This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
roehmdo1
Absent Member.
Absent Member.
‎2016-06-25 20:53
2815 views

Agent wont talk after Windows June 2016 Rollup MS KB3161608

on 06/2116 MS released KB3161608 and after installing that patch, the zcm agent wont talk to the server anymore.. I believe it has something to with ssl key lengths ??...I in-install that KB3161608 and all is fine again... any ideas on what I can do to make it work with this patch ??
Server is ZCM 11.3.2
thanks
Labels (2)
Labels
0 Likes
Reply
Report Inappropriate Content
8 Replies
CRAIGDWILSON
Micro Focus Expert
Micro Focus Expert
‎2016-06-25 22:31

AFAIK, There are not any recent patches from MS in this area, but since that is a rollup patch, if your systems were seriously out of date there could be a number of things.

There was the SSL Poodle that was fixed in 11.3.2 FRU1 - This deals with Ciphers.
https://www.novell.com/support/kb/doc.php?id=7016205


In regards to Key Lengths, I vaguely recall a recent fix that blocked short keys but nothing specific.
Are you using an External CA? What is it's Key-length.

By Default, ZCM uses 2048 Certs, so there is no issue there.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Reply
Report Inappropriate Content
roehmdo1
Absent Member.
Absent Member.
‎2016-06-26 03:40

windows system was totally up-to-date before this... updates automatically applied in windows update.. the server does have the 11.3.2 FRU1 update applied..wierd that if I un-install this one KB3161608 all is fine again.. We use the ZCM self-signed internal certificate... (running on SLES 11 SP3)...how can I verify the key length currently on the ZCM server ?
0 Likes
Reply
Report Inappropriate Content
bschilliger
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2016-06-27 10:14

The same here!

We have added this key in the registry as quick'n'dirty workaround:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"ClientMinKeyBitLength"=dword:00000200

Not the best solution, but after everything was ok!
0 Likes
Reply
Report Inappropriate Content
CRAIGDWILSON
Micro Focus Expert
Micro Focus Expert
‎2016-06-27 13:06

Thanks to Everyone!
I have emails out to lots of folks.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Reply
Report Inappropriate Content
CRAIGDWILSON
Micro Focus Expert
Micro Focus Expert
‎2016-06-27 14:03

CRAIGDWILSON;2432736 wrote:
Thanks to Everyone!
I have emails out to lots of folks.


https://www.novell.com/support/kb/doc.php?id=7017778 has been Created for This issue.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Reply
Report Inappropriate Content
CRAIGDWILSON
Micro Focus Expert
Micro Focus Expert
‎2016-06-27 15:22

This may be related to an older MS Security Fix last Fall:
See - https://www.novell.com/support/kb/doc.php?id=7016544

This only impacted Satellite, not Primary Communications.
There are also FTFs for ZCM 11.3.x at download.novell.com
Reference "Logjam" from Sept 2015.

ZCM 11.4.x is not impacted.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Reply
Report Inappropriate Content
CRAIGDWILSON
Micro Focus Expert
Micro Focus Expert
‎2016-06-27 15:23

See - https://www.novell.com/support/kb/doc.php?id=7016807 for even more details.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Reply
Report Inappropriate Content
roehmdo1
Absent Member.
Absent Member.
‎2016-06-27 20:23

OK - I applied the cipher update from https://www.novell.com/support/kb/doc.php?id=7016807 and all seems fine now.. thanks for all your help
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.