SCOM Installer Failure with RC4 Protocol Disabled
SCOM 1801/1807 installer and discovery wizard fails to work until I had to enable RC4 on the DC, SCOM management server, and the SCOM database server. Please remove the RC4 dependency. I had to find this article to figure out that RC4 was my issue. https://nathangau.wordpress.com/2018/06/22/scom-installer-failure-with-rc4-protocol-disabled/
We should move away from older vulnerable protocols the same way our customers are moving away from them and have no dependencies on these older protocols at the least.
Scott Brown commented
This is a critical issue, and should be addressed with the installer. Microsoft has been telling customers to disable RC4 since 2013, yet neither the 2016 or 2019 versions of SCOM will properly install if it is disabled.
The cause was the the service accounts for action, sdk, reader, and writer had an attribute called msDS-SupportedEncryptionTypes which was set to 0 or non-set. This would cause it to default to RC4. The fix is setting the attribute to 24 to explicitly set it to use AES. References: https://blogs.technet.microsoft.com/runcmd/the-rc4-removal-files-part-1-whats-in-an-error-message/ https://blogs.technet.microsoft.com/runcmd/the-rc4-removal-files-part-2-in-aes-we-trust/ https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6cfc7b50-11ed-4b4d-846d-6f08f0812919
Please remove RC4 dependency. It should be able use whatever is the highest available encryption.