How to get Windows Update info from client
list Kris Springer
I've got the XymonPSClient installed on a number of machines and was wondering if the client gathers any info regarding Windows Update status/history/pending/etc. I've searched the 'clientlog' and there's no mention of Windows Updates anywhere. Does anyone have a way to view Windows Update info from clients? Thanks, *Kris Springer*
list Jonathan Trott
We have a powershell plug-in we have written that reports the windows updates status. Happy to share if there is interest. Thanks, JT
▸
On 19 May 2018, at 03:06, Kris Springer <user-c2caa0a7a8d5@xymon.invalid> wrote: I've got the XymonPSClient installed on a number of machines and was wondering if the client gathers any info regarding Windows Update status/history/pending/etc. I've searched the 'clientlog' and there's no mention of Windows Updates anywhere. Does anyone have a way to view Windows Update info from clients? Thanks, Kris Springer
list Corey Kubecka
We use an external PowerShell script that can be run by XymonPSClient scheduler or Windows Task Scheduler. Email me if you are interested.
▸
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Kris Springer
Sent: Friday, May 18, 2018 12:06 PM
To: Xymon MailingList <xymon at xymon.com>
Subject: [Xymon] How to get Windows Update info from client
I've got the XymonPSClient installed on a number of machines and was wondering if the client gathers any info regarding Windows Update status/history/pending/etc. I've searched the 'clientlog' and there's no mention of Windows Updates anywhere. Does anyone have a way to view Windows Update info from clients?
Thanks,
Kris Springer
list Jonathan Trott
Hi Kris.
Nice work on the figuring!
Checking the code for xymonclient.ps1 finds this function:
function XymonDownloadFromURL([string]$downloadURL, [string]$destinationFilePath)
{
$downloadURL = $downloadURL.Trim()
WriteLog "XymonDownloadFromURL - Downloading $downloadURL to $destinationFilePath"
$client = New-Object System.Net.WebClient
try
{
# for self-signed certificates, turn off cert validation
# TODO: make this a config option
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$client.DownloadFile($downloadURL, $destinationFilePath)
}
catch
{
WriteLog "Error downloading: $_"
return $false
}
return $true
}
A bit of googling returns the collective knowledge that by default that command only uses TLS 1.0. Seems broken....
Apparently you can add the following line to enable more protocols:
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
So I'll copy in the xymon list so someone more knowledgeable can tell me that I am wrong.
Thanks,
JT
I figured it out! I set my server up to only use TLSv1.2 and apparently the Xymon PS download scripts can't work with v1.2, they need 1.0. When I reduced the TLS level down to allow v1.0 on my server it downloaded the file as expected. Any idea how to allow the Xymon client scripts to work with TLSv1.2? Thank you. Kris Springer
list Zak Beck
Hi
Yep, seems to be a fault in the underlying .NET libraries – it should really advertise the newer TLS protocols when making a connection but apparently only advertises 1.0 ☹
Can you try your recommended fix and let us know if it works – adding it here:
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
$client.DownloadFile($downloadURL, $destinationFilePath)
If that doesn’t work, can you try:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12
Thanks
Zak
▸
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Jonathan Trott
Sent: Thursday, 7 June 2018 00:17
To: xymon at xymon.com
Subject: [External] Re: [Xymon] How to get Windows Update info from client
Hi Kris.
Nice work on the figuring!
Checking the code for xymonclient.ps1 finds this function:
function XymonDownloadFromURL([string]$downloadURL, [string]$destinationFilePath)
{
$downloadURL = $downloadURL.Trim()
WriteLog "XymonDownloadFromURL - Downloading $downloadURL to $destinationFilePath"
$client = New-Object System.Net.WebClient
try
{
# for self-signed certificates, turn off cert validation
# TODO: make this a config option
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$client.DownloadFile($downloadURL, $destinationFilePath)
}
catch
{
WriteLog "Error downloading: $_"
return $false
}
return $true
}
A bit of googling returns the collective knowledge that by default that command only uses TLS 1.0. Seems broken....
Apparently you can add the following line to enable more protocols:
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
So I'll copy in the xymon list so someone more knowledgeable can tell me that I am wrong.
Thanks,
JT
I figured it out! I set my server up to only use TLSv1.2 and apparently the Xymon PS download scripts can't work with v1.2, they need 1.0. When I reduced the TLS level down to allow v1.0 on my server it downloaded the file as expected. Any idea how to allow the Xymon client scripts to work with TLSv1.2? Thank you. Kris Springer
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com