Force TLS 1.2 in Web Application Availability Templates

Stephen Morrison 96 Reputation points
2020-10-13T17:23:29.797+00:00

We have some URLs that only accept TLS 1.2 connections and this seem to impact SCOM Web Application Availability tests. Is there a way to force these tests to use TLS 1.2?

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,505 questions
0 comments No comments
{count} votes

Accepted answer
  1. Leon Laude 85,831 Reputation points
    2020-10-13T17:59:16.833+00:00

    Hi @Stephen Morrison ,

    What version and Update Rollup of SCOM are you currently running?

    Have you enabled TLS 1.2 for your SCOM environment?

    How to implement Transport Layer Security 1.2
    https://learn.microsoft.com/en-us/system-center/scom/plan-security-tls12-config?view=sc-om-2019

    TLS 1.2 Protocol Support Deployment Guide for System Center 2016
    https://support.microsoft.com/en-us/help/4051111/tls-1-2-protocol-support-deployment-guide-for-system-center-2016

    ----------

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)

    Best regards,
    Leon


2 additional answers

Sort by: Most helpful
  1. Crystal-MSFT 50,331 Reputation points Microsoft Vendor
    2020-10-14T02:39:13.457+00:00

    @Stephen Morrison ,From your description, it seems the system center SDK service are failed to start after changing the registry key to enforce TLS 1.2. Here, we suggest to change it back to see if everything will turn well.

    After everything is working well, we can use the script and MP in the following Kevin's blog to check if we can enforce TLS 1.2 in our environment. After confirming everything is prepared, then we can plan to enforce TLS 1.2
    https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom/
    Note: Non-Microsoft link, just for the reference.

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. SChalakov 10,396 Reputation points MVP
    2020-10-14T07:27:23.767+00:00

    Hi @stephenwianata ,

    I had the same issue once after playing with TLS settings. What you need to do is what Leon also mentioned:

    • Follow Read's article
    • Download the script
    • Download the prerequisites
    • Important: Install them manually (do not count on the script)
    • Run the script to update the registry settings.
    • Reboot and try to start the service.

    I will be happy if you update the post afterwards.

    Thanks and Regards,

    ----------

    If the response is helpful, please click "Accept Answer" and upvote it.
    Stoyan

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.