New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Cannot monitor VMware host after disabling TLS 1.0

Votes:

0

Your Vote:

Up

Down

We have disabled TLS 1.0 on a VMware host (6.5 U1) after failing a security scan.

Now various sensors (Hardware Status, Host Performance, VM Status) fail with error "The underlying connection was closed: An unexpected error occurred on a send."

  • Version is 17.4.35.3318 [Preview].

Currently the TLS 1.0 protocol is enabled on the PRTG server. If we disable this then the error becomes: "aborted could not create SSL/TLS secure channel", and the errors extend to a second VMware host that still has TLS 1.0 enabled.

Please advise how to have PRTG check a VMware host that has TLS 1.0 disabled.

prtg17 tlsv1-0 vmware-esxi

Created on Nov 17, 2017 10:30:18 AM by  dosit (0) 1

Last change on Nov 17, 2017 11:05:31 AM by  Luciano Lingnau [Paessler Support]



9 Replies

Votes:

0

Your Vote:

Up

Down

Hi dosit,

What OS is the PRTG Server running on and are all updates and latest .NET installed?


Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 17, 2017 12:49:50 PM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

OS is Windows 10 Pro, fully patched. .NET is 4.7.02046.

Created on Nov 17, 2017 2:00:33 PM by  dosit (0) 1



Votes:

0

Your Vote:

Up

Down

Interesting. Does the error persist upon recreating the sensor? In case they don't work as well, please provide me with the output of reconfigureVc scan they reside in one of the following directories:

  • Linux /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator
  • Windows C:\Program Files\VMware\CIS\vSphereTLSReconfigurator\VcTlsReconfigurator
    Did you use this guide to configure TLS 1.2 accordingly?

Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 20, 2017 9:35:58 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

If I delete the VMware Host Hardware Status (SOAP) sensor and try to re-add it fails with "Could not create the sensor VMware Host Hardware Status (SOAP) on device ...".

root@GL2-VCA [ /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator ]# ./reconfigureVc scan
vCenter Transport Layer Security reconfigurator, version=6.5.0, build=5597882
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/VcTlsReconfigurator.log".

==================== Scanning vCenter Server TLS endpoints =====================
Service NameTLS Endpoint PortTLS Version(s)
vmware-stsd7444TLSv1.1 TLSv1.2
vmcamNOT RUNNING
vmware-rhttpproxy443TLSv1.1 TLSv1.2
rsyslog1514TLSv1.1 TLSv1.2
vmdird636TLSv1.1 TLSv1.2
vmdird11712TLSv1.1 TLSv1.2
vmware-rbd-watchdogNOT RUNNING
vmware-updatemgr8084TLSv1.1 TLSv1.2
vmware-updatemgr9087TLSv1.1 TLSv1.2
vsphere-client9443TLSv1.1 TLSv1.2
vsphere-ui5443TLSv1.1 TLSv1.2
vami-lighttp5480TLSv1.0 TLSv1.1 TLSv1.2

Yes that was the guide I used.

Note that the vCenter server is OK in PRTG, it is a host that has had TLS 1.0 disabled that we get the errors for.

Created on Nov 20, 2017 1:30:28 PM by  dosit (0) 1

Last change on Nov 20, 2017 2:11:52 PM by  Luciano Lingnau [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Could you please try to replace C:\Program Files (x86)\PRTG Network Monitor\Sensor System\VMWareSensor.exe with this one? Make sure to backup the existing one.

Let me know if it worked!


Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 20, 2017 8:47:03 PM by  Stephan Linke [Paessler Support]

Last change on Nov 20, 2017 8:47:29 PM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Yes that has fixed the issue, thanks.

Created on Nov 22, 2017 10:17:09 AM by  dosit (0) 1



Votes:

0

Your Vote:

Up

Down

Cool! Note that you need to replace it when updating PRTG until the sensor gets natively integrated :)


Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 22, 2017 10:53:26 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Stephan,

Thanks for your solution. Saved us a lot of headache on a Friday afternoon. This works for our installation as well after disabling TLS 1.0 and TLS 1.1 for our vCenter instance.

Created on Jan 12, 2018 8:17:26 PM by  dridgeway (0)



Votes:

0

Your Vote:

Up

Down

Glad to be of assistance! :)


Kind regards
Stephan Linke, Tech Support Team

Created on Jan 15, 2018 6:56:44 AM by  Stephan Linke [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.