Working Remote Desktop (3389) bb-services connection check
Chris Wopat
chrisw at supranet.net
Fri Jan 8 19:04:40 CET 2010
Hello,
This morning a coworker and I did some work to add a "real" remote
desktop connection check to Xymon. There are mailing list entries in the
past that just connect to 3389 but generally this isn't sufficient. The
test is simple, here's what goes into bb-services (the send line may
wrap, it should be on one line and there is a space between "Cookie:"
and "mstshash":
[rdp]
port 3389
send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie: mstshash=\r\n"
expect "\x03\x00\x00\x0b\x06\xd0"
I'd love it if anyone could test this out and confirm it works for them-
we tested on Win2000, WinXP, Win2003, Win2008 and it worked in all cases.
Now the tech details if anyone is curious. We sniffed and analyzed
packets using an actual remote desktop client as well as this Nagios test:
http://troels.arvin.dk/code/nagios/check_x224
There is more after the xd0 in the response packet but that appears to
be the "Connection Confirm" response from remote desktop according to
that script and to Wireshark. Also the packet length is hard coded in
the send and receive above (x19 in send, x0b in receive) but this did
not appear to cause any issues.
Please integrate this into the Xymon code if everyone tests it as working!
Thanks,
Chris
More information about the Xymon
mailing list