When you upgrade Symantec Endpoint Protection Manager (SEPM) from an earlier 12.1 version to 12.1.6 or later, a warning may pop up to advise that you must enable Transport Layer Security (TLS) on any Windows XP or Windows Server 2003 client computers that report into this Symantec Endpoint Protection Manager.
You may see one of the following messages:
The installer detects that you have clients that run Windows XP or Windows Server 2003. By default, TLS is not enabled on these operating systems. As your management server uses HTTPS for communication with XP or Server 2003 clients, make sure TLS is enabled on these clients so that they can communicate with the management server. See the knowledge base article for more information about enabling TLS.
The installer detected clients that run Windows XP or Windows Server 2003. Make sure that TLS is enabled on these clients. Otherwise, these clients will be unable to connect to Symantec Endpoint Protection Manager. A Symantec Knowledge base article explains how to enable TLS. Continue?
Symantec Endpoint Protection Manager 12.1.6 and later, including version 14, disables SSL 3.0 support for HTTPS. If you previously configured the communication between Symantec Endpoint Protection Manager and Symantec Endpoint Protection clients to use the HTTPS protocol, you must enable TLS on the Windows XP and 2003 clients before you upgrade Symantec Endpoint Protection Manager to 12.1.6. Otherwise, these clients can no longer communicate with Symantec Endpoint Protection Manager after the upgrade.
You only need to enable TLS for Symantec Endpoint Protection 12.1.x clients that run Windows XP and Windows Server 2003. Later versions of Windows already have TLS enabled by default.
For version 12.1.x, this scenario applies only if you have enabled HTTPS for client communication. By default, version 12.1.x uses HTTP, not HTTPS. You do not need to take this action for HTTP.
Upgrades to version 14 from 12.1.x retain the protocol that is in use, whether it is HTTP or HTTPS. Only new installations of version 14 enable HTTPS by default.
You can enable TLS through the Control Panel in Windows XP and Windows Server 2003.
In the Control Panel, open Internet Options
Click the Advanced tab, and then click the TLS option/s listed under Security.
Note: This information is provided for your convenience only. For additional information, consult the appropriate Windows documentation.
If you want to disable secure communications between Symantec Endpoint Protection Manager and Symantec Endpoint Protection clients, see the following document: