
Enforce TLS 1.2 in SCORCH with PowerShell

This blog contains a PowerShell script which can be used to enforce TLS 1.2 in System Center Orchestrator (SCORCH).

Salient Features of the Script:

  1. Check whether any SCORCH component is installed on the box.
  2. Check if the current version if SCORCH supports TLS 1.2.
  3. Check if the .NET framework supports TLS 1.2.
  4. Check if SQL Native Client 2012 or later is installed.
  5. Check if the SQL server hosting the SCORCH database supports TLS 1.2.
  6. Enable TLS 1.2 registries.
  7. Reboot the machine


  1. Copy the script to any any Server having Orchestrator component.
    #Author: Udishman (Udish) Mudiar
    #Version : 1.0
    #This script will check for pre-requisites to enable TLS 1.2.
    #Check the Orchestrator version and verify if any orchestrator patching is required.
    #Does not need to install the pre-requisites as SQL Native Client will be need provided the SCORCH infrastructure is TLS 1.2 supported.
    #Check if the SQL version hosting SCORCH database is compatible with TLS 1.2
    #Enable all TLS registires as per the article below.
    #Reboot the machine for TLS to take effect.
    #region LogtoFile
    function LogToFile()
    param (
    [validateset("InfoG", "InfoR", "Warning", "Error")][string]$messagetype
    function Green
    process { Write-Host $_ -ForegroundColor Green }
    function Red
    process { Write-Host $_ -ForegroundColor Red }
    $date = Get-Date -Format g
    if($messagetype -eq "InfoG")
    $output= "$message [$messagetype] [$date]"
    Write-Output $output | Green
    Start-Sleep 2
    elseif($messagetype -eq "InfoR")
    $output= "$message [$messagetype] [$date]"
    Write-Output $output | Red
    Start-Sleep 2
    elseif($messagetype -eq "Warning")
    $output= "$message [$messagetype] [$date]"
    Write-Warning $output
    Start-Sleep 2
    elseif($messagetype -eq "Error")
    $output= "$message [$messagetype] [$date]"
    Write-Error $output -ErrorAction Stop
    Start-Sleep 2
    #region Get-SCORCHComponents
    Function Get-SCORCHComponents()
    Write-host "------------------------------------------------------------------------------------------------------------------------------------------------"
    Write-Host "Checking for the SCORCH components installed on the machine. Only Management Server, Runbook Server and Runbook Desginer should have TLS 1.2 .." -ForegroundColor Cyan
    Start-Sleep 2
    $location=Read-Host "`nIs your SCORCH installed in the default location?(C:\Program Files (x86)) (Y/N)"
    if($location -eq "Y")
    $SCORCH2012R2Path="C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator"
    $OtherSCORCHPath="C:\Program Files (x86)\Microsoft System Center\Orchestrator"
    if(Test-Path $SCORCH2012R2Path)
    $SCORCHComponentsInstalled=Get-ChildItem -Path $SCORCH2012R2Path
    elseif(Test-Path $OtherSCORCHPath)
    $SCORCHComponentsInstalled=Get-ChildItem -Path $OtherSCORCHPath
    LogToFile -message "`nNo SCORCH component found in default path. Exiting.." -messagetype "InfoR"
    Start-Sleep 2
    else {
    $SCORCHPath=Read-Host "`nEnter your full SCORCH installation path. E.x: C:\Program Files (x86)\Microsoft System Center\Orchestrator"
    if(Test-Path $SCORCHPath)
    $SCORCHComponentsInstalled=Get-ChildItem -Path $SCORCHPath
    LogToFile -message "`nNo SCORCH component found in given path. Exiting.." -messagetype "InfoR"
    Start-Sleep 2
    foreach($SCORCHComponentInstalled in $SCORCHComponentsInstalled)
    if($SCORCHComponentInstalled.Name -eq "Management Server" )
    if(Get-Item -Path "$path\management server\ManagementService.exe" -ErrorAction SilentlyContinue)
    $componentsfound += $SCORCHComponentInstalled.Name
    elseif($SCORCHComponentInstalled.Name -eq "Runbook Server")
    if(Get-Item -Path "$path\runbook server\RunbookService.exe" -ErrorAction SilentlyContinue)
    $componentsfound += $SCORCHComponentInstalled.Name
    elseif($SCORCHComponentInstalled.Name -eq "Runbook Designer" )
    if(Get-Item -Path "$path\runbook designer\runbookDesigner.exe" -ErrorAction SilentlyContinue)
    $componentsfound += $SCORCHComponentInstalled.Name
    if($componentsfound -ne $null)
    for($i=0;$i -lt $componentsfound.Count; $i++)
    Write-host "`nPassed: $($componentsfound["$i"]) is found" -ForegroundColor Green
    Write-Host "--------------------------------------------------------------------------------------------------------------------------"
