Hi all,
If you have been following this post:
SCCM-Endpoint Protection: Microsoft Defender Advanced Threat Protection (EDR) for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 (Part 15)
A 9th item that you could run into is the following in your Windows Server 2008 R2 or Windows Server 2012 R2 or Windows Server 2016…
Log Name: Operations Manager
Source: HealthService
Event ID: 2132
Task Category: HTTP Write Action
Level: Error
Computer: MachineName.Contoso.com
Description:
A secure connection could not be negotiated with the service <GUID>.ods.opinsights.azure.com. The article KB3126513 has additional troubleshooting information for connectivity issues. Possible reasons for this include:
The certificate authority “Baltimore CyberTrust Root” is not in the “Third-Party Root Certification Authorities” store. Please add this authority to that store.
TLS 1.0, 1.1, and 1.2 are all disabled.
A suitable cypher suite could not be negotiated.
Other details:
Failure Code: 12175L
<SNIP>
Resolution:
You can download the Baltimore CyberTrust Root certificate from the following website:
https://cacert.omniroot.com/bc2025.crt
Reference:
Baltimore CyberTrust Root certificate – Solution – You experience SSL certificate authentication issues when you use SharePoint Online
Connectivity issues may occur when the Baltimore CyberTrust Root certificate is not installed on client computers that use Microsoft Intune
We had published the following:
Protecting disconnected devices with Microsoft Defender ATP
which has a link to this whitepaper:
Windows security on disconnected devices
<SNIP>
// This last one here, leads to:
Configure a file or web server to download the CTL files
//Windows Servers w/o a network connectivity
Configure Trusted Roots and Disallowed Certificates
// Windows Servers with a network connectivity
Thanks,
Yong