none
SHA256 cert updates fails.

    Question

  • I've tried to follow this blog to upgrade my certs to SHA256


    https://blogs.technet.microsoft.com/momteam/2017/03/01/deprecating-sha1-certificates-in-system-center-operations-manager-for-unixlinux-monitoring

    And I've tried via SCOM console, and by script.  Out of 4 servers, 3 went critical with the following error from the task:

    The server certificate on the destination computer (abc.mydomain.nz:1270) has the following errors:
    The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.
    The SSL certificate is signed by an unknown certificate authority.

    Restarting the agent doesn't fix it.

    SCOM throws an alert that the SSL Certificate used by the agents has a configuration error.

    2 of the servers I re-ran the task, triggered maintenance mode, and restarted the agent. This made it work again.

    1 server I restarted agent twice (once it went gray in scom), repushed the Update Cert task, restarted agent, maintenance mode (6 minutes). Came back up Green, but running Verify Certificate brought up the error above.  Rerunning the verify task eventually came back as SHA256, but takes several tries otherwise the first error is returned.

    I need to mass do all our linux boxes, so I'm hoping someone could shed some light on this.

    Thanks

    Darren

    Monday, March 06, 2017 1:05 AM

Answers

  • Resolved. If you have multiple management servers, all the servers in the Resource pool need their certs imported again after UR12 before you do the SHA256 task.
    • Marked as answer by Darren Joyce Monday, March 06, 2017 8:51 PM
    Monday, March 06, 2017 8:51 PM