We are running BigFix/LMT on a Win 2K12 R2 server with an MSSQL 2014 Express database. I upgraded the BigFix Server from 10.0.4.32 to 10.0.5.50. The upgrade was successful. Once done, I went to the BigFix console and upgrade LMT from 9.2.25.0 to 9.2.26.0. That process also seems to have gone successfully. The tema and other logs show a successful update. But I am unable to open the LMT URL on port 9081 for the first time. Usually, in prior updates it would open and go through some schema setup and then give me the login, but this time around, multiple browsers will not bring up the page. I have restarted the LMT service and rebooted the Windows server as well.

I have verified that a java process is running on port 9081. I do not have a CA signed cert, just the default self signed cert that comes with the product.

C:\Windows\system32>pslist | find "3408"

javaw 3408 8 46 786 1079280 0:01:20.531 0:39:35.170

C:\Windows\system32>netstat -ano | find "9081"

TCP 0.0.0.0:9081 0.0.0.0:0 LISTENING 3408

[12/14/21 14:02:11:107 UTC] 00000021 com.ibm.ws.webcontainer.webapp I SRVE0292I: Servlet Message - [tema]:.[ERROR] Cannot connect to the database: Java::ComMicrosoftSqlserverJdbc::SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12]". ClientConnectionId:db05dc4c-d09f-4ecd-b512-9fd5590ba9f8.

The next try for 60 seconds.

Please notice License Metric Tool enforces using HTTPS with TLS 1.2.

https://www.ibm.com/docs/en/license-metric-tool?topic=tool-whats-new

It seems you are using TLS 1.1 for communication with MSSQL.

Please enable TLS 1.2 on database side:

https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe

or visit

https://www.ibm.com/docs/en/license-metric-tool?topic=problems-security

and go to section:

To disable TLS 1.2, perform the following steps.

Also please ensure you're using HTTPS link for the LMT console.

Piotr:

Thank you for that answer. Currently I have disabled the TLS v.12 in the server.xml and in java security (https is still enabled) and verified that I can connect to the LMT console, upgraded the TEMA schema and run my imports. Once this is stable, I will then apply the steps to enable TLS v1.2 on the SQL server and renable it on the server.xml and java.security. Thank you for that detailed explanation.