NetXMS Support Forum

Quote from: Staj on July 14, 2017, 11:46:53 PM
Running NetXMS on Windows.

Probably not exactly the answer you are looking for, but on Windows I managed to do in the way described here:

https://www.netxms.org/forum/configuration/netxms-webui-with-http-ssl/msg13453/#msg13453


Hope it helps.

Regards,
Marco

Quote from: lweidig on July 12, 2017, 07:39:39 PM
Marco:

Does the 2.1 mobile agent address this issue?

Hello,

as per my tests at the time of the post yes, agent was working fine on Android 7 emulator (I don't have a real Android 7 device, only 6). Console is still pending, I'm sorry but this is a very bad period at work I'll try to do within the end of this month.

Please let me know if on your device agent is working fine (will ask you for 3 permissions: location etc., you must grant them in order to use it).

Regards,
Marco

Quote from: lweidig on May 24, 2017, 07:33:34 PM
Installed the 2.1RC1 mobile agent APK on a Galaxy S7 (model: SM-G30R4) running Android 7.0.  As soon as I enabled Location Strategy of Network & GPS the app started crashing (and wanting to e-mail crash reports) - CONTINUALLY!!!!  Could not really do anything as it just kept opening the mail

Agent problem should be solved, next release will have the fix. Android console still have some issues, need to investigate more, will be fixed as well ASAP.

Regards,
Marco

Hello,

I guess that is due to the new model of permissions (explicit permission to be request to the user at runtime) that the agent is not supporting. I'll try to fix it as soon as possible.

Regards,
Marco

Quote from: Victor Kirhenshtein on April 12, 2017, 05:02:33 PM
Hi,

seems to be a bug in the code. What version you are using?

Best regards,
Victor

I have that problem in version 2.0.8

Regards,
Marco

Quote from: chillyw13 on March 29, 2017, 06:59:11 PM
Well, apparently there is more to this.  I have tried the following SMTPServer settings to no avail:

localhost
127.0.0.1
smtp.office365.com
smtp.office365.com:587
mydomain-com.mail.protection.outlook.com
mydomain-com.mail.protection.outlook.com:587

Anyone?  Bueller?  Bueller?

If you specify localhost or 127.0.0.1 as address you should have a local SMTP server (installed on the same machine where NetXMS runs) to directly send the e-mails or to forward to the external server you want to use.
If you need to specify the port you can use the parameter "SMTPPort" (edit server configuration and add it if doesn't exists). As per my memory you cannot specify username/password to authenticate user, so, the only way is to whitelist the IP of the NetXMS server and configure mail server to allow unauthenticated access from that IP or relay through another server.

Useful post:
https://www.netxms.org/forum/feature-requests/smtp-authentication/
https://www.netxms.org/forum/configuration/custom-smtp-port-for-sending-emails/


Regards,
Marco

Quote from: tomaskir on March 28, 2017, 03:46:31 PM
You can encrypt the cleartext key in Agent, or on Server, thats OK.
Or you can only encrypt the key on one side, thats also OK.

Yes, this is what I found myself with the three different tests, and this is why I said that from the documentation I wasn't able to understand that you can have all the combination, since for the clear text on the agent side there is the field SharedSecret


Regards,
Marco

Quote from: tomaskir on March 28, 2017, 12:30:51 PM
In which case should communication not be possible?

As I posted above, even if you put a secret that is a hash itself into the configs, NetXMS doesnt treat it as a hash, but as a clear-text shared secret.

Quoten your example 2, its actually the same, but the shared secret '01b307acba4f54f55aafc33bb06bbbf6ca803e9a' is hashed using SHA1.
That means, that while you input a shared secret that is theoretically a SHA1 hash in itself, Agent and server still hashed it.

According to documentation I understand that I have to put encrypted value (with nxencpasswd) into the EncryptedSharedSecret parameter but in my 2nd and 3rd example I didn't encrypt anything:

https://wiki.netxms.org/wiki/Agent_Configuration_File
EncryptedSharedSecret
Agent's shared secret used for remote peer authentication, encrypted using "nxencpasswd -a". If RequireAuthentication set to no, this parameter has no effect.

I'm aware that technically I can just compare the two values and if they don't match I can try to decrypt one then check again if they match (and so on...), but honestly to me doesn't seems so clear reading the doc, this is the reason for the question

Regards,
Marco

Hi Tomaskis,

I'm still not understanding

Quote from: tomaskir on March 27, 2017, 11:47:35 PM
You dont put a hash into the config, you put the shared secret in there.
The agent and server then hash it internally to communicate.

my point is that I'm able to successfully communicate with the agent in all the three cases and, as per your explanation, sounds differently:

Quote from: tomaskir on March 27, 2017, 11:47:35 PM
Communication would not be possible if both sides only knew the hash, thats not how cryptography works.
Both sides need to know the clear-text secret in order to create hashes and validate the payload.

and I should'n be able to communicate in all cases I shown.

Regards,
Marco

Hi,

I'm using agent authentication feature but there is something that I'm unable to understand.

I encoded 1234567890 using nxencpasswd tool and I got kc23yKtK4oq+OxuoSFDBCcKmCn7xK8e4wqYKfvErx7g= as value. I put 1234567890 in the agent parameter on console (see attachment agent_params_1) and kc23yKtK4oq+OxuoSFDBCcKmCn7xK8e4wqYKfvErx7g= in the agent configuration file (see attachments agent_config_1). Everything works fine, I'm able to communicate with the agent.

Then I did another test: I put the SHA1 value of 1234567890 (that is 01b307acba4f54f55aafc33bb06bbbf6ca803e9a) on both side, agent configuration file (see attachment agent_config_2) and agent parameter in the console (see attachment agent_params_2) and it works fine.

Finally, I did the third test putting directly 1234567890 in both places (agent config file and agent params, I avoided to attach this screenshot) and even in this case it works fine. So, seems that whatever I put works...

As per this post:

https://www.netxms.org/forum/configuration/agent-authentication/

I have to encrypt the password using nxencrpasswd to use the EncryptedSharedSecret! But as per my tests seems that it works even using it as it is

Please not that I have always restarted the agent after changing the shared secret.

Regards,
Marco

Hello!

I have a different error but result is the same, I'm unable to get the report:

https://www.netxms.org/forum/configuration/reporting-server-(invalid-object-name-'hibernate_sequence')/


Regards,
Marco

Hi Victor,

Thank you very much. I will be happy to be a beta tester!

Regards,
Marco

Hi,

I've managed to install reporting server to run in Windows environment on MSSQL Server 2016 and AzureSQL. If I try to execute the default report "Alarm Resolution Timer" what I get is this error in the report server log (attached to the post there is the complete log):


20:30:30.089 [quartzScheduler_Worker-1] ERROR o.h.id.enhanced.TableStructure - could not read a hi value
com.microsoft.sqlserver.jdbc.SQLServerException: Invalid object name 'hibernate_sequence'.
        at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:216) ~[sqljdbc4-4.0.jar:na]
        at com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult(SQLServerStatement.java:1515) ~[sqljdbc4-4.0.jar:na]
        at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(SQLServerPreparedStatement.java:404) ~[sqljdbc4-4.0.jar:na]


The only similar error I found is this:

https://www.netxms.org/forum/installation/reporting-server-4315/msg20119/#msg20119

But no useful hints...

Any other suggestions on how to solve?

Regards,
Marco

As per subject, since Nano Server (https://technet.microsoft.com/en-us/windows-server-docs/get-started/getting-started-with-nano-server) doesn't support "Windows Installer" technology (only PowerShell), any plan to have an installer for that edition?

Regards,
Marco

Hello!

as per my test the command line switch /SUBAGENT=NETSVC is ignored. Am I using the wrong syntax or that subagent cannot be installed from command line? (I'm able to properly install the LOGWATCH subagent with the same syntax).

Regards,
Marco