Bug in Microsoft System Center Management Pack for AD CS 2016 Management Pack
There is a bug in this Management Pack which causes it to fail when TLS 1.2 is enforced. The error is:
Topology10.0Discovery.vbs : Unable to connect to the database with the specified configuration string. Please make sure that your connection string is valid and that your credentials are authorized to access the database. Cause: [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.
The bug in the discovery is in Topology10.0Discovery.vbs in this line of code:
GetOpsMgrDBConnectionString = "Provider=SQLOLEDB;Data Source=" & sDBServerName & ";Initial Catalog=" & sDBName & ";Integrated Security=SSPI;"
Provider=SQLOLEDB fails when TLS 1.2 is enforced. Per this article, it should be updated:
SQL Native Client 11 is deprecated (and has been since 2011) and is not supported for SQL Server 2016 according to these MS documents.
We are currently using it as a workaround to the issue mentioned in this User Voice, but, according to the articles by MS, linked above, and this article below, the recommended driver to use for TLS 1.2 compatibility, as of SCOM 2016 UR 9, is the MSOLEDB Driver for SQL Server.
We need all of the AD CS MPs created by Microsoft (and any other MP created by MS) to please be updated to utilize the newly supported/newly recommended MSOLEDB Driver for SQL Server to resolve these issues and support TLS 1.2 security requirements.