Home General Discussion

Microsoft modifications TLS1.2 and basic authentication

Stephane_BouillonStephane_Bouillon Customer Adept IT Monkey ✭✭
edited November 9 in General Discussion

Hi, our notifications stopped working recently. Most likely it is linked to the TLS changes that have been pushed (we run exchange online). Is there a documentation describing what we need to change on the SCSM/Cireson environment to get it back up and running ?

Kindest regards,

Stephane

Best Answer

Answers

  • Stephane_BouillonStephane_Bouillon Customer Adept IT Monkey ✭✭

    It may also have to do with the discontinuation of basic authentication

    Stephane

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    Are you referring to the Notification channel for sending out emails directly from SCSM?

  • Stephane_BouillonStephane_Bouillon Customer Adept IT Monkey ✭✭

    I'm not sure. We use the notify analyst settings in the console


  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    All the admin panels utilize the notification channel to send email.

    It only has the options of Anonymous and Windows Integrated.

    We utilize a mail relay to send this email out to O365.

  • Stephane_BouillonStephane_Bouillon Customer Adept IT Monkey ✭✭

    This is the error I found in the event log:

    Log Name:   Operations Manager

    Source:    OpsMgr SDK Client

    Date:     29-11-22 16:57:21

    Event ID:   40002

    Task Category: None

    Level:     Error

    Keywords:   Classic

    User:     N/A

    Computer:   HQSCSMMS02.multi.be

    Description:

    The System Center Data Access service client failed to send a notification to the SMTP server at owa.multipharma.be:25 using the authentication method WindowsIntegrated.

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

     <System>

      <Provider Name="OpsMgr SDK Client" />

      <EventID Qualifiers="32768">40002</EventID>

      <Level>2</Level>

      <Task>0</Task>

      <Keywords>0x80000000000000</Keywords>

      <TimeCreated SystemTime="2022-11-29T15:57:21.124783800Z" />

      <EventRecordID>5893000</EventRecordID>

      <Channel>Operations Manager</Channel>

      <Computer>HQSCSMMS02.multi.be</Computer>

      <Security />

     </System>

     <EventData>

      <Data>owa.multipharma.be</Data>

      <Data>25</Data>

      <Data>WindowsIntegrated</Data>

     </EventData>

    </Event>


    My network admin said it fails with error AlgorithmMismatch (it needs TLS 1.2)

    How can I configure that ?

    Stephane

  • Brian_WiestBrian_Wiest Customer Super IT Monkey ✭✭✭✭✭

    Don't think you can update the login method for TLS. We have fully configured SCSM to run fully on TLS1.2 but we use anonymous SMTP with a IP allow list. This way we are not authenticating with the relay and the relay will only allow specific IP's to connect. HTH

  • Stephane_BouillonStephane_Bouillon Customer Adept IT Monkey ✭✭
    Answer ✓

    Hi, I forced the use of TLS1.2 on the SCSM server(s) by following the instructions below, and it now works again.

    Thanks a lot for your time and effort,

    Stephane

Sign In or Register to comment.