Ran into a pretty big issue with my lab UCS Director environment and my ability to perform PowerShell requests through the Cisco PowerShell Agent. I started to get messages in the PSA logs related to SSPI failed with inner exception errors. A little searching on SSPI failures and the PSA netted a snippet in the UCS Director 5.1 PowerShell Agent install document that stated that the errors were caused (mind you, only on Windows Server 2012 R2 and Windows 8.1) by a particular patch that new TLS cipher suites being added and priorities changed.
I was left with a head scratcher, since my PowerShell Agent host was Windows Server 2008 R2. Then I started searching through a recent installation of Windows Update patches. Upon searching, I found this patch, KB2992611 (http://support.microsoft.com/kb/2992611). It appears new TLS ciphers were pushed down to Windows Server 2008 and 2003 versions. I tried to follow the documentation in the KB article to try to resolve the issues, but was unable to get the PSA to work. I had to resort to uninstalling the patch to resolve the issue.
From the looks of it, it appears Microsoft has released a possible second patch to resolve the issues 2992611 causes. Once I can get back in my lab, I’m going to install KB2992611 and the secondary patch KB3018238 to see if that resolves the issues or not. I’ll report back once I can do that.
UPDATE: It appears the recent addition of KB3018238 to the original patch resolved my issues. Need to keep an eye out to see if Cisco updates the PSA, just in case Microsoft decides to re-enable the cipher suites and/or orders of them in the system.
Either way, if you PSA broke recently (especially on Windows 2003 or 2008), this is the likely culprit.