Failed to initialize security context for target. The error returned is 0x80090342.

Sean de Fraine 1 Reputation point
2023-05-11T14:00:36.64+00:00

Hi,

Have SCOM2016 running on a 2012r2 server.

Just installed a Windows 2019 server and pushed the agent ok, yet we get the following error on that 2019 server trying to connect back to SCOM. They are on the same domain.

Any ideas muchly appreciated as I am all googled out for that specific error.

"Failed to initialize security context for target MSOMHSvc/server.domain. The error returned is 0x80090342(The encryption type requested is not supported by the KDC.) This error can apply to with the Kerberos or the SChannel package."

Source: OpsMgr Connector
EventID: 20057

Cheers,

Sean

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,433 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. VasimTamboli 4,780 Reputation points
    2023-05-11T19:33:22.8066667+00:00

    The error message you're encountering, "Failed to initialize security context for target MSOMHSvc/server.domain. The error returned is 0x80090342," indicates an issue with the encryption type requested by the Kerberos Key Distribution Center (KDC) or the SChannel package.

    Here are a few troubleshooting steps you can try to resolve the issue:

    Verify the encryption settings: Ensure that both the SCOM server (running on the 2012 R2 server) and the Windows 2019 server have compatible encryption settings. Check the encryption algorithms and encryption levels configured on both systems and ensure they match.

    Check time synchronization: Make sure that the clocks on both the SCOM server and the Windows 2019 server are synchronized. Time differences between the systems can cause authentication failures.

    Confirm Kerberos configuration: Validate the Kerberos configuration on both servers. Ensure that the Kerberos settings are properly configured and that the necessary SPN (Service Principal Name) is registered for the SCOM server.

    Check for SPN conflicts: Verify that there are no conflicts with SPNs associated with the SCOM server. Ensure that the SPN for the SCOM server is unique and not registered to any other account or service.

    Review firewall settings: Check the firewall settings on both servers to ensure that the necessary ports are open for communication between the SCOM server and the Windows 2019 server.

    Restart services: Restart the System Center Management service (HealthService) on the SCOM server and the SCOM agent service on the Windows 2019 server to ensure a fresh start and to apply any configuration changes.

    If the issue persists after trying these steps, you may need to involve your IT infrastructure team or Microsoft Support for further assistance in troubleshooting the specific error and resolving the connectivity problem between SCOM and the Windows 2019 server.

    0 comments No comments

  2. XinGuo-MSFT 15,246 Reputation points
    2023-05-12T02:01:09.79+00:00

    Hi,

    You may need both TCP/UDP (5723) for LDAP and Kerberos. Hopefully after opening the UDP ports the issue will be resolved.

    0 comments No comments