Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: New SCOMManagementGroupConnection Fail: The re...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New SCOMManagementGroupConnection Fail: The request was aborted: Could not create SSL/TLS secure channel.
After setting up the SCOM add-on I got the ERROR:
New SCOMManagementGroupConnection Fail: The request was aborted: Could not create SSL/TLS secure channel.
While troubleshooting I found out that PowerShell uses TLS 1.0 as default, and the Splunk web services was configured to use TLS 1.2. I added the following line to \Splunk\etc\apps\Splunk_TA_microsoft-scom\bin\scom_command_loader.ps1 at line 9 and it fixed the problem.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
This could also be fixed by adding the line to the PowerShell profile of the service user set up to run the Splunkd service.
This was a LAB environment running on Windows Server 2016 and Splunk 6.6.2
I'm unsure if this is a bug in the Add-on or my environment?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This problem going to fixed as a part of 2.2.0 development and if you are facing the issue with data collection then possible work around to resolve this issue quickly is:
Add this highlighted line below [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [ Line no: 671] in scom_command_loader.ps1
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12
Also add it over here in this function in scom_command_loader.ps1 [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [ below line No: 734]
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12
This would resolve your issue of data collection.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm getting the same error message as you. Thank you for posting a possible fix to this problem! Did you ever found out if this is a bug in the TA or if it's the environment that should be sat to use TLS 1.2 globally?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Hettervi
The OP posts the solution to the issue as well
While troubleshooting I found out that PowerShell uses TLS 1.0 as default, and the Splunk web services was configured to use TLS 1.2. I added the following line to \Splunk\etc\apps\Splunk_TA_microsoft-scom\bin\scom_command_loader.ps1 at line 9 and it fixed the problem.
Adding the line above fixed the issue for me.
Tech Talk Recap | Mastering Threat Hunting
Observability for AI Applications: Troubleshooting Latency
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
