To enable TLS protocol version 1.2 in your System Center environment, follow these steps:
-
Install updates from the release.
Notes
-
Service Management Automation (SMA) and Service Provider Foundation (SPF) must be upgraded to their most recent update rollup because UR4 does not have any updates to these components.
-
For Service Management Automation (SMA), upgrade to Update Rollup 1, and also update the SMA management pack (MP) from this Microsoft Download Center webpage.
-
For Service Provider Foundation (SPF), upgrade to Update Rollup 2.
-
System Center Virtual Machine Manager (SCVMM) should be upgraded to at least Update Rollup 3.
- Make sure that the setup is as functional as it was before you applied the updates. For example, check whether you can start the console.
- Change the configuration settings to enable TLS 1.2.
- Make sure that all required SQL Server services are running.
Install updates
1 System Center Operations Manager (SCOM)
2 System Center Virtual Machine Manager (SCVMM)
3 System Center Data Protection Manager (SCDPM)
4 System Center Orchestrator (SCO)
5 Service Management Automation (SMA)
6 Service Provider Foundation (SPF)
7 Service Manager (SM)
Change configuration settings
.NET Framework
Make sure that the .NET Framework 4.6 is installed on all System Center components. To do this, follow these instructions.
TLS 1.2 support
Install the required SQL Server update that supports TLS 1.2. To do this, see the following article in the Microsoft Knowledge Base:
3135244 TLS 1.2 support for Microsoft SQL Server
Required System Center 2016 updates
SQL Server 2012 Native client 11.0 should be installed on all the following System Center components.
Component
|
Role
|
Required SQL Driver
|
Operations Manager
|
Management Server and Web Consoles
|
SQL Server 2012 Native client 11.0 or Microsoft OLE DB Driver 18 for SQL Server (recommended).
Note Microsoft OLE DB Driver 18 for SQL Server is supported with Operations Manager 2016 UR9 and later.
|
Virtual Machine Manager
|
(Not required)
|
(Not required)
|
Orchestrator
|
Management Server
|
SQL Server 2012 Native client 11.0 or Microsoft OLE DB Driver 18 for SQL Server (recommended).
Note Microsoft OLE DB Driver 18 for SQL Server is supported with Orchestrator 2016 UR8 and later.
|
Data Protection Manager
|
Management Server
|
SQL Server 2012 Native client 11.0
|
Service Manager
|
Management Server
|
SQL Server 2012 Native client 11.0 or Microsoft OLE DB Driver 18 for SQL Server (recommended).
Note Microsoft OLE DB Driver 18 for SQL Server is supported with Service Manager 2016 UR9 and later.
|
To download and install Microsoft SQL Server 2012 Native Client 11.0, see this Microsoft Download Center webpage.
To download and install Microsoft OLE DB Driver 18, see this Microsoft Download Center webpage.
For System Center Operations Manager and Service Manager, you must have ODBC 11.0 or ODBC 13.0 installed on all management servers.
Install the required System Center 2016 updates from the following Knowledge Base article:
4043305 Description of Update Rollup 4 for Microsoft System Center 2016
Component
|
2016
|
Operations Manager
|
Update Rollup 4 for System Center 2016 Operations Manager
|
Service Manager
|
Update Rollup 4 for System Center 2016 Service Manager
|
Orchestrator
|
Update Rollup 4 for System Center 2016 Orchestrator
|
Data Protection Manager
|
Update Rollup 4 for System Center 2016 Data Protection Manager
|
Note Make sure that you expand the file contents and install the MSP file on the corresponding role.
SHA1 and SHA2 certificates
System Center components now generate both SHA1 and SHA2 self-signed certificates. This is required to enable TLS 1.2. If CA-signed certificates are used, make sure that the certificates are either SHA1 or SHA2.