Share via

How to deal with installing KB3140245 on windows server 2012R2 64-bit english

文栋 郑 0 Reputation points
2025-12-14T10:07:16.9033333+00:00

I want to install trellix ePO 5.10 SP1 on windows server 2012 R2 64 bit English, Error displayed as "An attempt to establish a test connection to the SQL server [servername] failed. The sql server used by trellix ePO must support a secure communication with TLS 1.1 or 1.2. Please see KB90222 for more informaton.

In the KB90222, reminder me to install KB3140245. But when I download this update and install, here is a note: The update is not applicable to your compute.

So I wonder how to solve this problem?

Thanks.

Windows for business | Windows Server | Devices and deployment | Install Windows updates, features, or roles
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-14T10:08:34.3266667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To resolve the issue with installing KB3140245 on Windows Server 2012 R2 64-bit, ensure that your system meets the prerequisites for the update. The error message indicating that the update is not applicable could be due to several reasons:

    1. Operating System Version: Verify that your Windows Server 2012 R2 is fully updated. Sometimes, certain updates require previous updates to be installed first.
    2. Architecture Compatibility: Ensure that you are downloading the correct version of the update for your system architecture (64-bit).
    3. Update Relevance: Check if KB3140245 is indeed relevant for your specific version of Windows Server 2012 R2. You can refer to the Microsoft update catalog or documentation for more details.
    4. Registry Settings: If you are enabling TLS 1.1 or 1.2, make sure that the necessary registry settings are configured correctly as per the guidelines provided in relevant Microsoft documentation.

    If you continue to face issues, consider reaching out to Microsoft support or checking the forums for similar cases. Additionally, ensure that you have the latest updates for the .NET Framework, as this can also affect the installation of certain updates and features.

    References:

    0 comments
  2. VPHAN 11,375 Reputation points Independent Advisor
    2025-12-14T10:41:35.1966667+00:00

    Hi 文栋 郑,

    The "Not Applicable" error you are encountering with KB3140245 on Windows Server 2012 R2 typically means that your system already has a later Monthly Rollup installed which supersedes that specific patch, or you are missing the prerequisite Servicing Stack Update (SSU) and the April 2014 Update Rollup (KB2919355). Since KB3140245 was released years ago, it is highly probable that your OS binaries already support TLS 1.2, but the operating system and the .NET Framework are simply not configured to use it by default. The Trellix ePO installer relies on the .NET Framework for its database connectivity checks, and on Server 2012 R2, .NET will attempt to negotiate older protocols unless explicitly forced to use strong cryptography.

    To resolve the SQL connection failure without reverting or fighting with individual KBs, you need to enforce TLS 1.2 via the Windows Registry. Open regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319. Create a new DWORD (32-bit) Value named SchUseStrongCrypto and set its value to 1. You must repeat this step for the 32-bit subsystem by navigating to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 and adding the same SchUseStrongCrypto value set to 1. This registry change forces applications dependent on .NET 4.0+ (like the ePO installer) to use TLS 1.2 rather than defaulting to the disabled TLS 1.0/1.1 protocols. A reboot is required for these changes to take full effect.

    If the installation still fails after the reboot, verify that the SQL Server Native Client installed on the ePO server is updated to a version that supports TLS 1.2. The base version of SQL Native Client 11.0 that comes with Server 2012 R2 often does not support TLS 1.2; you may need to download and install the latest Microsoft SQL Server 2012 Native Client QFE patch to ensure the driver itself can handle the handshake.

    I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer . Should you have more questions, feel free to leave a message. Have a nice day!

    VP

    0 comments
  3. VPHAN 11,375 Reputation points Independent Advisor
    2025-12-15T19:19:46.4866667+00:00

    Hello,

    I am following up to see if you were able to resolve the Trellix ePO installation error regarding TLS. As previously noted, the "Update not applicable" message confirms your Windows Server 2012 R2 is already patched beyond the requirements of KB3140245, so the issue is a configuration mismatch rather than a missing update. The solution is to explicitly force the .NET Framework to use TLS 1.2 by creating the SchUseStrongCrypto DWORD value (set to 1) in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 and the corresponding Wow6432Node registry paths. If the installer still fails after a reboot, you must ensure your SQL Native Client driver is updated to a version that supports TLS 1.2, as the default driver on Server 2012 R2 is often too old to negotiate the secure handshake required by ePO.

    If the issue has been successfully resolved, please consider accepting the answer as it helps other people sharing the same question benefit too. Thank you!

    VP

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.