This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 90%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
We have fix Redhat 8.5 same Ciphers and enable update-crypto-policies --set FIPS, and then to push Linux agent from SCOM 2019 MS.
Redhat Ciphers are:
sed -i '27a Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com' /etc/ssh/sshd_config
sed -i '28a KexAlgorithms diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org' /etc/ssh/sshd_config
and setup FIPS and enable it:
update-crypto-policies --set FIPS
fips-mode-setup --enable
when to push Linux agent, it is still to get error from push process:
Failed to install kit. Exit code: 1
Standard Output: Sudo path: /usr/bin/
Extracting...
Installing cross-platform agent ...
----- Installing package: omi (omi-1.6.8-1.ulinux.x64) -----
----- Installing package: scx (scx-1.6.8-1.universal.x64) -----
----- Removing package: scx -----
----- Removing package: omi -----
----- Installing package: omi (omi-1.6.8-1.ulinux.x64) -----
Install failed
Standard Error: package omi-1.6.8-1.x86_64 does not verify: no digest
Please hellp to solve this trouble, Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi,
It seems this version of CentOS has already reached its end of life on 31 December 2021. And all the download links are broken now.
http://isoredirect.centos.org/centos/8/isos/x86_64/
For the current supported versions, we can download it and have a try with FIPS.
http://isoredirect.centos.org/centos/7/isos/x86_64/
http://isoredirect.centos.org/centos/8-stream/isos/x86_64/
Note: the above links are from CentOS, not Microsoft.
Regards
Alex
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Sorry, I don't understand your mean. We just only used Redhat not CentOS.
Hi,
Sorry for the misreading. I have only ubuntu server in hand, and I will download RHEL 8.5 to see if the problem can be reproduced and report back later. Thanks for your kind understanding.
Regards
Alex
Thanks a lot, waiting for your report. :)
Hi,
Thank you for the patience. Here's some update.
If we set system crypto policy to FIPS, it seems it will break the SSH connection. During my test, I encoutered similar problem. When FIPS is enabled, the Linux agent discovery is broken, after it is disabled, the discovery works the subsequent deploying, installing continues.
I will do more research to check if the problem relates to specific distribution or something else and report back once there is any findings.
discovery failed due to ssh error
after disabling FIPS, discovery succeeds
Regards
Alex
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yes, I have already disable FIPS on my test site, It can be push agent to succeeds.
But, the production Linux current was set to FIPS enable mode, so... I can't to solve this case.
May I get your help to get document to for SCOM and FIPS issue.
Thanks your help.
Hi,
Thank you very much for the reply.
For the FIPS issue, unfortunately, it seems there is no existing ducomentation we can find at present. I've tried to ask in the internal discusstion group, it is said "This should be supported in SCOM 2019 UR4 and 2022 UR1."
Regards
Alex
If the answer is helpful, please click "Accept Answer" and kindly upvote it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 42%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Any news on this? We are on 2022 and urgently need FIPS support on RHEL 8! According the doc (https://learn.microsoft.com/en-us/system-center/scom/plan-supported-crossplat-os?view=sc-om-2022) this should work but doesn't. Please help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 49%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I have the same issue when running 2022. I am unable to install and run the agent on RHEL 8 if FIPS is enabled. Has anyone found a work around other than disabling FIPS as that is also not an option for me?