SCOM TLS1.2 Upgrade issues with RHEL6 and RHEL7

Question

Hello all Thanks in Advance,

SCOM 2019 UR1

TLS configuration TLS1.2 enabled.
TLS1.0 and TLS 1.2 are disabled
Regedit<XXXXX<SecurityProviders<Schannel< Ciphers<RC4 128/128--> Enabled
Regedit< XXXXX<SecurityProviders<Schannel<Ciphers<Triple DES 168--> Enabled
Regedit< XXXXX<SecurityProviders<Schannel<KeyExchangeAlgorith<PKCS--> Enabled.

Above are the changes performed in the SCOM environment. After making the changes the RHEL8 servers are succesfully communicating and the RHEL6 and RHEL7 communication has been broken. can anybody help on this.

Answer 1

Hi @NikhilGS-9641,

So it seems you have configured TLS 1.2 enforcement in your SCOM environment, to double check that all is configured correctly, you can check Kevin's script & blog post over here:
https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom

Some components in Red Hat Enterprise Linux are configured to use TLS v1.0 even though they provide support for TLS v1.1 or even v1.2, have you ensured your Red Hat Enterprise Linux (RHEL) 6 & 7 are configured for TLS 1.2?

4.13. HARDENING TLS CONFIGURATION
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-hardening_tls_configuration

Note: RHEL 6 is not officially supported by SCOM 2019.

---

(If the reply was helpful please don't forget to upvote or accept as answer, thank you)

Best regards,
Leon

Answer 2

thanks @Leon Laude for the help.

We have performed all the prerequisites in the SCOM test environment. But not performed in the RHEL7 servers. Am seeking the help for what kind of changes needs to be performed for TLS in RHEL7 servers.