The customer did an upgrade in place for the test SMP Server (Notification Server) from Windows Server 2012 R2 to 2016. Since then, the test site server still on 2012 R2 is not able to communicate with the test NS.
Release: 8.x
We see these errors in the agent logs:
Request 'HTTPS://NotificationServerName.example.local:443/Altiris/NS/Agent/CreateResource.aspx' failed, COM error: An existing connection was forcibly closed by the remote host (0x80072746)
Configure Server Mode: Failed to obtain the machine resource GUID, error: An existing connection was forcibly closed by the remote host (0x80072746)
Failed to register agent. Registration Status 'Not registered'. Next retry in 1 min.
The certificate was missing a Hash.
On the SMP Server, we used IISCryto to view the settings.
We clicked on the "Best Practices" button (above in yellow). We then clicked on the "Apply Button" and rebooted the computer.
This fixed the communication issue.
Refer to the following Microsoft documentation for further information about TLS and Schannel settings:
https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hellman
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/restrict-cryptographic-algorithms-protocols-schannel