none
Unable to connect scom 2016 console after disabling TLS 1.0 RRS feed

  • Question

  • Hi Experts,

    I have 5 Management Servers of SCOM 2016 all are in same Management group , previously all MS are working on TLS 1.0 .

    Now i got requirement to disable TLS1.0 for this I installed update rollup 7 of SCOM 2016 in it and then disable tls 1.0  after that I am able to connect scom console in 2 Management Servers but in  rest  3  MS unable to connect scom console after disabling TLS 1.0 .

    Can you please suggest any possible reason of above issue.

    Thanks & Regards,

    Abhinash Kumar 

    +91 8210703044
    Friday, July 26, 2019 1:48 PM

Answers

  • Did you follow the procedure for disabling legacy TLS?

    https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom/

    • Marked as answer by Abhinash_1 Tuesday, July 30, 2019 6:01 AM
    Friday, July 26, 2019 2:15 PM
  • Hi,

    The article provided by CyrAz is a good and detailed article. If two management servers work with TLS 1.2, it is suggested to reboot the remaining three servers (one or two times) to see if it helps.

    Hope the above information helps.

    Regards,

    Alex Zhu
    -----------------------------------------------
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    • Marked as answer by Abhinash_1 Tuesday, July 30, 2019 6:01 AM
    Monday, July 29, 2019 1:37 AM

All replies

  • Did you follow the procedure for disabling legacy TLS?

    https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom/

    • Marked as answer by Abhinash_1 Tuesday, July 30, 2019 6:01 AM
    Friday, July 26, 2019 2:15 PM
  • Hi,

    The article provided by CyrAz is a good and detailed article. If two management servers work with TLS 1.2, it is suggested to reboot the remaining three servers (one or two times) to see if it helps.

    Hope the above information helps.

    Regards,

    Alex Zhu
    -----------------------------------------------
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    • Marked as answer by Abhinash_1 Tuesday, July 30, 2019 6:01 AM
    Monday, July 29, 2019 1:37 AM
  • Authentication and data encryption between the management server and the Operations console is accomplished by using Windows Communication Foundation (WCF) technology. The initial attempt at authentication is made by using the user's credentials. The Kerberos protocol is attempted first. If the Kerberos protocol does not work, another attempt is made using NTLM. If authentication still fails, the user is prompted to provide credentials. After authentication has taken place, the data stream is encrypted as a function of either the Kerberos protocol or SSL, if NTLM is used.
    Kerberos does not have a native dependency on TLS. More likely, the problem may not come from connection between console and MS. Besides restarting 3 MS, also check any error of this MS to provide a cue of the issue source.
    Roger
    Monday, July 29, 2019 3:45 AM