The OpsMgr UNIX/Linux monitoring team at Microsoft is
currently investigating an issue that results in heartbeat failures on
Operations Manager UNIX/Linux agents after the security update
KB2585542 is applied to a Management Server or Gateway. This update
fixes a vulnerability in SSL/TLS1.0, but appears to cause WS-Management
connections to UNIX/Linux agents to fail.
There are two viable
workarounds (which must be applied to all Mgmt Servers and Gateways that manage
UNIX/Linux agents):
- Uninstall the update
KB2585542
- Make a registry modification to
disable the SecureChannel changes implemented in the update
Note: the registry
modification described here and in the KB article effectively disables the
security fix that the update implements, so the modified system is subject to
the same vulnerability as an unpatched system.
Modifying the registry to disable the SecureChannel changes:
- A “FixIt” package is available in
the KB article under
the Known
Issues section that can be used to disable the
security update
- Alternatively, you can
add the 32bit DWORD value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
\SecurityProviders\SCHANNEL\
SendExtraRecord = 2
These changes take effect
immediately and do not require a reboot.
沒有留言:
張貼留言