KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

Certificate Checks went suddenly "unknown"

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
itelio



Joined: 06 Nov 2014
Posts: 120

PostPosted: Wed Aug 08, 2018 3:02 am    Post subject: Certificate Checks went suddenly "unknown" Reply with quote

Hello
since Monday we have the problem that the certificate checks of external websites all went to the status "unknown".
It strangely affects only a few tests which are not configured differently.
A check of the firewall has shown that no data from these tests arrive at the firewall internally. The RemoteAgent no longer seems to be doing some certificate tests.
The remedy is to use an external remote agent. Then the tests will work again.
It only summarizes the certificate tests that are done via the Monitoring Server itself or via our internal RMA.

No updates or similar were installed on the monitoring server.
The problem has occurred at one time.
Restarting the server and restarting the RMA do not solve the problem.
The strange thing is that not all tests are concerned.


HostMonitor version
- 11:51

Windows version:
- Server 2016 standard

Service pack
- Up to Date

Antivirus monitor
- OFF

Protocols supported on the server (SSL / TLS)?
- SSL / TLS

What timeout did you set for the test?
30 sec

What message do you see in Reply field of the test?
Status: "unknown" and Reply "0 Days"


Best regards
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Wed Aug 08, 2018 5:54 am    Post subject: Reply with quote

Quote:
The RemoteAgent no longer seems to be doing some certificate tests. The remedy is to use an external remote agent.

Do you mean you are using the same RMA agent, version 6.50?
- RMA 6.50 installed inside your LAN cannot perform test?
- RMA 6.50 installed in some other LAN can perform the test?
Then it looks like problem caused by some 3rd party software or hardware.

Quote:
- SSL / TLS

What exactly version of SSL and TLS supported?

Quote:
Status: "unknown" and Reply "0 Days"

I assume you are using "tune up reply value" test option.
Please disable it, refresh the test and check Reply again

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
itelio



Joined: 06 Nov 2014
Posts: 120

PostPosted: Wed Aug 08, 2018 8:20 am    Post subject: re Reply with quote

Hi Alex,
Thank you for your prompt reply.
I set the reply back to default and now it shows:

URL itelio.com
(Agent: Hostmon)
Error: Can not load OpenSSL engine. Can not load MSVCR71.DLL. The specified module could not be found.

(Agent: RMA agent)
RMA: 301 - Can not resolve host name to IP address. The requested name is valid, but no data of the requested type was found.

Another address returns

RMA: 301 - SSL handshake failed

The messages were apparently suppressed by the modified repy.

All remote agents (internally and externally at the customers) are on version 6.24 which came with the installation of version 11.51.

Think it is a problem with the SSL configuration on the monitoring server?

Supported Versions on Monitoring Server:
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
--> SSL 2.0

Was that what you wanted to know?
If you need more Information please let me know.

Regards
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Wed Aug 08, 2018 8:37 am    Post subject: Reply with quote

Quote:
(Agent: Hostmon)
Error: Can not load OpenSSL engine. Can not load MSVCR71.DLL. The specified module could not be found.

Somebody removed this DLL on HostMonitor system?
Its included into installation package but program does not install it when DLL already present on the system. You may install it manually, just unzip and copy into HostMonitor folder
www.ks-soft.net/download/libs/msvcr71.zip

Quote:
(Agent: RMA agent)
RMA: 301 - Can not resolve host name to IP address. The requested name is valid, but no data of the requested type was found.

You are using wrong hostname or your DNS server does not work or some firewall blocks requests to DNS...

Quote:
Another address returns
RMA: 301 - SSL handshake failed
SSL 2.0

Just SSL 2.0? No SSL 3.0, no TLS 1.0, 1.1, 1.2? Are you sure its good idea to use such old and unsecured protocol?

Quote:
All remote agents (internally and externally at the customers) are on version 6.24 which came with the installation of version 11.51.

No, HostMonitor 11.51 comes with RMA 6.50.
Please update agents.

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
itelio



Joined: 06 Nov 2014
Posts: 120

PostPosted: Fri Aug 10, 2018 3:20 am    Post subject: Reply with quote

Hi Alex,
thanks für your help.

the MSVCR71.DLL was missing. Replaced it an the Tests are working again.

Thanks again an have a nice Day

Regards
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12791
Location: USA

PostPosted: Fri Aug 10, 2018 7:08 am    Post subject: Reply with quote

You are welcome

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index