| View previous topic :: View next topic |
| Author |
Message |
5churli
Joined: 10 Aug 2010
Posts: 8
Location: Austria
|
 Posted: Tue Aug 10, 2010 9:05 am Post subject: client certificate doesn't work on win2003 64 Bit |
 |
|
Hi,
I startet to transfer Hostmonitor to a 64 bit Windos 2003 server. All test are done correctly besides the ones with client authentication.
Any idea how I can fix this ?
Thanks a lot.
george |
|
| Back to top |
|
 |
KS-Soft
Joined: 03 Apr 2002
Posts: 12795
Location: USA
|
| Posted: Tue Aug 10, 2010 10:34 am Post subject: |
|
|
What version of HostMonitor do you use?
What exactly test method do you use? URL test?
What exactly means "client certificate doesn't work"? What is test status? Bad? Unknown? Bad context?
Does HostMonitor display this certificate when you setup test item?
Regards
Alex |
|
| Back to top |
|
|
5churli
Joined: 10 Aug 2010
Posts: 8
Location: Austria
|
| Posted: Tue Aug 10, 2010 8:13 pm Post subject: |
|
|
ad 1: I'm using the latest version (8.6
ad 2: see below
ad 3: status is bad; the test isn't seen in the webserver log (doesn't reach the webserver)
ad 4: I can see the certificates only when I do administration as system account.
The same test works in a windows server 2003 32 bit environment where I can also see the certificates of the service in interaction mode.
- Test Details:
Method = Url
Title = RCI: rcisync2.webapps.local
Comment =
RelatedURL =
ScheduleMode= Regular
Schedule = 7 Days, 24 Hours
Interval = 600
Alerts = Folder-Gruppen Alarmierung (Hot)
ReverseAlert= No
UnknownIsBad= Yes
WarningIsBad= Yes
UseCommonLog= Yes
PrivLogMode = Default
CommLogMode = Default
;--- Test specific properties ---
URL = https://rcisync2.webapps.local:443/server-status/
UrlUseMacros= No
is302ok = Yes
IgnoreUnknCA= No
UseFrames = No
UseImages = No
CheckContents = contain
Expression = Server uptime
CaseSensitive = No
WholeWordsOnly= No
ExprUseMacros = No
CertHash = %F7%88%40%02%12%D3%64%BB%43%15%B9%1A%C8%38%B1%A3%14%85%72%5E |
|
| Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002
Posts: 12795
Location: USA
|
| Posted: Wed Aug 11, 2010 7:49 am Post subject: |
|
|
| Quote: | ad 4: I can see the certificates only when I do administration as system account.
The same test works in a windows server 2003 32 bit environment where I can also see the certificates of the service in interaction mode. |
Not sure I understand you.
Does "I do administration as system account" means you have started HostMonitor as Win32 service under Local System account? In such case you should specify account with administrator rights using HostMonitor options located on Service page in the Options dialog (HostMonitor Options dialog).
Otherwise HostMonitor will not be able to perform tests like CPU Usage, Process, Service, UNC, some options of URL test may not work as well.
Also, if you installed certificate into local computer certificate store, then you should add the UseLocalCertStore=1 line into [Misc] section of the hostmon.ini file and restart HostMonitor.
Or may be you already using this option while certificate is installed in user's certificate store? Then you should remove this line from hostmon.ini file or replace it with UseLocalCertStore=0
Next: if HostMonitor GUI shows certificate and you may select it but test returns Bad status, this means there are some problems with certificate. E.g. certificate is expired. In such case you may use options located on Misc page in the Options dialog:
Accept SSL/PCT certificates with invalid host name
Disables function checking of SSL/PCT-based certificates that are returned from the server against the host name given in the request.
Accept SSL/PCT certificates with invalid dates
Disables function checking of SSL/PCT-based certificates for proper validity dates.