    LogToFile -message "`nNo Orchestrator Components found in the machine $(hostname). Exiting.. " -messagetype "InfoR"
    Start-Sleep 2
    #region Get-FileVersion
    Function Get-FileVersion($filepath)
    try {
    $VersionInfo = (Get-Item $filepath).VersionInfo
    catch {
    $ErrorMessage = $_.Exception.Message
    LogToFile -Message $ErrorMessage -messagetype "Error"
    $FileVersion = ("{0}.{1}.{2}.{3}" -f $VersionInfo.FileMajorPart,
    #region Get-SCORCHVersion
    Function Get-SCORCHVersion()
    foreach($component in $componentsfound)
    #The logic here is to check the version of the component and if any of the component is found that the other components are not checked assuming we have the same patch for each component.
    #The script is not to validate whether proper patching is been done.
    $SCORCH2012R2Path="C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator"
    $OtherSCORCHPath="C:\Program Files (x86)\Microsoft System Center\Orchestrator"
    if($component -eq "Management Server")
    if(Test-Path $SCORCH2012R2Path)
    $SCORCHMSFilePath="C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Management Server\ManagementService.exe"
    elseif(Test-Path $OtherSCORCHPath)
    $SCORCHMSFilePath="C:\Program Files (x86)\Microsoft System Center\Orchestrator\Management Server\ManagementService.exe"
    if($component -eq "Runbook Server")
    if(Test-Path $SCORCH2012R2Path)
    $SCORCHRBSFilePath="C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Management Server\runbookservice.exe"
    elseif(Test-Path $OtherSCORCHPath)
    $SCORCHRBSFilePath="C:\Program Files (x86)\Microsoft System Center\Orchestrator\runbook server\runbookservice.exe"
    if($component -eq "Runbook Designer")
    if(Test-Path $SCORCH2012R2Path)
    $SCORCHRBDFilePath="C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Management Server\runbookdesigner.exe"
    elseif(Test-Path $OtherSCORCHPath)
    $SCORCHRBDFilePath="C:\Program Files (x86)\Microsoft System Center\Orchestrator\runbook designer\runbookdesigner.exe"
    #region Get-SCORCHVersionList
    Function Get-SCORCHVersionList($version)
    Write-Host "Checking for TLS 1.2 compatible SCORCH version .." -ForegroundColor Cyan
    Start-Sleep 2
    $versionlookuptables=$versionlookuptables.GetEnumerator() | Sort-Object Name
    foreach($versionlookuptable in $versionlookuptables)
    if($versionlookuptable.value -eq $version)
    LogToFile -message "`nPassed: SCORCH version is compatible with TLS 1.2. Current version is $($versionlookuptable.name)" -messagetype "InfoG"
    Start-Sleep 2
    LogToFile -message "`nFailed: SCORCH version is not compatible with TLS 1.2. Exiting .." -messagetype "InfoR"
    Start-Sleep 2
    #region Get-DotNetVersion
    Function Get-DotNetVersion()
    Write-host "--------------------------------------------------------------------------------------------------------------------------"
    Write-Host "Checking .Net Framework Version is 4.6 or later .." -ForegroundColor Cyan
    Start-Sleep 2
    $Lookups = ConvertFrom-Csv 'Version|Release
    ' -Delimiter "|"
    try {
    $value=Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full'
    catch {
    $ErrorMessage = $_.Exception.Message
    LogToFile -message ".Net Registry not found" -messagetype "InfoR"
    LogToFile -Message $ErrorMessage -messagetype "Error"
    foreach($lookup in $lookups)
    if($value -eq $lookup.release)
    if($DotNetversion -ne $Null)
    LogToFile -message "`nPassed: .Net version installed is greater than 4.6. Current version: $($lookup.version)" -messagetype "InfoG"
    Start-Sleep 2
    LogToFile -message "Failed: .Net version is less than 4.6. Exiting script.." -messagetype "InfoR"
    Start-Sleep 2
    #region Check-PreRequisitesSoftware
    Function Check-PreRequisitesSoftware()
    Write-host "--------------------------------------------------------------------------------------------------------------------------"
    Write-Host "Checking if SQL Native Client 2012 or later is installed .." -ForegroundColor Cyan
    Start-Sleep 2
    try {
    $SQLNativeClient=(Get-ItemProperty "HKLM:SOFTWARE\Microsoft\SQLNCLI11").InstalledVersion
    catch {
    LogToFile -message "SQL Native Client Registry not found" -messagetype "InfoR"
    LogToFile -Message $ErrorMessage -messagetype "Error"
    if($SQLNativeClient -ge 11.0)
    LogToFile -message "`nPassed: SQL Server 2012 Native client 11.0 or later is installed." -messagetype "InfoG"
