Active Directory
A set of directory-based technologies included in Windows Server.
6,799 questions
What happens if you disable TLS 1.3?
SSPR Writeback Issue: "A call to SSPI failed" Error with CommunicationException
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 54%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Arun
0
Reputation points
Hello Community,
I am facing an issue with SSPR (Self-Service Password Reset) writeback functionality. The error log indicates a problem with the communication between the client and the server, stating they "do not possess a common algorithm." as both TLS 1.2 and 1.3 are enabled for both client and server and there are no blocker from **.passwordreset.microsoftonline.com and .servicebus.windows.net network connection
Any insights or guidance would be greatly appreciated.
Error details:
TrackingId: f84409eb-8efc-467-a12-1af76246f, Listener for Namespace: ssprdedicatedsbprodeus2-1, Endpoint: 5a9a9255-4f8d-96eb-dba7f0bd47b8_5572cfb-c116-4f82-8a37-bc159005d44 offline Event. Last error encountered System.ServiceModel.CommunicationException: A call to SSPI failed, see inner exception. ---> System.IO.IOException: A call to SSPI failed, see inner exception. ---> System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest, Boolean renegotiation)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState)
at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.ServiceBus.ServiceBusClientWebSocket.ConnectAsyncResult.<>c__DisplayClass23_0.<GetAsyncSteps>b__2(ConnectAsyncResult thisPtr, TimeSpan t, AsyncCallback c, Object s)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state)
--- End of inner exception stack trace ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.ServiceBus.Common.AsyncResult.EndTAsyncResult
at Microsoft.ServiceBus.ServiceBusClientWebSocket.EndConnect(IAsyncResult result)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.StepCallback(IAsyncResult result)
--- End of inner exception stack trace ---
at Microsoft.ServiceBus.RelayedOnewayListener.RelayedOnewayAmqpListenerClient.AmqpRelayedConnection.Open(TimeSpan timeout)
at Microsoft.ServiceBus.RelayedOnewayListener.RelayedOnewayAmqpListenerClient.GetOrCreateConnection(Uri via, TimeSpan timeout)
at Microsoft.ServiceBus.RelayedOnewayListener.RelayedOnewayAmqpListenerClient.Connect(TimeSpan timeout)
at Microsoft.ServiceBus.RelayedOnewayTcpClient.EnsureConnected(TimeSpan timeout, Boolean isRetry), Details: Version: 5.0.922.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda 10,955 Reputation points Microsoft Vendor2025-01-09T21:50:10.7266667+00:00 Hi @Arun
Thank you for reaching Microsoft Q&A Forum!
Based on the error message you provided it says that they "do not possess a common algorithm." This could be due to a mismatch in the SSL/TLS protocols used by the client and server.
Try by Enable TLS 1.2 for Microsoft Entra Connect and enable TLS 1.3
Ensure that your firewall or proxy settings are not blocking the passwordreset.microsoftonline.com and. servicebus.windows.net network connection.
once you done, restart the Entra Connect Sync service and disable and re-enable the password writeback feature -
Arun 0 Reputation points
2025-01-09T21:59:46.6166667+00:00 Hello @Akhilesh Vallamkonda
Thank you for looking into this. As mentioned in my question, both TLS 1.2 and 1.3 are already enabled, and there are no network connectivity issues with servicebus.windows.net or passwordreset.microsoftonline.com. -
Akhilesh Vallamkonda 10,955 Reputation points Microsoft Vendor
2025-01-10T20:37:43.0566667+00:00 Hi @Arun
It might be issue with the version of Entra Connect. Install the latest Microsoft Entra Connect release and see if the issue is resolved. -
Akhilesh Vallamkonda 10,955 Reputation points Microsoft Vendor
2025-01-13T18:39:51.3866667+00:00 Hi @Arun
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment