View previous topic :: View next topic |
Author |
Message |
itelio
Joined: 06 Nov 2014 Posts: 120
|
Posted: Wed Aug 08, 2018 3:02 am Post subject: Certificate Checks went suddenly "unknown" |
|
|
Hello
since Monday we have the problem that the certificate checks of external websites all went to the status "unknown".
It strangely affects only a few tests which are not configured differently.
A check of the firewall has shown that no data from these tests arrive at the firewall internally. The RemoteAgent no longer seems to be doing some certificate tests.
The remedy is to use an external remote agent. Then the tests will work again.
It only summarizes the certificate tests that are done via the Monitoring Server itself or via our internal RMA.
No updates or similar were installed on the monitoring server.
The problem has occurred at one time.
Restarting the server and restarting the RMA do not solve the problem.
The strange thing is that not all tests are concerned.
HostMonitor version
- 11:51
Windows version:
- Server 2016 standard
Service pack
- Up to Date
Antivirus monitor
- OFF
Protocols supported on the server (SSL / TLS)?
- SSL / TLS
What timeout did you set for the test?
30 sec
What message do you see in Reply field of the test?
Status: "unknown" and Reply "0 Days"
Best regards |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Wed Aug 08, 2018 5:54 am Post subject: |
|
|
Quote: | The RemoteAgent no longer seems to be doing some certificate tests. The remedy is to use an external remote agent. |
Do you mean you are using the same RMA agent, version 6.50?
- RMA 6.50 installed inside your LAN cannot perform test?
- RMA 6.50 installed in some other LAN can perform the test?
Then it looks like problem caused by some 3rd party software or hardware.
What exactly version of SSL and TLS supported?
Quote: | Status: "unknown" and Reply "0 Days" |
I assume you are using "tune up reply value" test option.
Please disable it, refresh the test and check Reply again
Regards
Alex |
|
Back to top |
|
|
itelio
Joined: 06 Nov 2014 Posts: 120
|
Posted: Wed Aug 08, 2018 8:20 am Post subject: re |
|
|
Hi Alex,
Thank you for your prompt reply.
I set the reply back to default and now it shows:
URL itelio.com
(Agent: Hostmon)
Error: Can not load OpenSSL engine. Can not load MSVCR71.DLL. The specified module could not be found.
(Agent: RMA agent)
RMA: 301 - Can not resolve host name to IP address. The requested name is valid, but no data of the requested type was found.
Another address returns
RMA: 301 - SSL handshake failed
The messages were apparently suppressed by the modified repy.
All remote agents (internally and externally at the customers) are on version 6.24 which came with the installation of version 11.51.
Think it is a problem with the SSL configuration on the monitoring server?
Supported Versions on Monitoring Server:
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
--> SSL 2.0
Was that what you wanted to know?
If you need more Information please let me know.
Regards |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Wed Aug 08, 2018 8:37 am Post subject: |
|
|
Quote: | (Agent: Hostmon)
Error: Can not load OpenSSL engine. Can not load MSVCR71.DLL. The specified module could not be found. |
Somebody removed this DLL on HostMonitor system?
Its included into installation package but program does not install it when DLL already present on the system. You may install it manually, just unzip and copy into HostMonitor folder
www.ks-soft.net/download/libs/msvcr71.zip
Quote: | (Agent: RMA agent)
RMA: 301 - Can not resolve host name to IP address. The requested name is valid, but no data of the requested type was found. |
You are using wrong hostname or your DNS server does not work or some firewall blocks requests to DNS...
Quote: | Another address returns
RMA: 301 - SSL handshake failed
SSL 2.0 |
Just SSL 2.0? No SSL 3.0, no TLS 1.0, 1.1, 1.2? Are you sure its good idea to use such old and unsecured protocol?
Quote: | All remote agents (internally and externally at the customers) are on version 6.24 which came with the installation of version 11.51. |
No, HostMonitor 11.51 comes with RMA 6.50.
Please update agents.
Regards
Alex |
|
Back to top |
|
|
itelio
Joined: 06 Nov 2014 Posts: 120
|
Posted: Fri Aug 10, 2018 3:20 am Post subject: |
|
|
Hi Alex,
thanks für your help.
the MSVCR71.DLL was missing. Replaced it an the Tests are working again.
Thanks again an have a nice Day
Regards |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Fri Aug 10, 2018 7:08 am Post subject: |
|
|
You are welcome
Regards
Alex |
|
Back to top |
|
|
|