Tag: scom 2022

SystemCenter 2022 UR3 released

SystemCenter 2022 UR3 released! This image is from Microsoft blog for datacenter
SystemCenter 2022 UR3 released! This image is from Microsoft blog for datacenter

🚀 System Center 2022 UR3 Released: What You Need to Know

Microsoft has officially released System Center 2022 Update Rollup 3 (UR3), and it’s time to update your environments—especially if you’re focused on monitoring with SCOM (System Center Operations Manager).

📅 Support Lifecycle Highlights

    • SCOM 2019: Extended support until 2029
    • SCOM 2022: Extended support begins in 2027
    • SCOM 2025: Extended support starts in 2030, ending in 2035

🔧 SCOM 2022 UR3 Key Fixes

This update brings several important improvements:

    • ✅ Fixed Favorite Reports failure in Web Console due to HttpParseException
    • ✅ Resolved Teams notifications issues from UR2
    • ✅ Addressed random crashes in global search caused by NullReferenceException
    • ✅ You can now add Dashboards to Workspace (previously blocked in UR1)
    • ✅ Dashboard Performance widget now functions correctly
    • ✅ Fixed WMIProbe workflow failures
    • ✅ Unix/Linux computers view now opens properly in Web Console

📥 Download & Resources

Technical Deep Dive

UR3 resolves a critical issue where global search in the SCOM console would crash due to a NullReferenceException. This fix improves stability for large-scale deployments. Additionally, the WMIProbe workflow fix ensures smoother data collection from Windows endpoints.

💬 Community Engagement

What’s your favorite fix in UR3?

Share your thoughts in the comments below or join the discussion on Viva Engage ‘Have you applied UR3 yet?’

Pro Tip: Use PowerShell scripts to automate dashboard deployment post-update.

📣 Call to Action

Subscribe to the blog for monthly insights on monitoring, automation, and Microsoft ecosystem updates. Stay ahead with expert tips and community-driven solutions.

🧠 Final Thoughts

System Center 2022 is now on a yearly update cadence, unless urgent security patches are needed. If you’re running SCOM 2022, this UR3 release is a must-have to stabilize and enhance your monitoring capabilities.

Resolve HSTS vulnerability CVEs on IIS10

IIS Error 500 – Don’t let a vulnerability cause downtime with your SCOM web console

 

This article will help resolve security HSTS vulnerability CVEs on IIS10.  The steps apply to Windows Server 2016+, to help resolve multiple vulnerabilities, including CVE-2023-23915 CVE-2023-23914 CVE-2017-7789.   There are a few ways to configure IIS, and the blog post will show how to set up HTTP response, and HTTP redirect for the SCOM web console role’d server(s).

 

Setting HSTS on IIS10 to resolve with Server2016 1609

Open PowerShell window as Admin
cd c:\windows\winsxs
gci wow64_microsoft-windows-iis-shared* | ft Name

Example aim for latest directory
NOTE bottom entry based on software versioning

Example output
PS C:\windows\winsxs> gci wow64_microsoft-windows-iis-shared* | ft Name

Name
—-
wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.0_none_48b28891ffe5bdae
wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.1613_none_90c5a57843ef1621
wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.5246_none_90f3a94643cc33e1

# AppCMD lines
.\appcmd.exe set config -section:system.applicationHost/sites “/[name=’Default Web Site’].hsts.enabled:True” /commit:apphost
.\appcmd.exe set config -section:system.applicationHost/sites “/[name=’Default Web Site’].hsts.max-age:31536000” /commit:apphost
.\appcmd.exe set config -section:system.applicationHost/sites “/[name=’Default Web Site’].hsts.includeSubDomains:True” /commit:apphost
.\appcmd.exe set config -section:system.applicationHost/sites “/[name=’Default Web Site’].hsts.redirectHttpToHttps:True” /commit:apphost

 

 

For Server2016 1709 and greater

To add the HSTS Header, follow the steps below:

Open IIS manager.
Select your site.
Open HTTP Response Headers option.
Click on Add in the Actions section.
In the Add Custom HTTP Response Header dialog, add the following values:
Name: Strict-Transport-Security
Value: max-age=31536000; includeSubDomains; preload
Or directly in web.config as below under system.webServer:

<httpProtocol>
<customHeaders>
<add name=”Strict-Transport-Security” value=”max-age=31536000; includeSubDomains; preload” />
</customHeaders>
</httpProtocol>

NOTE iisreset may be required to restart IIS and apply settings

 

 

Verify HTTP Response Headers

From IIS10 (IIS Manager) > click on ‘Default Web Site’ > HTTP Response Headers

Verify Strict-Transport-Security blurb matches

HSTS IIS10 HTTP Response Headers screenshot verifying settings applied

 

 

Set HTTP Redirect

Now to set the HTTP redirect, to prevent denial of service (DoS) attacks.

From IIS10 (IIS Manager) > Expand ‘Default Web Site’ > HTTP Redirect

Screenshot

Default Web Site HTTP Redirect to SCOM web console URL

 

 

From IIS10 (IIS Manager) > Expand ‘Default Web Site’ > go through each Application to set HTTP redirect

Screenshot

Set HSTS HTTP Redirect on other web applications
Set HSTS HTTP Redirect on other web applications

 

Test your web console URL to verify components

 

 

References

NIST CVE-2023-23915 CVE-2023-23914

Mitre CVE-2017-7789

Blog link https://inthetechpit.com/2019/07/17/add-strict-transport-security-hsts-response-header-to-iis-hosted-site/