SMP Server upgrade in place in our test environment has caused the Site Server to no longer communicate with the Notification Server
search cancel

SMP Server upgrade in place in our test environment has caused the Site Server to no longer communicate with the Notification Server

book

Article ID: 274020

calendar_today

Updated On:

Products

Client Management Suite IT Management Suite

Issue/Introduction

The customer did an upgrade in place for the test SMP Server (Notification Server) from Windows Server 2012 R2 to 2016. Since then, the test site server still on 2012 R2 is not able to communicate with the test NS.

Environment

Release: 8.x

Cause

We see these errors in the agent logs:

Request 'HTTPS://NotificationServerName.example.local:443/Altiris/NS/Agent/CreateResource.aspx' failed, COM error: An existing connection was forcibly closed by the remote host (0x80072746)

Configure Server Mode: Failed to obtain the machine resource GUID, error: An existing connection was forcibly closed by the remote host (0x80072746)

Failed to register agent. Registration Status 'Not registered'. Next retry in 1 min.

The certificate was missing a Hash.

Resolution

On the SMP Server, we used IISCryto to view the settings.

We clicked on the "Best Practices" button (above in yellow). We then clicked on the "Apply Button" and rebooted the computer.

This fixed the communication issue.

Refer to the following Microsoft documentation for further information about TLS and Schannel settings:
https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hellman
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/restrict-cryptographic-algorithms-protocols-schannel

Powered by Wolken Software