Plus there are some options available on test level:
HTTPS: Ignore unknown certificate authority problems
This option allows checking web servers that use HTTPS protocol and security certificates that were issued by not trusted company. With this option enabled, HostMonitor will accept security certificates issued by any company. When this option is disabled and the certificate belongs to a not trusted company then HostMonitor will set the test status to "no answer".
HTTPS: Accept certificates with invalid host name
HTTPS: Accept certificates with invalid dates
By default these options are greyed out, this means HostMonitor should use global options specified on Misc page in the Options dialog. If you mark or unmark test options, these settings will override global options (for this specific test item only).
Regards
Alex |
|
| Back to top |
|
|
5churli
Joined: 10 Aug 2010
Posts: 8
Location: Austria
|
| Posted: Wed Aug 11, 2010 10:04 am Post subject: |
|
|
Hi Alex,
thanks for reply.
yes - I have installed Hostmonitor as a win32 service with local system account because of the interaction with the console session.
On the 32bit server all went well. I'll try a service account and let you know the result.
The SSL and HTTPS Options I have checked, also the certificates are correct (the are still working on the 32 bit server).
regards
george |
|
| Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002
Posts: 12795
Location: USA
|
| Posted: Wed Aug 11, 2010 10:39 am Post subject: |
|
|
| Quote: | yes - I have installed Hostmonitor as a win32 service with local system account because of the interaction with the console session.
On the 32bit server all went well. I'll try a service account and let you know the result |
This is correct configuration
- use Local System account to start service (using Windows Services applet) so HostMonitor service will be able to interact with desktop
- and provide administrator account using HostMonitor options located on Service page in HostMonitor Options dialog so HostMonitor will be able to check remote systems
Where this certificate is installed? user's certificate store or local computer certificate store?
Regards
Alex |
|
| Back to top |
|
|
5churli
Joined: 10 Aug 2010
Posts: 8
Location: Austria
|
| Posted: Wed Aug 11, 2010 12:50 pm Post subject: |
|
|
Hi Alex,
thanks for your information.
I didn't guess the split between Service Account and operations account.
I installed the cllient certificates in the user's certificate store of local system which went well on 32 bit Server and didn't work on the 64 bit server.
Now all tests work well
Thanks |
|
| Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002
Posts: 12795
Location: USA
|
| Posted: Wed Aug 11, 2010 1:33 pm Post subject: |
|
|
You are welcome
Regards
Alex |
|
| Back to top |
|
|
5churli
Joined: 10 Aug 2010
Posts: 8
Location: Austria
|
| Posted: Wed Aug 11, 2010 2:53 pm Post subject: |
|
|
Hi Alex,
after a restart of the server the problem continues: the test doesn't have acces to the client certificate.
sorry
Certificates are installed in the private store of a local Administrator account.
Neither to run Hostmonitor under this account nor to run the service unter local system account and specify the user as logon account solves the problem.
regards
george |
|
| Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002
Posts: 12795
Location: USA
|
| Posted: Wed Aug 11, 2010 3:34 pm Post subject: |
|
|
Did you restart server that runs web service or server that runs HostMonitor?
Certificate is not displayed by HostMonitor GUI?
If HostMonitor shows certificate but test returns Bad status, may be there is some other problem with this test. You may use %HttpCode% variable to check HTTP error code. E.g. you may use this variable in e-mail template or use "Tune up Reply" test option to display %HttpCode% value in Reply field of the test.
If HostMonitor does not display certificate at all, may be you changed UseLocalCertStore option in hostmon.ini file? Such modification has affect after HostMonitor (or HostMonitor server) restart.
Regards
Alex |
|
| Back to top |
|
|
5churli
Joined: 10 Aug 2010
Posts: 8
Location: Austria
|
| Posted: Wed Aug 11, 2010 10:49 pm Post subject: |
|
|
Hi Alex,
it was the "UseLocalCertStore" Option I forgot.
Now it also works after a restart.
Thanks a lot.
george |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in
