Tags: ie 9

12/21/12

  04:08:00 pm, by The Dreamer   , 983 words  
Categories: Digital Photography, Software, Travel, Home, Windows, VirtualBox, Quicken/TurboTax

Quicken 2012 Premier One Step Update started failing....

Earlier this month my Quicken 2012 Premier stopped being able to get updates from Discover, Target, Commerce Bank and my Credit Union. But, only on one computer. I run Quicken 2012 Premier in a VM (since I no longer have any native Windows hardware around), and I have my quicken data file in Dropbox so that I can keep my records up to date whether I'm at home or on the road.

This actually came about when zen died, I needed to get my records updated and keep them updated (and later be able to do my taxes...as things dragged out.)

So, I had reinstalled Quicken 2012 Premier into the Windows XP VM on my laptop, since zen died a couple days before I went to Gallifrey One...and I did the Quicken recovery while I was at Gallifrey one.

Later when I was home, I repeated the process into my Windows XP VM on orac. Orac became my main home computer while zen was out of commission. But, eventually I got zen going again, and it was time to set up a new Windows VM on there. Not being able to locate the other copy of my WXP SP3 OEM image (that I got just before they stopped selling them)... though later I found I have a Windows XP - 64-bit OEM CD. Wonder what was I thinking? Anyways...I had bought a Windows 7 Professional Full, during the attempt to revive zen as Windows 7 Professional. (I should finish that post someday...) And, I intend to rebuild old zen into the Windows 7 VM on new zen, but that's been dragging.... But, I did get Quicken 2012 Premier installed and moved to mainly working from there. Though I still have the option now to do Quicken updates when I travel (rather than try to keep notes on what I've spent, etc. and then forget or lose notes by the time I get home)

Which reminds me....I didn't update everything after last trip....hmmm, darn...I have less cash than I thought I did, hopefully it'll be enough to cover incidentals during my next trip....

Anyways the recent problem seemed timed with my return from LISA '12, the Sunday following...updates for 4 of my accounts stopped working. Though now it seems that KB2761465 released on December 11th (during LISA...so it had applied before I finally got around to using Quicken....I initially started it up to let Eye-Fi do its stuff....except I keep forgetting to unpack my digital cameras -- guess I can do that now. :yes: ) Though when I'll get to posting pictures online again...who knows. That part of zen rebuild hasn't happened yet, though I should work on getting the data replication working again at least....

But, the error with Quicken kept pointing to something wrong on my end, like check the time (nope...and NTP is using 4 servers...which in a poster session is the minimum in an unreliable environment for reliable time keeping. And, I do see that 1 of the 4 servers has gone away...) Or if I'm on XP, check if root certificate update is installed. Well, it works on XP....not on 7.

Kind of annoying having to go to XP on Orac to do One Step Updates....etc. So after a week, I decided that the problem wasn't going to fix itself and Quicken was still pointing to my connection as being the problem. But, 7 other accounts were updating fine....though it was also going much more slowly...

I had been seeing complaints about slowness recently online....though the hits for connection errors were old and/or unhelpful.

So, since the world didn't end today...I decided that it was time to investigate more in depth....

I eventually did notice in Windows Event Log, Schannel errors - Event ID 36888 that seemed to coincide with failed attempts. Which didn't yield much in helpful hits online...at first.

But, this seemed to indicate some kind of SSL connection problem with Quicken...so I compared the security settings of IE9 on Windows 7 and IE8 on Windows XP. There were some differences...like though more in that IE9 has more security options like TLS 1.1 and TLS 1.2 (though it had TLS 1.0 unchecked...so I checked TLS 1.0 ... its was checked on XP and it was the only TLS option. Both SSL 2.0 and 3.0 were checked on XP, but I didn't feel that was necessary...though I tried it at one point.) That didn't help.

But, eventually, I saw that the Event 36888, Schannel was giving a fatal alert 43...which I then found to mean TLS1_ALERT_UNSUPPORTED_CERT. So, I did a packet capture to see where it was connecting to and tried connecting there myself. Well, those sites worked...though I was trying them in Chromium on FreeBSD. And, they also worked in Chrome on Windows 7. But, finally when I tried in IE9, they didn't work. The troubleshooter was no help. But, it was in IE9 that I confirmed that I could get to sites that had the same issuer cert for an intuit/quicken domain. So, there was something specific to the sites.

Finally, I decided to connect to the problem site using openssl to see what its sending during the negotiation. Hmm, its doing TLSv1. Well, I turned on TLS 1.0, wonder if TLS 1.1/1.2 being on causes problems. During my search, I had read somewhere that TLS 1.2 enabled would prevent SSL 2.0 from happening...enabled or not. Wonder if it also prevents TLS 1.0?

Answer...YES....TLS1.2 is causing problems.

Unchecking it (so SSL 3.0, TLS 1.0 and TLS 1.1 are the only ones checked). Fixed all my connection problems. I did updates of the accounts individually first (my credit union, then Discover, then Target, though Target failed with a different error because I had tried disabling and the reconfiguring Discover and Target...and Quicken hadn't relearned all the extra security passwords needed yet.

Then, I tried updating all the accounts at once...at first it seemed that it was going to go slowly still. But, once it updated one of the problem accounts, it suddenly started them in bunches and in a blink it was done.

:cool:

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 2 months 21 hours 4 minutes and 48 seconds until the end of time.
And, it has been 4 years 10 months 27 days 16 hours 58 minutes and 8 seconds since The Doctor saved us all from the end of the World!

Search

November 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 1
This seal is issued to lawrencechen.net by StopTheHacker Inc.
powered by b2evolution free blog software

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime