Home General Discussion

Microsoft modifications TLS1.2 and basic authentication

Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
edited November 2022 in General Discussion

Hi, our notifications stopped working recently. Most likely it is linked to the TLS changes that have been pushed (we run exchange online). Is there a documentation describing what we need to change on the SCSM/Cireson environment to get it back up and running ?

Kindest regards,

Stephane

Best Answer

Answers

  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭

    It may also have to do with the discontinuation of basic authentication

    Stephane

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    Are you referring to the Notification channel for sending out emails directly from SCSM?

  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭

    I'm not sure. We use the notify analyst settings in the console

    image.png


  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    All the admin panels utilize the notification channel to send email.

    image.png

    It only has the options of Anonymous and Windows Integrated.

    We utilize a mail relay to send this email out to O365.

  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭

    This is the error I found in the event log:

    Log Name:   Operations Manager

    Source:    OpsMgr SDK Client

    Date:     29-11-22 16:57:21

    Event ID:   40002

    Task Category: None

    Level:     Error

    Keywords:   Classic

    User:     N/A

    Computer:   HQSCSMMS02.multi.be

    Description:

    The System Center Data Access service client failed to send a notification to the SMTP server at owa.multipharma.be:25 using the authentication method WindowsIntegrated.

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

     <System>

      <Provider Name="OpsMgr SDK Client" />

      <EventID Qualifiers="32768">40002</EventID>

      <Level>2</Level>

      <Task>0</Task>

      <Keywords>0x80000000000000</Keywords>

      <TimeCreated SystemTime="2022-11-29T15:57:21.124783800Z" />

      <EventRecordID>5893000</EventRecordID>

      <Channel>Operations Manager</Channel>

      <Computer>HQSCSMMS02.multi.be</Computer>

      <Security />

     </System>

     <EventData>

      <Data>owa.multipharma.be</Data>

      <Data>25</Data>

      <Data>WindowsIntegrated</Data>

     </EventData>

    </Event>


    My network admin said it fails with error AlgorithmMismatch (it needs TLS 1.2)

    How can I configure that ?

    Stephane

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    Don't think you can update the login method for TLS. We have fully configured SCSM to run fully on TLS1.2 but we use anonymous SMTP with a IP allow list. This way we are not authenticating with the relay and the relay will only allow specific IP's to connect. HTH

  • Stephane_BouillonStephane_Bouillon Customer Advanced IT Monkey ✭✭✭
    Answer ✓

    Hi, I forced the use of TLS1.2 on the SCSM server(s) by following the instructions below, and it now works again.

    https://support.microsoft.com/en-us/topic/tls-1-2-protocol-support-deployment-guide-for-system-center-2016-58f3daa8-655e-e9e7-dafe-cbbd28203118#bkmk_systemcenter

    Thanks a lot for your time and effort,

    Stephane

Sign In or Register to comment.