Certificate Checks went suddenly "unknown"

[itelio]

Hello
since Monday we have the problem that the certificate checks of external websites all went to the status "unknown".
It strangely affects only a few tests which are not configured differently.
A check of the firewall has shown that no data from these tests arrive at the firewall internally. The RemoteAgent no longer seems to be doing some certificate tests.
The remedy is to use an external remote agent. Then the tests will work again.
It only summarizes the certificate tests that are done via the Monitoring Server itself or via our internal RMA.

No updates or similar were installed on the monitoring server.
The problem has occurred at one time.
Restarting the server and restarting the RMA do not solve the problem.
The strange thing is that not all tests are concerned.


HostMonitor version
- 11:51

Windows version:
- Server 2016 standard

Service pack
- Up to Date

Antivirus monitor
- OFF

Protocols supported on the server (SSL / TLS)?
- SSL / TLS

What timeout did you set for the test?
30 sec

What message do you see in Reply field of the test?
Status: "unknown" and Reply "0 Days"


Best regards

[KS-Soft]

The RemoteAgent no longer seems to be doing some certificate tests. The remedy is to use an external remote agent.

Do you mean you are using the same RMA agent, version 6.50?
- RMA 6.50 installed inside your LAN cannot perform test?
- RMA 6.50 installed in some other LAN can perform the test?
Then it looks like problem caused by some 3rd party software or hardware.

- SSL / TLS

What exactly version of SSL and TLS supported?

Status: "unknown" and Reply "0 Days"

I assume you are using "tune up reply value" test option.
Please disable it, refresh the test and check Reply again

Regards
Alex

[itelio]

Hi Alex,
Thank you for your prompt reply.
I set the reply back to default and now it shows:

URL itelio.com
(Agent: Hostmon)
Error: Can not load OpenSSL engine. Can not load MSVCR71.DLL. The specified module could not be found.

(Agent: RMA agent)
RMA: 301 - Can not resolve host name to IP address. The requested name is valid, but no data of the requested type was found.

Another address returns

RMA: 301 - SSL handshake failed

The messages were apparently suppressed by the modified repy.

All remote agents (internally and externally at the customers) are on version 6.24 which came with the installation of version 11.51.

Think it is a problem with the SSL configuration on the monitoring server?

Supported Versions on Monitoring Server:
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
--> SSL 2.0

Was that what you wanted to know?
If you need more Information please let me know.

Regards

[KS-Soft]

(Agent: Hostmon)
Error: Can not load OpenSSL engine. Can not load MSVCR71.DLL. The specified module could not be found.

Somebody removed this DLL on HostMonitor system?
Its included into installation package but program does not install it when DLL already present on the system. You may install it manually, just unzip and copy into HostMonitor folder
www.ks-soft.net/download/libs/msvcr71.zip

(Agent: RMA agent)
RMA: 301 - Can not resolve host name to IP address. The requested name is valid, but no data of the requested type was found.

You are using wrong hostname or your DNS server does not work or some firewall blocks requests to DNS...

Another address returns
RMA: 301 - SSL handshake failed
SSL 2.0

Just SSL 2.0? No SSL 3.0, no TLS 1.0, 1.1, 1.2? Are you sure its good idea to use such old and unsecured protocol?

All remote agents (internally and externally at the customers) are on version 6.24 which came with the installation of version 11.51.

No, HostMonitor 11.51 comes with RMA 6.50.
Please update agents.

Regards
Alex

[itelio]

Hi Alex,
thanks für your help.

the MSVCR71.DLL was missing. Replaced it an the Tests are working again.

Thanks again an have a nice Day

Regards

[KS-Soft]

You are welcome

Regards
Alex