Environment
Novell ZENworks Configuration Management 11.3
Situation
After security update is applied on the Windows 7 for the patch KB 3061518 (MS15-055), the Agent is unable to Authenticate to the Satellite Server and ZEN login fails.
Or
Agent communication failures after KB 3161608 is applied.
ERROR:
Windows System Event log :
Source = Schannel
EventID = 36888
Message = The following fatal alert was generated:P 40. The internal error state is 808
Resolution
This is fixed in version 11.4 - see KB 7016614 "ZENworks Configuration Management 11 SP4 (11.4.0) - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7016614
See http://support.microfocus.com/kb/doc.php?id=7016807"kb-article-content-field-heading">Additional Information
© Micro Focus.
Please see Terms of Use applicable to this content.
LAN Trace shows Handshake failure alert (40) during TCP/TLS connection between agent 10.64.64.7 and Linux satellite 10.64.0.15 during Authentication or casa tester.
The satellite negotiates to use DHE key length of 512 bits or less (WEAK) during TLS session from agent, while the Windows security update seems to allow Windows TLS client send a default minimum DHE key length of 1,024 bits. As per the KB using 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. Example is agent using cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA which fails on handshake.
logjam