[Xymon] Fix for RDP tests

J.C. Cleaver cleaver at terabithia.org
Mon Oct 19 12:12:04 CEST 2015


On Sun, October 18, 2015 10:22 pm, Kenneth S. Petersen wrote:
> Hi Rob,
> It works perfect here.
> Using Xymon 4.3.21 with both 2008 / 2008 R2 / 2012 / 2012 R2 with no
> issues at all.
>
> Thanks for the update, I'll deleted the RDPNLA witch was the approach I
> did to get it to work.
>
> I'll too backup on the protocols.cfg updates in the next release.
>

>
> Fra: Xymon [mailto:xymon-bounces at xymon.com] På vegne af Rob Steuer
> Sendt: 19. oktober 2015 01:20
> Til: xymon at xymon.com
> Emne: [Xymon] Fix for RDP tests
>
> Hi,
>
> After trying to implement the RDP tests for monitored hosts I noticed that
> they were returning a yellow warning with the warning text "Unexpected
> service response".  I tried this for older hosts running Windows 2003 and
> newer hosts running 2008/2012 with RDP using NLA.  It gave the warning
> text for both.  So I'm guessing the original rdp test was implemented many
> years ago (2010 per below) when things were handled differently.
>
> The specification currently in the protocols.cfg file for RDP as it stands
> today is as follows:
>
> # Microsoft Terminal Services / Remote Desktop Protocol
> # From Chris Wopat (http://www.xymon.com/archive/2010/01/msg00039.html)
> [rdp]
>                 port 3389
>                 send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie:
> mstshash=\r\n"
>                 expect "\x03\x00\x00\x0b\x06\xd0"
>
> I couldn't find anyone who provided a true fix in the archives other than
> suggesting doing a network trace.  So that's what I did.  After a bit of
> testing I found the following to work:
>
> # Microsoft Terminal Services / Remote Desktop Protocol
> # From Chris Wopat (http://www.xymon.com/archive/2010/01/msg00039.html)
> # Updated By Rob Steuer 10-17-2015 with send and expect strings that work
> for current versions of RDP
>
> [rdp]
>                 port 3389
>                 send
> "\x03\x00\x00\x13\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x0b\x00\x00\x00"
>                 expect "\x03\x00\x00\x13\x0e\xd0\x00\x00\x12\x34"
>
> I was tempted to rename the protocol test to [rdpnla] or something like
> that to keep the old one around, but really the old one just didn't work
> for anything, so IMHO I think it just needs to be replaced entirely.
>
> I'd like feedback from others to see if this works for them also and see
> the protocols.cfg updated in the next release of Xymon.
>
> Thanks!
>  Rob


Hi Rob,

I can confirm it's working for me as well. Thanks for the submission! It's
been committed at https://sourceforge.net/p/xymon/code/7700/


Regards,
-jc




More information about the Xymon mailing list