During the install (or upgrade) of ITMS, SIM (Symantec Installation Manager) failed with the following errors:
Configuration failed.
A critical error occurred:
The client and server cannot communicate, because they do not
possess a common algorithm
Configuration failed while attempting: Configure Notification Server...
Configuration failed.
A critical error occurred:
The request was aborted: Could not create SSL/TLS secure channel.
Configuration failed while attempting: Configure Notification Server...
These are the messages displayed in the installation logs:
Entry 1:
Symantec.Installation.ConfigureNS.StartCurrentTask: starting configuration task
Configure Notification Server....
-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:28 AM, Tick Count: 468937 (00:07:48.9370000), Size: 406 B
Process: SymantecInstallationManager (10092), Thread ID: 10, Module:
SymantecInstallationManager.exe
Priority: 4, Source: Symantec.Installation.ConfigureNS.StartCurrentTask
Entry 2:
ConfigureNS - task_Completed(): Configuration Task Configure Notification
Server... Failed: The request was aborted: Could not create SSL/TLS secure
channel.
The request was aborted: Could not create SSL/TLS secure channel.
[System.Net.WebException @ System.Web.Services]
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest
request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest
request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at Altiris.NS.Installation.ProductConfigurationWebServiceProxy.ConfigureProductWithoutSQL(String path)
at Symantec.Installation.ConfigTask.<StartImpl>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotifica
tion(Task task)
at Symantec.Installation.NSConfiguration.Tasks.SerialTask.
<Start>d__0.MoveNext()
-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:28 AM, Tick Count: 468937 (00:07:48.9370000), Size: 2.39 KB
Process: SymantecInstallationManager (10092), Thread ID: 18, Module:
SymantecInstallationManager.exe
Priority: 1, Source: Symantec.Installation.ConfigureNS.task_Completed
Entry 3:
User prompt request: 'A critical error occurred:
The request was aborted: Could not create SSL/TLS secure channel.
Configuration failed while attempting: Configure Notification Server...':
Result: OK (handled by user)
-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:31 AM, Tick Count: 472468 (00:07:52.4680000), Size: 517 B
Process: SymantecInstallationManager (10092), Thread ID: 18, Module:
SymantecInstallationManager.exe
Priority: 8, Source: Symantec.Installation.Automation.Output.ReportVerbose
Entry 4:
Symantec Management Platform 8.5 (8.5.3075) configuration has failed.
-------------------------------------------------------------------------------
Date: 10/2/2018 10:37:31 AM, Tick Count: 472468 (00:07:52.4680000), Size: 360 B
Process: SymantecInstallationManager (10092), Thread ID: 18, Module:
SymantecInstallationManager.exe
Priority: 1, Source: Symantec.Installation.ConfigureNS.task_Completed
New install or upgrade of ITMS
Mismatch in protocols and ciphers on the SMP and SQL servers.
Make sure the proper protocols (at least TLS 1.0, 1.1, 1.2) and ciphers are set between the SMP server and the SQL server match.
You could use the free tool called IIS Crypto https://www.nartac.com/Products/IISCrypto/Download (download the one with GUI)) and verify what protocols and ciphers are in use and enable the ones that you should have.
Notes:
You may also consider this:
In some scenarios, if the customer is allowing only TLS 1.2 on the SMP and SQL Server, .NET tries to use TLS 1.0 by default and TLS 1.2 needs to be properly called by it.
There are certain places in the registry that need to be modified to force TLS 1.2 to be the only one in use by .NET.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001