I have found that if you use self-signed certificates, you will absolutely need to follow this requirement - otherwise you will have deployments that utilize the Guest Agent stuck at "CustomizeOS" state and never finish deployment. The Guest Agent start up script uses OpenSSL to grab the IaaS server certificate and this fails for self-signed certs over TLS1.2.
The security protocol settings are available in the registry only. Fortunately, you can use this handy utility to manage your protocol settings on IIS instead of hunting through the registry. Or, if you like, refer to Microsoft KB 245030 for the officially supported method. Essentially, both will change the reg key as shown below....
Do you know if the Pre-Req script Brian has written takes care of this?
ReplyDelete@Mark J, I do not see such check in the pre-req checker
ReplyDeletehttps://raw.githubusercontent.com/vtagion/Scripts/master/vCAC61-PreReq-Automation.ps1
Thanks!!!. Agent stuck at "CustomizeOS" state in my case.
ReplyDeleteThere were two reasons for this-
1.TLS was not disabled.
2. Two .dll files (ssleay32.dll and libeay32.dll) were missing in the agent setup files.(I am using vRA Build 6.2.2-2754020)
Hi
DeleteWhere did you get those missing files from?
I think I am having the same issue
Thank you