Welcome to the NEW Community Healthcare User Group ( the new CHUG)— your ultimate destination for insights and discussions at the intersection of healthcare and technology.

Please scroll to the bottom for “Centricity” related topics from the previous forum.

Notifications

Clear all

Windows KB3172605 breaking Centricity Client on Windows 7 workstations

Bugs, Known Issues, Open Cases

Last Post by Anonymous 1 second ago

5 Posts

4 Users

0 Reactions

103 Views

RSS

jonyergo

(@jonyergo)

Posts: 22

Eminent Member

Topic starter

Hello!

I was working on an issue where one of my users was unable to log into Centricity on her workstation. Upon login, she gets the error listed below.

When I browse directly to https://[app server hostname]:9443, nothing appears. However if on the same workstation I browse to it via Chrome, I get to a jboss page (of course after the certificate warning due to it being self-signed).

After some investigation, it appears to have been caused by Windows KB3172605, which is a Rollup that includes some TLS 1.2 and SHA-1 improvements. Luckily, this was installed on only this particular workstation, however I've confirmed that if installed on another that it breaks the Centricity client.

Has anyone else experience this issue with this update? Is there a workaround or fix other than removing the update. The only reason I mention this is that this particular KB update apparently fixes an issue with Windows 7 workstations where Windows Update doesn't run correctly, or takes a whole day to search for updates.

Error occurred in class WebServiceClientBase, method CallWebService

Unable to make service calls: server is down or unavailable. Contact Administrator for assistance. Please check server port configuration; see the installation/upgrade guide for your system for details.

SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority '[centricity app server]:9443'.

Server stack trace:

at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()

at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)

at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)

at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at GEHC.Centricity.Common.Application.ServiceLayer.Proxy.CommonWebservice.Login()

at GEHC.Centricity.Common.Application.ServiceLayer.Proxy.CommonWebserviceClient.Login()

at GEHC.Centricity.Common.Application.ServiceLayer.WebServiceClientBase`2.<>c__DisplayClass3.<CallWebService>b__2()

at GEHC.Centricity.Common.Application.ServiceLayer.WebServiceClientBase`2.CallWebService[TReturn](Func`1 webServiceCall, Boolean exitOnUnknownException)

WebException: The request was aborted: Could not create SSL/TLS secure channel.

at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)

at System.Net.HttpWebRequest.GetRequestStream()

at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream()

Posted : August 1, 2016 6:01 am

jkratzer

(@jkratzer)

Posts: 138

Estimable Member

GE put something out about KB 3161608 & KB 3161606 which are part of that rollup KB.

I found a reghack that will fix this issue.

Copy and paste the following to a text file named xxx.reg

Double click the file (Must be administrator)

Select OK.

Fixed.

I created a GPO for this so I would not have to run it on every client install machine.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]

"ClientMinKeyBitLength"=dword:00000200

Posted : August 1, 2016 6:19 am

swestfisher

(@swestfisher)

Posts: 132

Estimable Member

GE has documented a fix in the jBoss server.xml that should resolve the problem rather than modifying all the clients: https://engage.gehealthcare.com/docs/DOC-226197

Steve

Posted : August 1, 2016 6:30 am

jonyergo

(@jonyergo)

Posts: 22

Eminent Member

Topic starter

Thank you both for your input. It seems the more permanent fix is to modify the XML file on the jboss server, though the reg hack would work. I will make these changes after hours.

Posted : August 1, 2016 6:51 am

followkim

(@followkim)

Posts: 7

Active Member

The link:

https://engage.gehealthcare.com/docs/DOC-226197

is secure. Is there a non-secure way to access this?

Posted : September 19, 2016 9:11 am

24 Forums
9,943 Topics
39.9 K Posts
5 Online
6,472 Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed