This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 91%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
We have some URLs that only accept TLS 1.2 connections and this seem to impact SCOM Web Application Availability tests. Is there a way to force these tests to use TLS 1.2?
Hi @Stephen Morrison ,
What version and Update Rollup of SCOM are you currently running?
Have you enabled TLS 1.2 for your SCOM environment?
How to implement Transport Layer Security 1.2
https://learn.microsoft.com/en-us/system-center/scom/plan-security-tls12-config?view=sc-om-2019
TLS 1.2 Protocol Support Deployment Guide for System Center 2016
https://support.microsoft.com/en-us/help/4051111/tls-1-2-protocol-support-deployment-guide-for-system-center-2016
----------
(If the reply was helpful please don't forget to upvote or accept as answer, thank you)
Best regards,
Leon
We are currently on 1807. I have seen these guides but have not checked our settings to these yet. I was unsure if this would resolve the Templates or if this just affected the internal communication and SCOM Web Console.
After applying the registry changes via the powershell commands and a reboot I now have application crashes and the server is grey
Application: Microsoft.Mom.Sdk.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.EnterpriseManagement.Common.SdkServiceNotInitializedException
at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.get_Container()
at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SdkSubService+SdkChannel.Start()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
and
Faulting application name: Microsoft.Mom.Sdk.ServiceHost.exe, version: 7.3.13261.0, time stamp: 0x5b2d99e7
Faulting module name: KERNELBASE.dll, version: 10.0.17763.1432, time stamp: 0x9b30685b
Exception code: 0xe0434352
Fault offset: 0x0000000000039689
Faulting process id: 0x1688
Faulting application start time: 0x01d6a1b1a2ce1469
Faulting application path: D:\Program Files\Microsoft System Center\Operations Manager\Server\Microsoft.Mom.Sdk.ServiceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 633aa06e-0717-47cf-9f9d-875e593c1de0
Faulting package full name:
Faulting package-relative application ID:
You can go through Kevin’s blog post over here:
https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom
For now I agree with Crystal, a rollback of the settings is probably smart to get your SCOM environment healthy again.
After that go through the blog post by Kevin.
I would also encourage you to plan an upgrade to SCOM 2019, as SCOM 1807 has reached end of support some time ago.
Once I updated the SQL Client and Drivers the application errors stopped.
I was able to confirm that after making these changes and using a packet capturing tool SCOM is using TLS 1.2 for the URL tests. I have modified all the Management Servers and Gateways and all things remain healthy.
Unfortunately this didn't solve the issue I was having with the monitor as the packet capture shows a certificate being passed.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Stephen Morrison , Thanks for the update. I am glad to hear that SCOM is using TLS 1.2 for the URL tests.And all the servers are healthy.
For the issue that the packet capture shows a certificate being passed, Could you get screen shot to better understand the issue? Thanks!
I have posted another question to not confuse this thread.
@Stephen Morrison , Thanks for submitting the new thread. We will discuss this issue in our new thread. Thanks and have a nice day!
@Stephen Morrison ,From your description, it seems the system center SDK service are failed to start after changing the registry key to enforce TLS 1.2. Here, we suggest to change it back to see if everything will turn well.
After everything is working well, we can use the script and MP in the following Kevin's blog to check if we can enforce TLS 1.2 in our environment. After confirming everything is prepared, then we can plan to enforce TLS 1.2
https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom/
Note: Non-Microsoft link, just for the reference.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @stephenwianata ,
I had the same issue once after playing with TLS settings. What you need to do is what Leon also mentioned:
I will be happy if you update the post afterwards.
Thanks and Regards,
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Stoyan