    Start-Sleep 2
    Write-host "--------------------------------------------------------------------------------------------------------------------------"
    LogToFile -message "Warning: SQL Native Client 2012 is not installed" -messagetype "Warning"
    Start-Sleep 2
    #region Check-SQLVersion
    Function Get-SQLVersion(){
    Write-host "--------------------------------------------------------------------------------------------------------------------------"
    Write-Host "Checking if SQL instance hosting Orchestrator database in TLS 1.2 compatible.. `n" -ForegroundColor Cyan
    Start-Sleep 2
    Function SQLQueryExecution()
    #Getting the SQL version by running a query against the SCORCH SQL instance
    $dataSource = Read-Host "Enter the SQL Instance name hosting the SCORCH database e.g: SQL\Instance"
    $database = Read-Host "Enter the SCORCH database name e.g: Orchestrator"
    $connectionString = "Server=$dataSource;Database=$database;Integrated Security=True;"
    $connection = New-Object System.Data.SqlClient.SqlConnection
    $connection.ConnectionString = $connectionString
    $query = "SELECT SERVERPROPERTY('ProductVersion') AS 'Version'"
    $command = $connection.CreateCommand()
    $command.CommandText = $query
    $result = $command.ExecuteReader()
    $global:table = new-object "System.Data.DataTable"
    $ErrorMessage = $_.Exception.Message
    LogToFile -message $ErrorMessage -messagetype "Error"
    #Calling SQL query to get the version
    if($table -eq $null)
    LogToFile -message "Unable to fetch SQL version. Exiting script.." -messagetype "InfoR"
    Start-Sleep 2
    #Checking the SQL version TLS compatibility according to the below article
    if($MajorVersion -ge 13)
    Logtofile -message "`nPassed: SQL version is greater than or equal to 2016 and supports TLS 1.2 out-of-box." -messagetype "InfoG"
    Start-Sleep 2
    elseif($MajorVersion -eq 12)
    if(4439 -ge $MinorVersion -le 4522)
    Logtofile -message "`nPassed: SQL version is 2014 SP1 CU5 or higher and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(4219 -ge $MinorVersion -le 4237)
    Logtofile -message "`nPassed: SQL version is 2014 SP1 GDR or higher and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(2564 -ge $MinorVersion -le 2569)
    Logtofile -message "`nPassed: SQL version is 2014 RTM or higher and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif($MinorVersion -eq 2271)
    Logtofile -message "`nPassed: SQL version is 2014 RTM GDR and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif($MajorVersion -eq 11)
    if(6216 -ge $MinorVersion -le 6615)
    Logtofile -message "`nPassed: SQL version is 2012 SP3 GDR and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(6518 -ge $MinorVersion -le 6598)
    Logtofile -message "`nPassed: SQL version is 2012 SP3 CU and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(5352 -ge $MinorVersion -le 5388)
    Logtofile -message "`nPassed: SQL version is 2012 SP2 GDR and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(5644 -ge $MinorVersion -le 5678)
    Logtofile -message "`nPassed: SQL version is 2012 SP2 CU and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif($MajorVersion -eq 10)
    if(6542 -ge $MinorVersion -le 6560)
    Logtofile -message "`nPassed: SQL version is 2008 R2 SP3 (x86/x64 only) and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(4046 -ge $MinorVersion -le 4047)
    Logtofile -message "`nPassed: SQL version is 2008 R2 SP2 GDR (IA-64 only) and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(4343 -ge $MinorVersion -le 4344)
    Logtofile -message "`nPassed: SQL version is 2008 R2 SP2 CU (IA-64 only) and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(6547 -ge $MinorVersion -le 6556)
    Logtofile -message "`nPassed: SQL version is 2008 SP4 and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(5544 -ge $MinorVersion -le 5545)
    Logtofile -message "`nPassed: SQL version is 2008 SP3 GDR (IA-64 only) and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    elseif(5894 -ge $MinorVersion -le 5896)
    Logtofile -message "`nPassed: SQL version is 2008 SP3 CU (IA-64 only) and supports TLS 1.2" -messagetype "InfoG"
    Start-Sleep 2
    else {
    LogToFile -message "`n Failed: SQL version is not TLS 1.2 compatible. Exiting.." -messagetype "InfoR"
    Start-Sleep 2
    #region Enable-TLS1.2
    Function Enable-TLS1.2()
