Novell ZENworks Configuration Management 11.3
After security update is applied on the Windows 7 for the patch KB 3061518 (MS15-055), the Agent is unable to Authenticate to the Satellite Server and ZEN login fails.
Agent communication failures after KB 3161608 is applied.
Windows System Event log :
Source = Schannel
EventID = 36888
Message = The following fatal alert was generated:P 40. The internal error state is 808
This is fixed in version 11.4 - see KB 7016614 "ZENworks Configuration Management 11 SP4 (11.4.0) - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7016614
See http://support.microfocus.com/kb/doc.php?id=7016807"kb-article-content-field-heading">Additional Information
© Micro Focus.
LAN Trace shows Handshake failure alert (40) during TCP/TLS connection between agent 10.64.64.7 and Linux satellite 10.64.0.15 during Authentication or casa tester.
The satellite negotiates to use DHE key length of 512 bits or less (WEAK) during TLS session from agent, while the Windows security update seems to allow Windows TLS client send a default minimum DHE key length of 1,024 bits. As per the KB using 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. Example is agent using cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA which fails on handshake.