[Xymon] Fix for RDP tests
Rob Steuer
steuer at hotmail.com
Mon Oct 19 01:20:23 CEST 2015
Hi,
After trying to implement the RDP tests for monitored hosts I noticed that
they were returning a yellow warning with the warning text "Unexpected
service response". I tried this for older hosts running Windows 2003 and
newer hosts running 2008/2012 with RDP using NLA. It gave the warning text
for both. So I'm guessing the original rdp test was implemented many years
ago (2010 per below) when things were handled differently.
The specification currently in the protocols.cfg file for RDP as it stands
today is as follows:
# Microsoft Terminal Services / Remote Desktop Protocol
# From Chris Wopat (http://www.xymon.com/archive/2010/01/msg00039.html)
[rdp]
port 3389
send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie:
mstshash=\r\n"
expect "\x03\x00\x00\x0b\x06\xd0"
I couldn't find anyone who provided a true fix in the archives other than
suggesting doing a network trace. So that's what I did. After a bit of
testing I found the following to work:
# Microsoft Terminal Services / Remote Desktop Protocol
# From Chris Wopat (http://www.xymon.com/archive/2010/01/msg00039.html)
# Updated By Rob Steuer 10-17-2015 with send and expect strings that work
for current versions of RDP
[rdp]
port 3389
send
"\x03\x00\x00\x13\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x0b\x00\x00\x0
0"
expect "\x03\x00\x00\x13\x0e\xd0\x00\x00\x12\x34"
I was tempted to rename the protocol test to [rdpnla] or something like that
to keep the old one around, but really the old one just didn't work for
anything, so IMHO I think it just needs to be replaced entirely.
I'd like feedback from others to see if this works for them also and see the
protocols.cfg updated in the next release of Xymon.
Thanks!
Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20151018/0012cc93/attachment.html>
More information about the Xymon
mailing list