|
|
|||
|
|||
|
I sent an email with our issue, but i thought maybe someone could benefit from whatever we learn here. That and I think Commit support is tired of my emails.
We FINALLY got our SSL files in the correct format. If we go to http://127.0.0.1:4961 or https://127.0.0.1:4962 locally we can login both ways and the https site says it is secure with the little padlock and all. Only problem is it only works locally. When we change the UseSSLEncryption=N to UseSSLEncryption=Y. we cant login from the web anymore. we have the external ip set to commit.mywebsite.com and an A records from the dns web server pointing to the server's external IP. Works fine until we turn the SSL N to Y. What else do we need to change to make it work? Second question: is there a way to force SSL only once this is working? I don't want anyone using the unsecured version anymore. (Other than blocking the port on the firewall) I would rather it redirect everyone so customers and employees have a smooth transition. |
|
|
|||
|
|||
|
As we've just replied to you by email (please try not to double-post) The fact that it does not work is external to RangerMSP because the service does not 'care' where it is called from and what's its IP address is. From our experience it is most likely a firewall issue - either the port for SSL is blocked or the httpS protocol over it is. Besides, restricting SSL is not currently an option.
Hope this helps. |
|
|
|||
|
|||
|
@ nattivillin I'm assuming you have made the necessary adjustment to your firewall to alow the traffic to flow on port 4962?
Also what browser are you using? Answer to the second question is turn off port forwarding on 4961 in the firewall once everything is working |
|
|
|||
|
|||
|
I didnt double post. If you meant dont email and post things, here, i did that for the benefit of the community since they cant read our emails.
We had a slew of issues we had to fix. The primary fix to the problem listed here was a for formatting of the ip address in the ini file. We had the port at the end and commit said that was a nono. Even though that has worked for 5+ years, once we turned on the ssl, it no longer worked for whatever reason. The other issues we had were local DNS issues. When the request went out for the a record it had to be routed back to us and the internal dns servers didn't know how to translate the external ip of the building to the internal ip of the server. (or something like that). Commit suggested we add an entry to the local dns server so it worked on the lan as well and it did. We had to pay someone $200 to get this working for us. Apparently nobody on staff knows enough about certs to get it to work, and i was tired of having customers data flying over the wire unencrypted. Just thing about what target is going though right now. 70Million accounts compromised. 1/3 of the adult US population. If one of my clients got hacked and it was found out what we had all their information stored in a system that could be accessed unencrypted we'd be out of business. Now I just have to find a way to see failed login attempts without manually reading the log every day. |
|
|
|||
|
|||
|
Hi Nattivillin, I thought I would share a script I use to email the failed logon attempts to me. It will only email new attempts each time as it logs each line of text scanned in the registry.
I have marked the lines you need to edit clearly so you should all be able to work it out. copy and paste it to notepad, save it as a .vbs, set it as a scheduled task to run say every 5 minutes, MAKE Sure you execute it with administrative privileges or it wont be able to write to the registry. hope you enjoy: Const cdoSendUsingMethod = "http://schemas.microsoft.com/cdo/configuration/sendusing", _ cdoSendUsingPort = 2, _ cdoSMTPServer = "http://schemas.microsoft.com/cdo/configuration/smtpserver" Const ForReading = 1 Dim intStartAtLine, strFileCreateddate, i, strResults, strTextToScanFor 'who are you mailing to? strMailto = "EMAILADDRESS GOES HERE" 'default email address the message will be from strMailFrom = "EMAILFROMADDRESS GOES HERE" 'set SMTP email server address here strSMTPServer = "MAILSERVER IP GOES HERE" 'full path to the file you wish to monitor FileToRead = "\\SERVERNAME\<replace-with-the-path-to-the-failed-logins-log-file>" Set WshShell = WScript.CreateObject("WScript.Shell") On Error Resume Next strLastFileCheckedCreateDate = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\CreateDate") strLastFileLastLineChecked = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\LastLineChecked") On Error GoTo 0 Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set varFile = objFSO.GetFile(FileToRead) 'add more text to scan for by adding ,"item" to the array below ' for example, to search for two strings: ' array("text1","text2") arrTextToScanFor = Array("Invalid User Name or Password","error") strFileCreateDate = varfile.datecreated If CStr(strFileCreateDate) = CStr(strLastFileCheckedCreateDate) Then 'if the date when the current file was created DOES equal ' the date of the file that was checked last time - it's ' the same file. ' 'so, we would want to CONTINUE the search from where we ' last left off. 'MsgBox "TEST!" intStartAtLine = strLastFileLastLineChecked ElseIf strFileCreateDate <> strLastFileCheckedCreateDate Then 'if the date when the current file was created does not equal ' the date of the file that was checked last time - it's ' a new file that has been created. ' 'so, we would want to begin the search from the beginning of ' the file. intStartAtLine = 0 End If i = 0 Dim strNextLine 'MsgBox intStartAtLine Set objTextFile = objFSO.OpenTextFile(FileToRead, ForReading) Do While objTextFile.AtEndOfStream <> True If i < CInt(intStartAtLine) Then objTextFile.skipline Else 'MsgBox i strNextLine = objTextFile.Readline For each strItem in arrTextToScanFor If InStr(LCase(strNextLine),LCase(strItem)) Then strResults = strNextLine & vbcrlf & strResults 'MsgBox strResults End If Next End If i = i + 1 Loop 'MsgBox strResults objTextFile.close set WshShell = CreateObject("WScript.Shell") WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\FileChec ked" , FileToRead, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\CreateDa te", strFileCreateDate, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastLine Chec ked", i, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastScan ned" , Now, "REG_SZ" set WshShell = nothing If strResults <> "" Then Call sendmail(strMailFrom,strMailTo,"CommitCRM Web Failed Logon alert",strResults) '------------------------------------------------------------------------ 'Function EmailFile - email the warning file '------------------------------------------------------------------------ Function SendMail(strFrom,strTo,strSubject,strMessage) Dim iMsg, iConf, Flds On Error GoTo 0 '// Create the CDO connections. Set iMsg = CreateObject("CDO.Message") Set iConf = CreateObject("CDO.Configuration") Set Flds = iConf.Fields '// SMTP server configuration. With Flds .Item(cdoSendUsingMethod) = cdoSendUsingPort '// Set the SMTP server address here. .Item(cdoSMTPServer) = strSMTPServer .Update End With '// Set the message properties. With iMsg Set .Configuration = iConf .To = strMailTo .From = strMailFrom .Subject = strSubject .TextBody = strMessage End With 'iMsg.HTMLBody = strMessage '// Send the message. iMsg.Send ' send the message. If CStr(err.number) <> 0 Then Else End If End Function |
