NRDS_win Passive Checks Not Working
Re: NRDS_win Passive Checks Not Working
Do you think if you changed from using the IP address in the configuration to the FQDN, would it work then?
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
hamija2017
- Posts: 10
- Joined: Thu Mar 23, 2017 8:15 am
Re: NRDS_win Passive Checks Not Working
I changed the nagios config.ini (c:\program files\nagios\NRDS_Win\) to use the https://FQDN/nrdp/ instead of the IP address. Turned off TLS 1.0 using the IISCrypto 2.0. Restarted the computer. Failed to send the passive checks. Nagios shows the client as offline.
One thing I tested was using the FQDN/nrdp/ in the config.ini within the C:\Program Files\Nagios\NRDS_Win\config.ini with the host file updated. to point to 10.199.x.x nagios.*.com with TLS 1.0 enable. This did not work.
At this time the only way it is working is using the IP address and enabling TLS 1.0.
Within the config.ini file it shows the config_version as 0.6.
Our Nagios is running:
Nagios XI Version : 5.4.4
nagiosxi.*.com 2.6.32-696.1.1.el6.x86_64 x86_64
CentOS release 6.9 (Final)
Gnome is not installed
PHP Version: 5.3.3
Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Server Name: nagiosxi.*.com
Server Address: 10.199.x.x
Server Port: 443
The Inbound Check Transfer Settings is configured to use NRDP because it can go over port 80 or 443. NSCA is not currently configured.
From all of the searching within the forums and online. I have not found anything indicating the current version of the NRDS_Win is compatible with TLS 1.1 or TLS 1.2. The client is being downloaded/configured from: Admin -> Monitoring Config -> NRDS Config Manager.
Do we know if the current version of the NRDS_Win is compatible with TLS 1.1 or TLS 1.2
One thing I tested was using the FQDN/nrdp/ in the config.ini within the C:\Program Files\Nagios\NRDS_Win\config.ini with the host file updated. to point to 10.199.x.x nagios.*.com with TLS 1.0 enable. This did not work.
At this time the only way it is working is using the IP address and enabling TLS 1.0.
Within the config.ini file it shows the config_version as 0.6.
Our Nagios is running:
Nagios XI Version : 5.4.4
nagiosxi.*.com 2.6.32-696.1.1.el6.x86_64 x86_64
CentOS release 6.9 (Final)
Gnome is not installed
PHP Version: 5.3.3
Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Server Name: nagiosxi.*.com
Server Address: 10.199.x.x
Server Port: 443
The Inbound Check Transfer Settings is configured to use NRDP because it can go over port 80 or 443. NSCA is not currently configured.
From all of the searching within the forums and online. I have not found anything indicating the current version of the NRDS_Win is compatible with TLS 1.1 or TLS 1.2. The client is being downloaded/configured from: Admin -> Monitoring Config -> NRDS Config Manager.
Do we know if the current version of the NRDS_Win is compatible with TLS 1.1 or TLS 1.2
Re: NRDS_win Passive Checks Not Working
I didn't see anything in the VBS script that indicates it supports TLS 1.1 or 1.2 so it doesn't looks like it supports it.
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
hamija2017
- Posts: 10
- Joined: Thu Mar 23, 2017 8:15 am
Re: NRDS_win Passive Checks Not Working
Do you happen to know if there is going to be an updated version that will support TLS 1.1 or 1.2? If so, do you know if there is an expected time for release on an update version?
Re: NRDS_win Passive Checks Not Working
I don't think it is going to be worked on in the near future.
You could try the NCPA Agent and see if it works for you. It is currently active and has the best chance to work with TLS 1.1 or 1.2.
https://www.nagios.org/ncpa/
You could try the NCPA Agent and see if it works for you. It is currently active and has the best chance to work with TLS 1.1 or 1.2.
https://www.nagios.org/ncpa/
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: NRDS_win Passive Checks Not Working
What version of Windows is installed on their (let me know the SP level as well):
https://support.microsoft.com/en-us/hel ... in-windows
https://support.microsoft.com/en-us/hel ... in-windows
-
hamija2017
- Posts: 10
- Joined: Thu Mar 23, 2017 8:15 am
Re: NRDS_win Passive Checks Not Working
ssax,
We have three servers running the following: Windows Server 2008 R2 Enterprise SP1, One running Windows Server 2008 R2 Standard SP1 and another one running Windows Server 2012 R2 Standard. For a total of five servers.
We have three servers running the following: Windows Server 2008 R2 Enterprise SP1, One running Windows Server 2008 R2 Standard SP1 and another one running Windows Server 2012 R2 Standard. For a total of five servers.
Re: NRDS_win Passive Checks Not Working
In the link provided by ssax, is an option to override the default values for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2.
This may enable the NRDS_Win VBS script to talk to the Nagios XI server using TLS 1.1 or 1.2.
It looks like your servers are sufficiently patched so go ahead and try registry settings defined in the link and see if doing that fixes the issue for you.
This may enable the NRDS_Win VBS script to talk to the Nagios XI server using TLS 1.1 or 1.2.
It looks like your servers are sufficiently patched so go ahead and try registry settings defined in the link and see if doing that fixes the issue for you.
Be sure to check out our Knowledgebase for helpful articles and solutions!