    Write-host "--------------------------------------------------------------------------------------------------------------------------"
    $temp=Read-Host "Do you want to enable TLS 1.2? (Y/N)"
    if($temp -eq "N")
    LogToFile -message "Exiting Script.." -messagetype "InfoR"
    Start-Sleep 2
    else {
    Write-Host "`nEnabling TLS 1.2 registries.." -ForegroundColor Cyan
    Start-Sleep 2
    Write-Host "`nBacking up TLS registries before modifying them. The Path is" -ForegroundColor Yellow
    try {
    New-Item -ItemType Directory -path (Get-Location).Path -Name "Registrybackup_($(Get-Date -Format MM-dd-yyyy_HH_mm_ss))" | Out-Null
    catch {
    LogToFile -message "Unable to create registry backup folder" -messagetype "InfoR"
    LogToFile -Message $ErrorMessage -messagetype "Error"`
    $PSPath=(Get-ChildItem -Path (Get-Location).Path -Directory -Filter registry* | Sort-Object -Descending | Select-Object -first 1).fullname
    Write-Host $pspath
    Reg export HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols $pspath\Protocols.reg
    Reg export HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 $pspath\v4030319.reg
    Reg export HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 $pspath\WOW6432Nodev4030319.reg
    Reg export HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 $pspath\v2050727.reg
    Reg export HKLM\Software\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 $pspath\WOW6432Nodev2050727.reg
    #Copied this section from the official TLS1.2 documentation
    $ProtocolList = @("SSL 2.0","SSL 3.0","TLS 1.0", "TLS 1.1", "TLS 1.2")
    $ProtocolSubKeyList = @("Client", "Server")
    $DisabledByDefault = "DisabledByDefault"
    $Enabled = "Enabled"
    $registryPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\"
    foreach($Protocol in $ProtocolList)
    foreach($key in $ProtocolSubKeyList)
    $currentRegPath = $registryPath + $Protocol + "\" + $key
    #Write-Host " Current Registry Path $currentRegPath"
    if(!(Test-Path $currentRegPath))
    New-Item -Path $currentRegPath -Force | out-Null
    if($Protocol -eq "TLS 1.2")
    New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
    New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null
    New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "1" -PropertyType DWORD -Force | Out-Null
    New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "0" -PropertyType DWORD -Force | Out-Null
    #Write-host "--------------------------------------------------------------------------------------------------------------------------"
    Write-Host "`nTighten up the .NET Framework to use only TLS 1.2.." -ForegroundColor Cyan
    Start-Sleep 2
    #Harden to use only TLS 1.2
    # Tighten up the .NET Framework
    $NetRegistryPath = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
    If (!(Test-Path $NetRegistryPath))
    New-Item -Path $NetRegistryPath -Force | Out-Null
    New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null
    $NetRegistryPath = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319"
    If (!(Test-Path $NetRegistryPath))
    New-Item -Path $NetRegistryPath -Force | Out-Null
    New-ItemProperty -Path $NetRegistryPath -Name "SchUseStrongCrypto" -Value "1" -PropertyType DWORD -Force | Out-Null
    #Write-host "--------------------------------------------------------------------------------------------------------------------------"
    Write-Host "`nEnabling registries for Intergration Packs (IPs) to use TLS 1.2.." -ForegroundColor Cyan
    Start-Sleep 2
    #registries change to enable Intergration Packs (IPs) to use TLS 1.2
    $NetRegistryPath = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727"
    If (!(Test-Path $NetRegistryPath))
    New-Item -Path $NetRegistryPath -Force | Out-Null
    New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
    $NetRegistryPath = "HKLM:\Software\Wow6432Node\Microsoft\.NETFramework\v2.0.50727"
    If (!(Test-Path $NetRegistryPath))
    New-Item -Path $NetRegistryPath -Force | Out-Null
    New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
    $NetRegistryPath = "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319"
    If (!(Test-Path $NetRegistryPath))
    New-Item -Path $NetRegistryPath -Force | Out-Null
    New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
    $NetRegistryPath = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319"
