Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

TLS Deprecation Report always empty

Copper Contributor

The SecureScore web site shows that we have 31 users and 6 agents using TLS 1.0/1.1. It also provides a link to the following report site that is supposed to show me who the users and agents are:

 

https://servicetrust.microsoft.com/AdminPage/TlsDeprecationReport/Download

 

I end up with a page that says "Please click the button to download". When I click the button, it flashes through "Downloading TLS report" and "Downloading 3DES usage report" before showing "Finished" and lovely green check mark. And absolutely nothing else. No report, no download, no instructions.

 

I've tried it with our own organization and a client's. I've tried multiple browsers. Same results. Has anyone had this work?

19 Replies

Same behavior here, and I'm afraid I have no solution/workaround to offer.

Same thing is happening to me for multiple tenancies.

 

best response confirmed by Christopher Hoard (MVP)
Solution

Hi Iangoodale,

 

I have tested this morning on Edge, Chrome and IE and experience the same.

 

@Ryan Heffernanis there anyone you can raise this to? We have multiple reports of community users not being able to download the TLS deprecation report on the service trust page. Nothing downloads. This seems to be a bug as users have tried several browsers including Edge, Chrome and IE. Pretty important to get this report so admins can get users off TLS 1.0/1.1.

 

Best, Chris

Sorry for the problems. I'm doing some digging internally to find out who owns this site and will reply back here with an update. 

Update: We've found the site owner and they are investigating the problem. Thanks for bringing it to our attention. 

Thank you for reporting the issue. The engineering team is working on a fix as a high priority item.  We will update this thread when this is resolved.  Thank you for your patience.

Tried it again today, this time it works fine with Edge. IE still doesn't work, but I can live with that :)

Hi, I download a TLS report and found that the username is blank, could you please check it for me?

Thank you for reporting the issue. Our engineering team has released a new version of our service and we added support for IE 11 and Firefox.

 

We have also fixed for the blank username issue. If username is '-', the service would try to find out the IP address of this record.

 

Please check if it works for you and thanks again for your patience.

Looks like it's working now. Thanks for getting this fixed!

thank you for your reply!

I have tried to download the report again but still having some problems in the username session.new report.png

Hi, thanks for the screenshot.

It could be that some users were connecting to our service before signing in, so that we are not able to identify who the user was.

 

We are having discussions about how we can help with this kind of situation and I'll let you know if we have any updates.

@iangoodale 

 

This seems to still be having issues, I was not able to download the report from Edge, however it did download from IE 

 

unfortunately the report is blank save for the headers 

 

Notice: This report includes 3DES and TLS1.0/1.1 usages.
UserName / IP address, Protocol, Agent, Count, Report Date

We it fetches the report it basically provides the public IP address which is basically the ISP. There is no username info, instead of that it has got the public IP address. 

 

It will be difficult to trace down what is the source. Any ideas here ?

 

@Mohammed Ahmed, the reason why report shows IP addresses instead of user name could be those connections were established by anonymous users or users who were not signed in. It is nearly impossible for services to tell the username when there is no user context in connection.

 

We could ask all users to follow the links below to disable TLS1.0/1.1 and use TLS deprecation report for investigation.

 

Disable TLS1.0/1.1 and enable only TLS1.2

https://social.technet.microsoft.com/Forums/en-US/0b9b9243-9f8c-4777-b0cd-5777793fae19/disable-tls-1...

 

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll

https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-alg...

@Ryan Heffernan I have gone to the site today https://servicetrust.microsoft.com/AdminPage/TlsDeprecationReport/Download and seen there are some legacy connections happening and the graph shows it. However when I download the report it does not have any content showing connections just column headings.

@Ryan Heffernan

16/06/2022 and still broken.
Reports are empty regardless of the browser being used.

Hi Guys

@Ryan Heffernan

@Lei He 

 

Its 30/06/2022 and its still broken. Reports are empty regardless of the browser being used.

 

Can you please escalate or review this?

 

Hi Guys,

Share my script for monitoring afectation after apply TLS deprecation:
https://github.com/Andresji321/MonitoringTLSErrorAzureAD

Good Luck!!!
1 best response

Accepted Solutions
best response confirmed by Christopher Hoard (MVP)
Solution

Hi Iangoodale,

 

I have tested this morning on Edge, Chrome and IE and experience the same.

 

@Ryan Heffernanis there anyone you can raise this to? We have multiple reports of community users not being able to download the TLS deprecation report on the service trust page. Nothing downloads. This seems to be a bug as users have tried several browsers including Edge, Chrome and IE. Pretty important to get this report so admins can get users off TLS 1.0/1.1.

 

Best, Chris

View solution in original post