What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Cannot monitor VMware host after disabling TLS 1.0

Votes:

0

We have disabled TLS 1.0 on a VMware host (6.5 U1) after failing a security scan.

Now various sensors (Hardware Status, Host Performance, VM Status) fail with error "The underlying connection was closed: An unexpected error occurred on a send."

  • Version is 17.4.35.3318 [Preview].

Currently the TLS 1.0 protocol is enabled on the PRTG server. If we disable this then the error becomes: "aborted could not create SSL/TLS secure channel", and the errors extend to a second VMware host that still has TLS 1.0 enabled.

Please advise how to have PRTG check a VMware host that has TLS 1.0 disabled.

prtg17 tlsv1-0 vmware-esxi

Created on Nov 17, 2017 10:30:18 AM

Last change on Nov 17, 2017 11:05:31 AM by Luciano Lingnau [Paessler]



9 Replies

Votes:

0

Hi dosit,

What OS is the PRTG Server running on and are all updates and latest .NET installed?

Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 17, 2017 12:49:50 PM by Stephan Linke [Paessler Support]



Votes:

0

OS is Windows 10 Pro, fully patched. .NET is 4.7.02046.

Created on Nov 17, 2017 2:00:33 PM



Votes:

0

Interesting. Does the error persist upon recreating the sensor? In case they don't work as well, please provide me with the output of reconfigureVc scan they reside in one of the following directories:

  • Linux /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator
  • Windows C:\Program Files\VMware\CIS\vSphereTLSReconfigurator\VcTlsReconfigurator
    Did you use this guide to configure TLS 1.2 accordingly?

Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 20, 2017 9:35:58 AM by Stephan Linke [Paessler Support]



Votes:

0

If I delete the VMware Host Hardware Status (SOAP) sensor and try to re-add it fails with "Could not create the sensor VMware Host Hardware Status (SOAP) on device ...".

root@GL2-VCA [ /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator ]# ./reconfigureVc scan
vCenter Transport Layer Security reconfigurator, version=6.5.0, build=5597882
For more information refer to the following article: https://kb.vmware.com/kb/2147469
Log file: "/var/log/vmware/vSphere-TlsReconfigurator/VcTlsReconfigurator.log".

==================== Scanning vCenter Server TLS endpoints =====================
Service NameTLS Endpoint PortTLS Version(s)
vmware-stsd7444TLSv1.1 TLSv1.2
vmcamNOT RUNNING
vmware-rhttpproxy443TLSv1.1 TLSv1.2
rsyslog1514TLSv1.1 TLSv1.2
vmdird636TLSv1.1 TLSv1.2
vmdird11712TLSv1.1 TLSv1.2
vmware-rbd-watchdogNOT RUNNING
vmware-updatemgr8084TLSv1.1 TLSv1.2
vmware-updatemgr9087TLSv1.1 TLSv1.2
vsphere-client9443TLSv1.1 TLSv1.2
vsphere-ui5443TLSv1.1 TLSv1.2
vami-lighttp5480TLSv1.0 TLSv1.1 TLSv1.2

Yes that was the guide I used.

Note that the vCenter server is OK in PRTG, it is a host that has had TLS 1.0 disabled that we get the errors for.

Created on Nov 20, 2017 1:30:28 PM

Last change on Nov 20, 2017 2:11:52 PM by Luciano Lingnau [Paessler]



Votes:

0

Could you please try to replace C:\Program Files (x86)\PRTG Network Monitor\Sensor System\VMWareSensor.exe with this one? Make sure to backup the existing one.

Let me know if it worked!

Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 20, 2017 8:47:03 PM by Stephan Linke [Paessler Support]

Last change on Nov 20, 2017 8:47:29 PM by Stephan Linke [Paessler Support]



Votes:

0

Yes that has fixed the issue, thanks.

Created on Nov 22, 2017 10:17:09 AM



Votes:

0

Cool! Note that you need to replace it when updating PRTG until the sensor gets natively integrated :)

Kind regards,
Stephan Linke, Tech Support Team

Created on Nov 22, 2017 10:53:26 AM by Stephan Linke [Paessler Support]



Votes:

0

Stephan,

Thanks for your solution. Saved us a lot of headache on a Friday afternoon. This works for our installation as well after disabling TLS 1.0 and TLS 1.1 for our vCenter instance.

Created on Jan 12, 2018 8:17:26 PM



Votes:

0

Glad to be of assistance! :)

Kind regards
Stephan Linke, Tech Support Team

Created on Jan 15, 2018 6:56:44 AM by Stephan Linke [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.