TLS.
Original settings
Modified cipher suites. I used Strict template, but can also manually disable.
I’m not sure which of the weaker cipher suites was affecting the Syncro communication. If curious, try disabling weak cipher one at a time, then reboot.
Also If you have legacy/old software versions, that require TLS 1.0, 1.1, or weaker ciphers, this will break that.
Ours was also related to IIS Crypto, but an overly agressive config. Server 2012 R2 AD, File, DNS, Print.
The logs at C:\ProgramData\syncro\logs\syncro.installerxxx.log pointed to the TLS connection:
2024-02-09 18:10:59.349 -05:00 [INF] v1.0.180 Starting KabutoInstaller v 1.0.180, args: ‘–msi --key 7a***wA --customerid 01282760 --policyid 0 --folderid 03490612’
2024-02-09 18:10:59.349 -05:00 [DBG] v1.0.180 ============================
2024-02-09 18:10:59.493 -05:00 [DBG] v1.0.180 Command args has been successfully parsed
2024-02-09 18:10:59.526 -05:00 [WRN] v1.0.180 Required X.509 certificate (subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB, s/n: 4CAAF9CADB636FE01FF74ED85B03869D, thumbprint: AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4) is missing. SSL/TLS issues may occur.
2024-02-09 18:10:59.627 -05:00 [DBG] v1.0.180 Sending GET request to rmm.syncromsp.com:443/device_api/auth/, with null…
2024-02-09 18:10:59.712 -05:00 [ERR] v1.0.180 Installer: Exception while sending auth call
Over and above IIS Crypto “Best Practices” TLS 1.1, 1.2 were off for server and client as well as Trip Des 168 under Ciphers. Turned all that back on, rebooted and the install competed. Put the IIS crypto settings back and rebooted again, the server appeared offline, reboot after reboot. while I tried to figure out which settings was the one.
Finally, the working combination was Best Practices+ TLS 1.0, 1.1 off, Trip Des off, RC4_128 on and the MD5 and SHA RC4_128 cipher suites enabled. Server appears online. Interesting was that altough the server didn’t appear online during all the tests and reboots, backgrounding tools worked.
greg10’s settings worked for me.