Internet Explorer cannot display Cisco Unified Call Manager Administration

 

You may get the above message when you try to access Cisco Unified Call Manager Administration in Internet Explorer.  This happens to people using CUCM version 8.3 or 9.2.  The problem is caused by Microsoft security patch KB3061518.  They removed Diffie-Hellman 512-bit encryption from the supporting Windows OS.

In order to fix this error, we have to manually add the registry key for Diffie-Hellman back.

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following subkey in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms
    
  3. If Diffie-Hellman is not there, you can right click on KeyExchangeAlgorithms and select New – Key and name it Diffie-Hellman
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type ClientMinKeyBitLength for the name of the DWORD, and then press Enter.
  6. Right-click ClientMinKeyBitLength, and then click Modify.
  7. In the Value data box, type 00000200, and then click OK.
  8. Exit Registry Editor, and then restart the computer.

In order to make it easy for everyone, you can use the following exported registry keys.  Copy and paste it to a notepad and save it as a reg file then run it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"ClientMinKeyBitLength"=dword:00000200

Source: MS15-055: Vulnerability in Schannel could allow information disclosure: May 12, 2015

Comments are closed