I get the following error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"
Article Comments
Attention: This article is a record of a conversation with the Paessler support team. The information in this conversation is not updated to preserve the historical record. As a result, some of the information or recommendations in this conversation might be out of date.
Windows and Weak Certificates
The Windows Update KB2661254 disabled the authentication mechanism with weak certificates that have a key-length of less than 1024 bit. If you installed this update on a computer running the PRTG probe, this can affect your VMware sensors.
Solution: Install Strong Certificates on VMware Server
vCenter-Server 4.0 used certificates with 512 bit key-length. You may be affected too if you updated to a newer version, because the certificates are kept during an update!
A new installation of vCenter-Server 4.1 or higher generates certificates with 2048 bit key-length and is not affected.
Please refer to the VMware knowledge base at http://kb.vmware.com/kb/2037082 for further information on how to regenerate certificates on your existing installation.
Work Around: Re-Enable Weak Certificates
At the Microsoft knowledge base (http://support.microsoft.com/kb/2661254) you get a solution to re-enable weak certificates with a registry key at the section Allow key lengths of less than 1024 bits by using registry settings.
This is not recommended and should only be used as a quick workaround and should be reverted as soon as possible after replacing the certificates!
Oct, 2012 - Permalink
Windows and Weak Certificates
The Windows Update KB2661254 disabled the authentication mechanism with weak certificates that have a key-length of less than 1024 bit. If you installed this update on a computer running the PRTG probe, this can affect your VMware sensors.
Solution: Install Strong Certificates on VMware Server
vCenter-Server 4.0 used certificates with 512 bit key-length. You may be affected too if you updated to a newer version, because the certificates are kept during an update!
A new installation of vCenter-Server 4.1 or higher generates certificates with 2048 bit key-length and is not affected.
Please refer to the VMware knowledge base at http://kb.vmware.com/kb/2037082 for further information on how to regenerate certificates on your existing installation.
Work Around: Re-Enable Weak Certificates
At the Microsoft knowledge base (http://support.microsoft.com/kb/2661254) you get a solution to re-enable weak certificates with a registry key at the section Allow key lengths of less than 1024 bits by using registry settings.
This is not recommended and should only be used as a quick workaround and should be reverted as soon as possible after replacing the certificates!
Oct, 2012 - Permalink