The SSL Security Check sensor and any VMWare specific sensor does not seem to work well together.
TLS v1.0 is, as it should, recognized as unsafe by the SSL Security Check sensor, but if we disable this version on the esxi or vcenter hosts, none of the VMWare specific sensors work.
Which I interprets as the VMWare sensors does not support TLS 1.1 or 1.2.
We're running PRTG on a dedicated Windows Server 2012 R2 Standard if that has any importance to this.
We'd like to be able to disable TLS 1.0, can we do that and still have the VMWare sensors still work somehow?
Article Comments
Hi Sven,
Thank you for the answer, as I had the newest version installed, I didn't think this could be the problem.
But I think you might be right, when I "write sensor result to disk", it reports the following version being used NetVersion: v4.0.30319.
And, under setup/System status, it reports the following on the probe: .NET Framework Support: .NET 4 Framework is installed (Installed: v4\Client (4.6.01590), v4\Full (4.6.01590), v4.0\Client (4.0.0.0))
I see the newest version, but I also see an older 4.0.0.0 version.
I do not know enough about how .NET run-time works, but for me it seems like PRTG is not using the latest version, why is that? How can I fix it?
Feb, 2017 - Permalink
Dear Aleks,
Please manually uninstall the .Net4.0 client on your probe device. Once you have done this PRTG should automatically use the .Net4.6 client instead.
Best regards,
Sven
Feb, 2017 - Permalink
i uninstalled all versions of .net 4, the only one that was installed was 4.5.2 and then installed 4.6.2 and the sensor still reports that it is using version 4.0 of the .net framework and I see no way to remove .net 4.0 as it seems to have been installed by the 4.6.2 installer. My vmware sensors still won't connect with TLS 1.0 disabled. Any ideas?
Jul, 2017 - Permalink
Hey swipilot,
Please forward us a Support Bundle including the system log files for analysis.This can be done via the "Contact Support" ribbon in the lower right corner of the web interface.
Please enter this ticket's case number PAE900829 when submitting the Bundle.
Also, please forward us screenshots of one of the affected sensors (tabs: "Overview", "Log" and "Settings") and from the parent device (tab: "Settings").
Thank you very much in advance.
Kind regards,
Sven
Jul, 2017 - Permalink
Swipilot, that is exactly my problem, which is why I never marked the response I got from support here as "best answer" because it didn'l solve my case.
And it's still not resolved.
Jul, 2017 - Permalink
Hey Aleks,
If your issue still persists, please don't be shy and forward us a Support Bundle including the system log files for analysis as well.
This can be done via the "Contact Support" ribbon in the lower right corner of the web interface. Please enter this ticket's case number PAE901130 when submitting the Bundle.
Also, please forward us screenshots of one of the affected sensors (tabs: "Overview", "Log" and "Settings") and from the parent device (tab: "Settings").
Thank you very much in advance.
Kind regards,
Sven
Jul, 2017 - Permalink
Dear Aleks,
Thank you for your KB-post.
Usually the VMWare sensors should work even if you disable TLS 1.0. However, because these sensors are based on .Net the latest version of .Net is mandatory for the sensors to work properly.
Please update the .Net version on your Probe device on which the sensors are running on and check the behavior of the VMWare sensors afterwards.
Best regards,
Sven
Feb, 2017 - Permalink