URL test as user works, as service fails.

zendesigner · Post by **zendesigner** » Thu Oct 12, 2006 6:49 am

Hello,

I'm testing a rilo board for the presence of the logon screen.
The logon is a Https page which contains the words "Account Login"

for example "https://101-0012829/login.htm"

When i test this with a hostmonitor that is running under my Enterprise admin account , it works fine.

When i test this with the service account running a technical key that is also enterprise admin, i get the error "bad contents".

Any idea why this happens ? the rilo board has a certificate that i ignore (setting test) but no other authentication exists on the board.

Bart

JuergenF · Post by **JuergenF** » Thu Oct 12, 2006 7:02 am

1. possible different Proxy settings ?
2. Name resolution problem ? Try with IP-address instead of name

KS-Soft Europe · Post by **KS-Soft Europe** » Thu Oct 12, 2006 7:09 am

zendesigner wrote:When i test this with the service account running a technical key that is also enterprise admin, i get the error "bad contents".

I suppose, you should assign "Log on as service" privilege to the technical account, that is used to start ostMonitor service. You may do it using Local Security Policy applet (Start > Run > secpol.msc > Local Policies > User Right Assignment > Log on as a service).

Do not forget to restart HostMonitor service.

Regards,
Max

zendesigner · Post by **zendesigner** » Thu Oct 12, 2006 7:59 am

hi max,

thanks for your reply,

That's not really the problem , i manage the security rights myself with gpo's, The service starts without problem.the technical account works and logs on to all servers.

The point is that the service account for some reason on a NON windows device that displays a webpage (HP RILO boards) fails to retrieve content.

On the same device with my Enterprise admin account running hostmonitor under my session it is no problem.

Rilo boards don't have "allow logon to service" settings.

SO when i swith from my correct user session and start up the service, the test goes from OK to Bad Content

Bart

KS-Soft Europe · Post by **KS-Soft Europe** » Thu Oct 12, 2006 8:13 am

zendesigner wrote:SO when i swith from my correct user session and start up the service, the test goes from OK to Bad Content

I assume, HostMonitor is started as application, not as service, when you check URL with your correct account, right? Windows uses a bit different authentification mechanism for services, because service works when you are logged in and it works after you are logged off either. So, "Log on as service" priviledge is required for the accounts, that are used to start services. BTW, standard windows Services applet (services.msc) assign such priviledge by default for the accounts, you have specified to start any service.

Regards,
Max

zendesigner · Post by **zendesigner** » Thu Oct 12, 2006 8:41 am

Hi max,

Yes i know all that, i'm an GPo/AD administrator for a company of 65.000 nodes

The point is:

With the same account ! testing an URL of a RILO Board (NON windows) with HTTPS test looking for content :

Running under local session= TEST ok , content Found
stop hostmonitor , start as
Running under service= TEST nok content not found.

The service starts ok with the technical account and thus HAS "logon as a service".

It can't be related to windows USER rights as the device is an inside management board in a server running a webpage (same as a router)

@juergen

possible different Proxy settings ?
2. Name resolution problem ? Try with IP-address instead of name

That's maybe a possibility , i'll try with direct ip address.

JuergenF · Post by **JuergenF** » Thu Oct 12, 2006 10:39 am

maybe it is a possible workaround for you to use a TCP connection test on port 443 (https).

Not exactly the same but a suggestion

KS-Soft · Post by **KS-Soft** » Thu Oct 12, 2006 3:59 pm

SO when i swith from my correct user session and start up the service, the test goes from OK to Bad Content

Sounds like web server returns Ok HTTP code and the page but web page does not contain "Account Login" words. Could you assign some alert (e.g. Send e-mail) to the test and use %httppage% macro variable to check what exactly data is retrieved in service mode?

Regards
Alex

zendesigner · Post by **zendesigner** » Thu Oct 12, 2006 11:09 pm

hi guy's thanks for your help.

I found it in the mean time.

When configuring the test the bottom Two options in regards to ignoring the certificate "https:accept certificates with invalid hostname" and https:accept certificates with invalid date" were greyed out!

I thought they weren't available because they were greyed out. but apparently when you the click on them they become black and you can activate or disactivate them.

I activated them now and the test works now under my service account.

SO maybe have them active/black by default might be a better option in the gui.

Thanks

Bart

KS-Soft · Post by **KS-Soft** » Fri Oct 13, 2006 11:09 am

Quote from the manual

By default these options are greyed out, this means HostMonitor should use global options specified on Misc page in the Options dialog. If you mark or unmark test options, these settings will override global options (for this specific test item only).

Regards
Alex

KS-Soft

URL test as user works, as service fails.

URL test as user works, as service fails.

Re: URL test as user works, as service fails.

as an alternative use TCP connection tests for port 443