Microsoft KB2992611 and the Cisco PSA

Ran into a pretty big issue with my lab UCS Director environment and my ability to perform PowerShell requests through the Cisco PowerShell Agent. I started to get messages in the PSA logs related to SSPI failed with inner exception errors. A little searching on SSPI failures and the PSA netted a snippet in the UCS Director 5.1 PowerShell Agent install document that stated that the errors were caused (mind you, only on Windows Server 2012 R2 and Windows 8.1) by a particular patch that new TLS cipher suites being added and priorities changed.

I was left with a head scratcher, since my PowerShell Agent host was Windows Server 2008 R2. Then I started searching through a recent installation of Windows Update patches. Upon searching, I found this patch, KB2992611 (http://support.microsoft.com/kb/2992611). It appears new TLS ciphers were pushed down to Windows Server 2008 and 2003 versions. I tried to follow the documentation in the KB article to try to resolve the issues, but was unable to get the PSA to work. I had to resort to uninstalling the patch to resolve the issue.

From the looks of it, it appears Microsoft has released a possible second patch to resolve the issues 2992611 causes. Once I can get back in my lab, I’m going to install KB2992611 and the secondary patch KB3018238 to see if that resolves the issues or not. I’ll report back once I can do that.

UPDATE: It appears the recent addition of KB3018238 to the original patch resolved my issues. Need to keep an eye out to see if Cisco updates the PSA, just in case Microsoft decides to re-enable the cipher suites and/or orders of them in the system.

Either way, if you PSA broke recently (especially on Windows 2003 or 2008), this is the likely culprit.

Advertisements

About snoopj

vExpert 2014/2015/2016/2017, Cisco Champion 2015/2016/2017, NetApp United 2017. Virtualization and data center enthusiast. Working too long and too hard in the technology field since college graduation in 2000.
This entry was posted in Technical and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s