System.ServiceModel.Security.SecurityNegotiationException; Could not establish secure channel for SSL/TLS with authority 'services.idealpos.net'. The request was aborted: Could not create SSL/TLS secure channel.
This article needs fleshing out, so if you are here reading it to solve an active ticket please add some more details, like what TLS keys are present in the registry before the fix, what .NET, windows and POS version are being used on the site with this error.
This solution was first tried on a site running v7 framework and IKM 2.0, upgrading to v8 framework and IKM 3.0.0.3 did not resolve the issue. The machine was also on windows 10, had no outstanding updates for OS or .NET.
I checked the registry as per another solution about TLS 1.0 and 1.1 keys not being present in the registry, however as of September 2025 we no longer use 1.0 and 1.1 for licensing.
As a speculative fix I added the follow keys to the registry with success;
; Enable TLS 1.2 Client and Server
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
; Enable strong cryptography for .NET Framework 4.x (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
; Enable strong cryptography for .NET Framework 4.x (32-bit on 64-bit OS)
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
At this point I am unsure if enablingstrong cryptography is needed or not, it would be good to test next time this solution is used so we can make as little registry change as possible to resolve the issue.
A .reg file is attached with the above keys included, note that a reboot of the machine is needed for these changes to take effect.