NetXMS Support Forum

Is there an option during a Windows agent silent install to set the "Download configuration file from management server on startup"?

Maybe this is part of the bug. I am on version 2.2.3 and do not have the AgentTunnelListenPort parameter in my server configuration (or I am looking in the wrong place).

Looking forward to the next release as I am eager to get the rest of my clients on NetXMS.

Is there a way to change the Agent Tunnel Port from 4703 to port 80 or 443 for example? If not, I'd like to make a feature request to allow this. Use case, some of my clients have strict firewall rules and do not allow traffic out except on specific ports, with typical web ports (80/443) being allowed.

Thank you,
Gary

I was able to resolve my issue (which, according to the logs, is the same as yours) and perhaps this will help. I'm going to start at the beginning even though you already have of the steps completed (since you get the tunnel to come up initially)

I'm on Windows 2008R2
I port forwarded TCP 4703 to my NetXMS server on my firewall
NetXMS server program is already added to Windows firewall (but check on this)
I have a Linux Mint Virtualbox that i used for the openssl commands. Windows openssl I imagine would work, but I had the Linux box and it was faster than formatting the provided openssl.conf files to a Windows install.
Follow creating the root pair as shown here:
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
Make sure you copy the config file from the Appendix as it is says in the directions
Follow creating the intermediate pair as shown here:
https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html
Make sure you copy the config file from the Appendix as it is says in the directions
When it says chmod 400, I did 444, so I could edit the files (later step)
You do not need to create the certificate chain file, as it will not be used (I tried, it doesn't work)
Edit the intermediate.cert.pem file and add the text from the intermediate.key.pem at the bottom so you have
-----BEGIN CERTIFICATE-----
stuff
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
stuff
-----END RSA PRIVATE KEY-----
I think you need a blank line at the end of the pem files. So make sure can put the cursor down under the -----END RSA PRIVATE KEY----- indicating there is a blank line there
Copy ca.cert.pem and intermediate.cert.pem to your NetXMS server. I put them in D:\NetXMS\etc\cert
Add the following to netxmsd.conf
ServerCACertificate = D:\NetXMS\etc\cert\ca.cert.pem
ServerCertificate = D:\NetXMS\etc\cert\intermediate.cert.pem
ServerCertificatePassword = secretpassword
Restart the NetXMS Core service

On the node/agent add the following to the nxagentd.conf where the x's are your public IP (or whatever the nodes will be tunneling to)
MasterServers = xxx.xxx.xxx.xxx
ServerConnection = xxx.xxx.xxx.xxx
Restart the NetXMS Agent service

In NetXMS Management Console go to Configuration/Agent Tunnel Manager. You should see the Unbound tunnel. Right click and create node and bind. I left the Primary host name blank. Although I have seen posts where you set it to 0.0.0.0 or the IP of the agent (not sure if that is the public or the local IP). When I set it to 0.0.0.0 it changes the name to not what I want. I left it blank, it has been working and I get the name I set.

Most of what I have here isn't new. I just consolidated it into one place.
This post was a big help https://www.netxms.org/forum/configuration/agent-to-server-connections/msg22308/#msg22308

Install the RabbitMQ Management Plugin
https://www.rabbitmq.com/management.html

In the nxagentd.conf of the node I want to monitor RabbitMQ I put:
ExternalParametersProvider = "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" "C:\NetXMS\var\rabbit.ps1":60
Restart the agent

This gives you a Rabbit parameter. You need to poll the node for the config first to see the parameter. Right click the node and see attached screen shots on how to poll and verify parameter is available

I used the attached powershell script. Make changes to $username, $password, $rabbithost, $vhost (if not using default of / (%2F)), $queue
$workingfile gives back a table of all the statistics for the queue

The issue was that the default vhost in rabbit is a '/' which needs coded as %2F. It runs fine in the powershell ISE and was even writing out a debug text file with the correct value. However, when run from the command line, it fails with a "not found" error because the '/' is not interpreted correctly. The function at the top (which is not my own) cleans up the URI correctly and now I get the value back in NetXMS.

I am having the same error message of TLS handshake failed (error:00000001:lib(0):func(0):reason(1)).
This is my first tunnel created.
NetXMS 2.2.1
I am on Windows 2008R2. I downloaded openssl for Windows. The below openssl.cnf is default as installed.

On the NetXMS server, I did the following:
openssl genrsa -out rootCA.key 2048
openssl req -config "C:\Program Files (x86)\GnuWin32\share\openssl.cnf" -x509 -new -key rootCA.key -days 2038 -out rootCA.crt
openssl genrsa -out server.key 2048
openssl req -config "C:\Program Files (x86)\GnuWin32\share\openssl.cnf" -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA rootca.crt -CAkey rootca.key -CAcreateserial -out server.crt -days 2038

I placed rootCA.crt, server.crt, and server.key into D:\NetXMS\etc\cert

I added the following to netxmsd.conf and restarted the NetXMS core service

ServerCACertificate = D:\NetXMS\etc\cert\rootCA.crt
ServerCertificate = D:\NetXMS\etc\cert\server.crt
ServerCertificateKey = D:\NetXMS\etc\cert\server.key

On the agent I have the following in the nxagentd config file

MasterServers = 172.16.0.47
ServerConnection = 24.xx.xxx.xxx

The agent connects to the server and I see the tunnel in the tunnel manager. After I bind the tunnel to a node, I get the TLS handshake failed error. My log messages appear in the agent log just as posted by danny.richardson.

I think I have it. I will post the solution in a bit.

I have this mostly working except for one part that I cannot understand.

I am using a powershell script to get the statistic that I want and this is returning properly. I am using externalparametersprovider and am able to see the parameter in the node. The issue is the value is not returning when I use a variable in powershell. If I hard code a value, then the hard coded value is returned.

Write-Host Rabbit=$message_count returns "" to the NetXMS server but the output on the powershell window is Rabbit=5000
Write-Host Rabbit=5000 returns "5000" to the NetXMS server

I have also tried echo instead of Write-Host with the same results.

Thank you

That was the issue.

Also, if Agent Cache Mode is set, Force DCI poll does not work.

PS
Thank you for the excellent audit logs so I could find out who and when changed the default setting for the cache mode.

I have a custom schedule for one of my DCI's that monitors the number of files in a folder. An expected event runs at 3AM and puts a few thousand files in the folder that are processed and cleared out. I do not want to check during that hour.

This was working until I upgraded the server to 2.1.2.

Server 2.1.1 Agent 2.1.1 - Custom Schedule Working
Server 2.1.2 Agent 2.1.1 - Custom Schedule NOT working
Server 2.1.2 Agent 2.1.2 - Custom Schedule NOT working

I've attached a screenshot of my custom schedule.

Thank you,
Gary

They want to monitor the queues for number of transactions that are waiting. Basically to make sure that things are working.

Is anyone doing any monitoring of RabbitMQ? I don't know much about Rabbit but our developer department is asking. Looks like you can check a webpage to get the status...

I run on Windows with SQL Express 2012. 200 Nodes. 7 GB database. No performance issues.

After upgrading agents from 2.0.7 to 2.1, my DCI ServiceCheck.Custom(127.0.0.1,8080) is no longer working. If I use the local IP address for the agent instead of the loopback, then it works.
I am deploying these through templates, so I need to use the loopback address or if there is a variable available for the IP address in the DCI.

I am guessing there is a configuration change (solution to my last two questions) but I cannot find what it is.

Thank you

Victor replied on a different thread:

Hi,

default templates re-imported from file system on server startup. You can disable this behavior by setting server configuration parameter ImportConfigurationOnStartup to 0.

Best regards,
Victor