schannel errors after TLS 1.2 implementation

Forum: Operations Manager4
Viewing 2 posts - 1 through 2 (of 2 total)
  • #230667
    Profile photo of Alex
    Alex
    Participant

    Hi,

    our environment consists of a SCOM 2016 Server on Windows 2016 (core), a SQL Server 2016 on Windows 2016 and a gateway server on Windows 2016 (in another forest).

    As described here SCOM 2016 RU4 supports TLS 1.2 encryption. We installed ODBC 13 on the SCOM server and implemented TLS 1.2 only GPOs resulting in numerous schannel errors on SCOM server. After installing the native client 12 on the SCOM server most went away but the following errors (as info events…) are still present in the operations manager event log:

    DetectDuplicateRelAgnToSrvMonitor.vbs : Script executed with Error Number: -2147467259 Error Details: Encryption not supported on the client.

    Workflow: Microsoft.SystemCenter.Apm.APMComputerSynchronizerRule Encryption not supported on the client.”

    GetOpsMgrDBPercentFreeSpace.vbs : Error Number: 80004005 Error Details: Encryption not supported on the client.

    Microsoft.SystemCenter.SqlBrokerAvailabilityMonitorForPool  OleDb Module encountered a failure 0x80004005 during execution

    GetOpsMgrDWDBWatcherDiscovery.vbs : Error returning discovery data. code = -2147467259

    Each one is accompanied with the following error in the system event log:

    A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    These monitors look like system center core monitoring monitors. I have not found any newer MPs than those I have in the environment.

     

    Has anyone seen those errors after disabling SSL 2.0,3.0,TLS 1.0 and 1.1?

    Thanks Alex

    #230754
    Profile photo of Bobgreen
    Bobgreen
    Participant

    I’ve investigated scripts and I figured out that SCOM Health Service can use TLS 1.2 but scripts in management packs wasn’t adapted for it. Some scripts use OleDb provider which doesn’t support TLS 1.2. I didn’t try but MS released new OleDb driver which should include support TLS 1.2. You can try to update the driver and share results.

    https://www.microsoft.com/en-us/download/details.aspx?id=56730

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.