Scom console error when reconfiguring log analytics connection

 

Error in scom console when you click on Azure Log Analytics -> Connection-> Re-Configure Log Analytics. This happens due to SSL settings for using a strong encryption being enforced by Microsoft. SCOM applies the same settings as Internet explorer settings for the console.

 

 

You may also see the following text when you click on details for the error:

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://usbn1.service.oms.microsoft.us/Config/SettingService.svc/ServiceSettings. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://service.systemcenteradvisor.com/Config/SettingService.svc/ServiceSettings. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

 

Solution:

Add the following registry key to your console computer.

Copy the following text into a notepad and save the file as ".reg " instead of "txt". Relaunch the console and complete the log analytics reconfiguration.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Making a web request using powershell and reading response

## Sending a web request to a url and getting a response back.
$urlresponse = $null
$response = $null
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$strURI = "https://www.bing.com"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$req = [Net.WebRequest]::CreateHttp($strURI)
$response = $req.GetResponse() ;
[System.IO.Stream]$datastream = $response.GetResponseStream()
$streamreader = New-Object  System.IO.StreamReader($datastream)
$urlresponse = $streamreader.ReadToEnd();
Write-Host $response.ProtocolVersion  -ForegroundColor Yellow
Write-Host $req.servicepoint.certificate.GetExpirationDateString()  -ForegroundColor Yellow
Write-host $req.ServicePoint.Certificate.GetIssuerName()  -ForegroundColor Yellow
## Write-Host $urlresponse -ForegroundColor Yellow ## Should be commented if you expect the response to be too large
$response.Close() | Out-Null;