<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Ryan –<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I tested with Windows 2003 server successfully. Anything older really shouldn’t be in operation anymore anyway.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Novosielski, Ryan [mailto:novosirj@ca.rutgers.edu] <br><b>Sent:</b> Monday, October 19, 2015 1:34 PM<br><b>To:</b> J.C. Cleaver<br><b>Cc:</b> Rob Steuer; xymon@xymon.com; Kenneth S. Petersen<br><b>Subject:</b> Re: [Xymon] Fix for RDP tests<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Is it possible that this makes the test not work for older RDP servers?<br><br>____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*<br>|| <a href="file:///\\UTGERS">\\UTGERS</a> |---------------------*O*---------------------<br>||_// Biomedical | Ryan Novosielski - Senior Technologist<br>|| \\ and Health | <a href="mailto:novosirj@rutgers.edu">novosirj@rutgers.edu</a>- 973/972.0922 (2x0922)<br>|| \\ Sciences | OIRT/High Perf & Res Comp - MSB C630, Newark<br> `'<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>On Oct 19, 2015, at 06:12, J.C. Cleaver <<a href="mailto:cleaver@terabithia.org">cleaver@terabithia.org</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On Sun, October 18, 2015 10:22 pm, Kenneth S. Petersen wrote:<br><br><o:p></o:p></p><p class=MsoNormal>Hi Rob,<o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>It works perfect here.<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Using Xymon 4.3.21 with both 2008 / 2008 R2 / 2012 / 2012 R2 with no<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>issues at all.<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Thanks for the update, I'll deleted the RDPNLA witch was the approach I<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>did to get it to work.<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>I'll too backup on the protocols.cfg updates in the next release.<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><p class=MsoNormal><br><br><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Fra: Xymon [<a href="mailto:xymon-bounces@xymon.com">mailto:xymon-bounces@xymon.com</a>] På vegne af Rob Steuer<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Sendt: 19. oktober 2015 01:20<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Til: <a href="mailto:xymon@xymon.com">xymon@xymon.com</a><o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Emne: [Xymon] Fix for RDP tests<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Hi,<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>After trying to implement the RDP tests for monitored hosts I noticed that<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>they were returning a yellow warning with the warning text "Unexpected<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>service response". I tried this for older hosts running Windows 2003 and<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>newer hosts running 2008/2012 with RDP using NLA. It gave the warning<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>text for both. So I'm guessing the original rdp test was implemented many<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>years ago (2010 per below) when things were handled differently.<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>The specification currently in the protocols.cfg file for RDP as it stands<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>today is as follows:<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal># Microsoft Terminal Services / Remote Desktop Protocol<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal># >From Chris Wopat (<a href="http://www.xymon.com/archive/2010/01/msg00039.html">http://www.xymon.com/archive/2010/01/msg00039.html</a>)<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>[rdp]<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal> port 3389<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal> send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie:<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>mstshash=\r\n"<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal> expect "\x03\x00\x00\x0b\x06\xd0"<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>I couldn't find anyone who provided a true fix in the archives other than<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>suggesting doing a network trace. So that's what I did. After a bit of<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>testing I found the following to work:<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal># Microsoft Terminal Services / Remote Desktop Protocol<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal># >From Chris Wopat (<a href="http://www.xymon.com/archive/2010/01/msg00039.html">http://www.xymon.com/archive/2010/01/msg00039.html</a>)<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal># Updated By Rob Steuer 10-17-2015 with send and expect strings that work<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>for current versions of RDP<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>[rdp]<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal> port 3389<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal> send<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>"\x03\x00\x00\x13\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x0b\x00\x00\x00"<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal> expect "\x03\x00\x00\x13\x0e\xd0\x00\x00\x12\x34"<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>I was tempted to rename the protocol test to [rdpnla] or something like<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>that to keep the old one around, but really the old one just didn't work<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>for anything, so IMHO I think it just needs to be replaced entirely.<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>I'd like feedback from others to see if this works for them also and see<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>the protocols.cfg updated in the next release of Xymon.<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><o:p> </o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Thanks!<o:p></o:p></p></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Rob<o:p></o:p></p></blockquote><p class=MsoNormal><br><br>Hi Rob,<br><br>I can confirm it's working for me as well. Thanks for the submission! It's<br>been committed at <a href="https://sourceforge.net/p/xymon/code/7700/">https://sourceforge.net/p/xymon/code/7700/</a><br><br><br>Regards,<br>-jc<br><br>_______________________________________________<br>Xymon mailing list<br><a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br><a href="http://lists.xymon.com/mailman/listinfo/xymon">http://lists.xymon.com/mailman/listinfo/xymon</a><o:p></o:p></p></div></blockquote></div></body></html>