    If (!(Test-Path $NetRegistryPath))
    New-Item -Path $NetRegistryPath -Force | Out-Null
    New-ItemProperty -Path $NetRegistryPath -Name "SystemDefaultTlsVersions" -Value "1" -PropertyType DWORD -Force | Out-Null
    #Checking if all the registries and the values are correct
    $Tempvar1=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").DisabledByDefault
    $Tempvar2=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client").Enabled
    $Tempvar3=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").DisabledByDefault
    $Tempvar4=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client").Enabled
    $Tempvar5=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").DisabledByDefault
    $Tempvar6=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client").Enabled
    $Tempvar7=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").DisabledByDefault
    $Tempvar8=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client").Enabled
    $Tempvar9=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").DisabledByDefault
    $Tempvar10=(Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client").Enabled
    $Tempvar11=(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto
    $Tempvar12=(Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319").SchUseStrongCrypto
    $Tempvar13=(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727").SystemDefaultTlsVersions
    $Tempvar14=(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319").SystemDefaultTlsVersions
    $Tempvar15=(Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727").SystemDefaultTlsVersions
    $Tempvar16=(Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319").SystemDefaultTlsVersions
    if($Tempvar1 -eq 1 -and $Tempvar2 -eq 0 -and $Tempvar3 -eq 1 -and $Tempvar4 -eq 0 -and $Tempvar5 -eq 1 -and $Tempvar6 -eq 0 -and $Tempvar7 -eq 1 -and $Tempvar8 -eq 0 -and $Tempvar9 -eq 0 -and $Tempvar10 -eq 1 -and $Tempvar11 -eq 1 -and $Tempvar12 -eq 1 -and $Tempvar13 -eq 1 -and $Tempvar14 -eq 1 -and $Tempvar15 -eq 1 -and $Tempvar16 -eq 1)
    LogToFile -message "`nPassed: All TLS registires are created and values are correct." -messagetype "InfoG"
    Write-host "--------------------------------------------------------------------------------------------------------------------------"
    Start-Sleep 2
    LogToFile -message "`nFailed: All TLS registires are rither not created or values are working. Exiting .." -messagetype "InfoR"
    Write-host "--------------------------------------------------------------------------------------------------------------------------"
    Start-Sleep 2
    #region Reboot-Server
    Function Reboot-Server()
    $a = new-object -comobject wscript.shell
    $ConsoleAnswer = $a.popup("REBOOT this server NOW?",0,"REBOOT?",4)
    IF($ConsoleAnswer -eq 6)
    Write-host "Reboot was selected. Rebooting server NOW."
    Start-Sleep 2
    LogToFile -message `n"You chose not to reboot. We must REBOOT the server before settings will take effect." -messagetype "InfoR"
    Start-Sleep 5
    #region Main
    Function Main()
    Write-Host "Starting script to check if all the pre-requisites to enable TLS 1.2 are passed and enabling TLS 1.2 for SCORCH .." -ForegroundColor Magenta
    Start-Sleep 2
    #Script calling starts here
  2. Run the script in PowerShell with administrator privilege. Make sure the user also has read access to the Orchestrator Database. Here is how a sample output will look like.

Hope it was helpful. If you come across any BUG please comment.


Explore, Learn, Share, Repeat!


Recent Posts

Supported UNIX/LINUX Operating System in SCOM

This is a single list of all the supported UNIX/LINUX Operating System in SCOM. (more…)

54 years ago

Monitoring Rocky Linux in SCOM

Release!! SCOM 2019 UR4 and SCOM 2022 onwards support Rocky Linux 8 monitoring. In this…

54 years ago

Monitoring Alma Linux in SCOM

Release!! SCOM 2019 UR4 and SCOM 2022 onwards support Alma Linux 8 monitoring. In this…

54 years ago

Monitoring Ubuntu 20/Debian 10/Debian 11/Oracle Linux 8 in SCOM

“A picture is worth a hundreds words” : News!! News!! SCOM 2019 UR3 supports Ubuntu20.04/Debian10/Debian…

54 years ago

SCOM SCX Agent Versions

  System Center Operations Manager UNIX/LINUX (SCX) Agent Version List (more…)

54 years ago

Dual Home SCOM UNIX/LINUX Agents and Migrate – Part 2

Continuing from Part 1  where I explained how to dual home SCOM UNIX/LINUX agents (the…

54 years ago