Hi Kris.
Nice work on the figuring!
Checking the code for xymonclient.ps1 finds this function:
function XymonDownloadFromURL([string]$downloadURL, [string]$destinationFilePath) { $downloadURL = $downloadURL.Trim() WriteLog "XymonDownloadFromURL - Downloading $downloadURL to $destinationFilePath" $client = New-Object System.Net.WebClient try { # for self-signed certificates, turn off cert validation # TODO: make this a config option [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} $client.DownloadFile($downloadURL, $destinationFilePath) } catch { WriteLog "Error downloading: $_" return $false } return $true }
A bit of googling returns the collective knowledge that by default that command only uses TLS 1.0. Seems broken.... Apparently you can add the following line to enable more protocols:
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
So I'll copy in the xymon list so someone more knowledgeable can tell me that I am wrong.
Thanks, JT
I figured it out! I set my server up to only use TLSv1.2 and apparently the Xymon PS download scripts can't work with v1.2, they need 1.0. When I reduced the TLS level down to allow v1.0 on my server it downloaded the file as expected.
Any idea how to allow the Xymon client scripts to work with TLSv1.2?
Thank you.
Kris Springer