Sitecore – Running Sitecore on Windows 11

Recently I did a reinstallation of my laptop, and chose to get the latest and greatest Windows 11. While trying to install a Sitecore 9.1 environment using SIF, I ran into an issue where the Marketing Automation Service wouldn’t start, and where I couldn’t open XConnect using my browsers. This issue apparently also occurs on later Sitecore versions, however I advise you to run Sitecore in containers when that is supported for your Sitecore version.

The errors

You might see one or more of the following errors when opening XConnect or IdentityServer in your browser:

  • SEC_ERROR_INADEQUATE_KEY_USAGE
  • SEC_ERROR_BAD_SIGNATURE

In your Sitecore logs you might see the following error:

  • Sitecore.XConnect.XdbCollectionUnavailableException: An error occurred while sending the request.

The solution

Windows 11 with IIS introduces TLS 1.3, which apparently breaks functionality with XConnect, causing installations to fail and XConnect to be unreachable. To solve this, you can disable TLS 1.3 on the binding of your XConnect website in IIS as follows:

  • Open IIS Manager
  • Go to your XConnect website
  • Click on Bindings
  • Open the SSL (https) binding
  • Check the checkbox that states “Disable TLS 1.3 over TCP”

Make sure when your installation through SIF is running, that you refresh IIS, and as soon as you see XConnect and the HTTPS binding that you disable the TLS 1.3 option. This has to be done at least before SIF tries to start the Marketing Automation Service.

Execute the same change for your IdentityServer and other apps, as otherwise you may get issues when opening them in your browser.

Disable TLS 1.3 for IIS system wide

If you want to disable TLS 1.3 for your entire system, execute the following powershell. The steps as shown above are no longer needed.

New-Item `
   'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' `
   -Force | Out-Null
    
New-ItemProperty `
   -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' `
   -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
    
New-ItemProperty `
   -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' `
   -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null

3 Replies to “Sitecore – Running Sitecore on Windows 11”

  1. I’m new to the world of Sitecore and lost about a day with this issue. Thank you for publishing the solution, Maarten! I didn’t consider that Windows 11 might be the problem!

Leave a Reply

Your email address will not be published.