client certificate doesn't work on win2003 64 Bit
client certificate doesn't work on win2003 64 Bit
Hi,
I startet to transfer Hostmonitor to a 64 bit Windos 2003 server. All test are done correctly besides the ones with client authentication.
Any idea how I can fix this ?
Thanks a lot.
george
I startet to transfer Hostmonitor to a 64 bit Windos 2003 server. All test are done correctly besides the ones with client authentication.
Any idea how I can fix this ?
Thanks a lot.
george
ad 1: I'm using the latest version (8.68)
ad 2: see below
ad 3: status is bad; the test isn't seen in the webserver log (doesn't reach the webserver)
ad 4: I can see the certificates only when I do administration as system account.
The same test works in a windows server 2003 32 bit environment where I can also see the certificates of the service in interaction mode.
- Test Details:
Method = Url
Title = RCI: rcisync2.webapps.local
Comment =
RelatedURL =
ScheduleMode= Regular
Schedule = 7 Days, 24 Hours
Interval = 600
Alerts = Folder-Gruppen Alarmierung (Hot)
ReverseAlert= No
UnknownIsBad= Yes
WarningIsBad= Yes
UseCommonLog= Yes
PrivLogMode = Default
CommLogMode = Default
;--- Test specific properties ---
URL = https://rcisync2.webapps.local:443/server-status/
UrlUseMacros= No
is302ok = Yes
IgnoreUnknCA= No
UseFrames = No
UseImages = No
CheckContents = contain
Expression = Server uptime
CaseSensitive = No
WholeWordsOnly= No
ExprUseMacros = No
CertHash = %F7%88%40%02%12%D3%64%BB%43%15%B9%1A%C8%38%B1%A3%14%85%72%5E
ad 2: see below
ad 3: status is bad; the test isn't seen in the webserver log (doesn't reach the webserver)
ad 4: I can see the certificates only when I do administration as system account.
The same test works in a windows server 2003 32 bit environment where I can also see the certificates of the service in interaction mode.
- Test Details:
Method = Url
Title = RCI: rcisync2.webapps.local
Comment =
RelatedURL =
ScheduleMode= Regular
Schedule = 7 Days, 24 Hours
Interval = 600
Alerts = Folder-Gruppen Alarmierung (Hot)
ReverseAlert= No
UnknownIsBad= Yes
WarningIsBad= Yes
UseCommonLog= Yes
PrivLogMode = Default
CommLogMode = Default
;--- Test specific properties ---
URL = https://rcisync2.webapps.local:443/server-status/
UrlUseMacros= No
is302ok = Yes
IgnoreUnknCA= No
UseFrames = No
UseImages = No
CheckContents = contain
Expression = Server uptime
CaseSensitive = No
WholeWordsOnly= No
ExprUseMacros = No
CertHash = %F7%88%40%02%12%D3%64%BB%43%15%B9%1A%C8%38%B1%A3%14%85%72%5E
Not sure I understand you.ad 4: I can see the certificates only when I do administration as system account.
The same test works in a windows server 2003 32 bit environment where I can also see the certificates of the service in interaction mode.
Does "I do administration as system account" means you have started HostMonitor as Win32 service under Local System account? In such case you should specify account with administrator rights using HostMonitor options located on Service page in the Options dialog (HostMonitor Options dialog).
Otherwise HostMonitor will not be able to perform tests like CPU Usage, Process, Service, UNC, some options of URL test may not work as well.
Also, if you installed certificate into local computer certificate store, then you should add the UseLocalCertStore=1 line into [Misc] section of the hostmon.ini file and restart HostMonitor.
Or may be you already using this option while certificate is installed in user's certificate store? Then you should remove this line from hostmon.ini file or replace it with UseLocalCertStore=0
Next: if HostMonitor GUI shows certificate and you may select it but test returns Bad status, this means there are some problems with certificate. E.g. certificate is expired. In such case you may use options located on Misc page in the Options dialog:
Accept SSL/PCT certificates with invalid host name
Disables function checking of SSL/PCT-based certificates that are returned from the server against the host name given in the request.
Accept SSL/PCT certificates with invalid dates
Disables function checking of SSL/PCT-based certificates for proper validity dates.
Plus there are some options available on test level:
HTTPS: Ignore unknown certificate authority problems
This option allows checking web servers that use HTTPS protocol and security certificates that were issued by not trusted company. With this option enabled, HostMonitor will accept security certificates issued by any company. When this option is disabled and the certificate belongs to a not trusted company then HostMonitor will set the test status to "no answer".
HTTPS: Accept certificates with invalid host name
HTTPS: Accept certificates with invalid dates
By default these options are greyed out, this means HostMonitor should use global options specified on Misc page in the Options dialog. If you mark or unmark test options, these settings will override global options (for this specific test item only).
Regards
Alex
Hi Alex,
thanks for reply.
yes - I have installed Hostmonitor as a win32 service with local system account because of the interaction with the console session.
On the 32bit server all went well. I'll try a service account and let you know the result.
The SSL and HTTPS Options I have checked, also the certificates are correct (the are still working on the 32 bit server).
regards
george
thanks for reply.
yes - I have installed Hostmonitor as a win32 service with local system account because of the interaction with the console session.
On the 32bit server all went well. I'll try a service account and let you know the result.
The SSL and HTTPS Options I have checked, also the certificates are correct (the are still working on the 32 bit server).
regards
george
This is correct configurationyes - I have installed Hostmonitor as a win32 service with local system account because of the interaction with the console session.
On the 32bit server all went well. I'll try a service account and let you know the result
- use Local System account to start service (using Windows Services applet) so HostMonitor service will be able to interact with desktop
- and provide administrator account using HostMonitor options located on Service page in HostMonitor Options dialog so HostMonitor will be able to check remote systems
Where this certificate is installed? user's certificate store or local computer certificate store?
Regards
Alex
Hi Alex,
after a restart of the server the problem continues: the test doesn't have acces to the client certificate.
sorry
Certificates are installed in the private store of a local Administrator account.
Neither to run Hostmonitor under this account nor to run the service unter local system account and specify the user as logon account solves the problem.
regards
george
after a restart of the server the problem continues: the test doesn't have acces to the client certificate.
sorry
Certificates are installed in the private store of a local Administrator account.
Neither to run Hostmonitor under this account nor to run the service unter local system account and specify the user as logon account solves the problem.
regards
george
Did you restart server that runs web service or server that runs HostMonitor?
Certificate is not displayed by HostMonitor GUI?
If HostMonitor shows certificate but test returns Bad status, may be there is some other problem with this test. You may use %HttpCode% variable to check HTTP error code. E.g. you may use this variable in e-mail template or use "Tune up Reply" test option to display %HttpCode% value in Reply field of the test.
If HostMonitor does not display certificate at all, may be you changed UseLocalCertStore option in hostmon.ini file? Such modification has affect after HostMonitor (or HostMonitor server) restart.
Regards
Alex
Certificate is not displayed by HostMonitor GUI?
If HostMonitor shows certificate but test returns Bad status, may be there is some other problem with this test. You may use %HttpCode% variable to check HTTP error code. E.g. you may use this variable in e-mail template or use "Tune up Reply" test option to display %HttpCode% value in Reply field of the test.
If HostMonitor does not display certificate at all, may be you changed UseLocalCertStore option in hostmon.ini file? Such modification has affect after HostMonitor (or HostMonitor server) restart.
Regards
Alex