This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Cannot access new ipMonitor 10.7 server via HTTPS

Hi all. I just installed a new ipMonitor 10.7 server. It is running on a Windows 2008 R2 virtual server. Accessing the server via http://FQDN:8080 works fine. I need to set the server up to be accessed via SSL - https://FQDN

I have run the routine in ipmConfig to generate the self signed cert AND made sure that the Communications:Web Server Ports does have an entry for 0.0.0.0 / 443 / YES.

When I try to access the site using https://FQDN, I get Internet Explorer cannot display webpage.

Again, http://FQDN:8080 works fine.

Thanks for your help Thwackers!

- Dave

dclausse@scgov.net

  • Hello Dave,

    Chances are, IIS is already listening on port 443 (the default HTTPS port).  To verify this, simply run the following command within a CMD window:

    netstat /abnp tcp

    See what process is listening on 443.

    Assuming it is IIS, you will either need to stop it and restart ipMonitor or give ipMonitor a different port to listen on for HTTPS.  The latter can be done via the "Communication: Web Server Ports" section of the ipMonitor configuration utility.

    Hope this helps.

    Sincerely,

    Chris Foley • SolarWinds • Technical Support

    Office Hours: Mon-Fri 8AM-5PM EST 866.530.8040

    ______________________________________________

    explore our IT management solutions for:

    networks|applications|storage|virtualization|log & event

  • Thanks for the quick response.

    IIS is not installed on the server. Also, the Windows Firewall is disabled.

    netstat /abnp tcp

    Active Connections

      Proto  Local Address          Foreign Address        State

      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING

      RpcSs

    [svchost.exe]

      TCP    0.0.0.0:443            0.0.0.0:0              LISTENING

    [ipmservice.exe]

      TCP    0.0.0.0:445            0.0.0.0:0              LISTENING

    Can not obtain ownership information

      TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING

      TermService

    [svchost.exe]

      TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING

    [ipmservice.exe]

      TCP    0.0.0.0:8081           0.0.0.0:0              LISTENING

    Not sure what to make of these netstat results.

  • In that case, go to the ipMonitor configuration utility, click "Communications: SSL" and give ipMonitor a Self-Signed certificate.  Once this is done, restart the ipMonitorSrv service and see if you can connect to it using and/all of the following addresses:

    https://127.0.0.1  - from the ipMonitor host

    https://[IP_of_the_system]

    https://[DNS_name]  -> Make sure you can ping this DNS name and it is equal to the DNS name specified in the self-signed certificate.

    Let me know.

    Sincerely,

    Chris Foley • SolarWinds • Technical Support

    Office Hours: Mon-Fri 8AM-5PM EST 866.530.8040

    ______________________________________________

    explore our IT management solutions for:

    networks|applications|storage|virtualization|log & event

  • I did that initially with no luck. I just did it again - same lack of luck.

    I deleted the cert and tried again...

    pastedImage_0.png

    Clicked the generate button

    Once it was done

    pastedImage_1.png

    Clicked yes

    pastedImage_2.png

    Tried to access the server, on the server, https://name, https://127.0.0.1 - none worked.

    And since I am going screen shot mad:

    pastedImage_3.png

  • I just tried the ping instruction you gave me and something interesting happened:

    From the server itself:

    ping scgipmap02pw.bcc.scgov.local

    Pinging SCGIPMAP02PW.bcc.scgov.local [::1] with 32 bytes of data:

    Reply from ::1: time<1ms

    Reply from ::1: time<1ms

    Reply from ::1: time<1ms

    Reply from ::1: time<1ms

    Ping statistics for ::1:

        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    I have unchecked the IPv6 option for the NIC settings in this machine, but that looks like an IPv6 return to me.

  • One last thing...I ran the Sysinternals TCPView on the server:

    pastedImage_0.png

    I will get with my security folks to see if they have any clue on this. Thanks for your time.

  • Dave,

    Have a look at the following file to see if it has any errors about loading the certificate:

    -\program files\solarwinds\ipmonitor\logs\runtime.log

    Another thing you can try is running ipMonitor in desktop mode and see if you can then connect.  To do this,

    1. Stop the ipMonitorSrv service.

    2. Open a CMD prompt.

    3. Go to the ipMonitor installation directory

    4. Type the following command and enter:

    ipmservice.exe -desktop

    ipMonitor is now running as an application, instead of as a service.

    See if you can now connect to it over HTTPS.

    To stop ipMonitor from running as an app, simply press Ctrl-C in the CMD window and restart the service.

    Sincerely,

    Chris Foley • SolarWinds • Technical Support

    Office Hours: Mon-Fri 8AM-5PM EST 866.530.8040

    ______________________________________________

    explore our IT management solutions for:

    networks|applications|storage|virtualization|log & event

  • runtime.log contents:

    [1365541976] credentials database is corrupt. impersonation, accounts, and passwords are offline

    [1365541976] Process watchdog started

    [1365541977] Connected to Reporting Services

    Stopping the service(s) and running ipMonitor in desktop mode worked! I was able to connect to the server via HTTPS.

    Now, what do I do next?

  • Well, I just figured it out; the account I created to run the ipmonitor service did not have the proper rights. When I added that account to the local ADMIN group, the service started and I was able to access the server via HTTPS.

    Thanks for your time.

    - Dave