Recently I did a reinstallation of my laptop, and chose to get the latest and greatest Windows 11. While trying to install a Sitecore 9.1 environment using SIF, I ran into an issue where the Marketing Automation Service wouldn’t start, and where I couldn’t open XConnect using my browsers. This issue apparently also occurs on later Sitecore versions, however I advise you to run Sitecore in containers when that is supported for your Sitecore version.
You might see one or more of the following errors when opening XConnect or IdentityServer in your browser:
In your Sitecore logs you might see the following error:
- Sitecore.XConnect.XdbCollectionUnavailableException: An error occurred while sending the request.
Windows 11 with IIS introduces TLS 1.3, which apparently breaks functionality with XConnect, causing installations to fail and XConnect to be unreachable. To solve this, you can disable TLS 1.3 on the binding of your XConnect website in IIS as follows:
- Open IIS Manager
- Go to your XConnect website
- Click on Bindings
- Open the SSL (https) binding
- Check the checkbox that states “Disable TLS 1.3 over TCP”
Make sure when your installation through SIF is running, that you refresh IIS, and as soon as you see XConnect and the HTTPS binding that you disable the TLS 1.3 option. This has to be done at least before SIF tries to start the Marketing Automation Service.
Execute the same change for your IdentityServer and other apps, as otherwise you may get issues when opening them in your browser.
Disable TLS 1.3 for IIS system wide
If you want to disable TLS 1.3 for your entire system, execute the following powershell. The steps as shown above are no longer needed.
New-Item ` 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' ` -Force | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' ` -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server' ` -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null