Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In my case nothing would show up (sad)

According to How to: Enable Encrypted Connections to the Database Engine (SQL Server Configuration Manager)this Howto, the name of the certificate must be the fully qualified domain name (FQDN) of the computer. The TCS Since the TCS certificates we use can only contain a valid FQDN as the Subject's Common Name (CN), so this was had to be correct. I checked permissions and those seemed to be OK as well.

...

Since we now have a nice server certificate in the Windows Certificate Store, I figured I might as well use it to secure more services that run of this machine. The most obvious service is of course the channel by which the machine is managed: Remote Desktop Protocol (RDP). Based on the docs for Remote Desktop Services (RDS), this service , RDP does support SSL (TLS1.0). The installed certificate can be configured with the Remote Desktop Session Host Configuration. While at it, I also selected to only use SSL (TLS 1.0), and High Encryption level:

...

Using Wireshark it is again easy to spot that the session is encrypted.

 

Then I noticed one thing. Up until now I Previously I would always get this warning upon connecting to a Windows server:

...

After installing a real certificate, this warning isn't shown any more, and a nice little lock is shown on the RDP status bar, which shows the certificate information if clicked:

 

 

 

 

...

IPv6 service monitoring with Nagios

All of this stuff is very nice, but it's no good without monitoring.what good is a service when it is not being monitored?

We already We run a Nagios-3.x 2 instance in a remote data centerdata centre, and ideally I'd want my goal is to monitor all services that this hosts runsas much services on my new Windows host as possible.

Host alive

The check-host-alive test is a basic test from the nagios-plugins-basic package, and is based on check_ping, which can do IPv4 and IPv6, and defaults to IPv4.

It is defined in /etc/nagios-plugins/config/ping.cfg.  Interestingly, there are checks to deal with dual stack monitoring:

 Modified version of the default host alive check. Excerpt from /etc/nagios3/commands.cfg:

Code Block
themeMidnight
languagebash
####
# Changed to include IPv6 flag use these checks, if you want to test IPv4 connectivity on IPv6 enabled systems
####
 
# 'check-host-alive_4' command definition
define command{
        command_name    check-host-alive6alive_4
        command_line    /usr/lib/nagios/plugins/check_ping -H '$HOSTADDRESS$' -6 -w 5000,100% -c 5000,100% -p 1 -4
}

    }

Since our host's FQDN only has a AAAA DNS records, the default check is OK.

 

Disk usage

This can be done with the standard check_disk_smb_host_user, because that relies on the smbclient binary, which is part from the samba-3.4.7 package, which supports IPv6.

 

Microsoft SQL Server

There is no packaged Nagios plugin to check the status of SQL Server, but Nagios Exchange lists a number of them. They are written in various languages (Perl, Python, PHP), but they all rely on the FreeTDSa set of libraries for Unix and Linux that allows programs to natively talk to Microsoft SQL Server and Sybase databases. Unfortunately, this library patch uitleggendoes not support IPv6 (sad), hence none of the mentioned plugins work...

After asking around on the FreeTDS mailing list, Peter Deacon wrote a patch that adds IPv6 . Yah (smile).

After compliation I did some testing and I was able to connect to my SQL Server using a Perl script that uses DBD::Sybase

 

SSL certificate expiration date

...