clutch70

Deleted in favor of viewtopic.php?f=5&t=2928

Not necessarily - http://www.intronis.com/resources/pdf/data-sheets/Intronis%20RMM%20Deployment%20Kit.pdf This is the datasheet Intronis provides concerning the Event Log entries reported by the BackupAgent service. Some proper SQL'ing could result in an Internal Monitor that looked for events. The best part is, the events are already captured in the Application Event Log by default. To take it all the way home, I've had success with the Report Center and creating reports from custom tables I've got. You can report on your backup stats from there. I feel your pain about the Intronis reporting... Stale agents and crappy reports from Intronis themselves give me a headache. Edit: I should note that as a proof of concept, I have built an internal monitor that creates an alert for now. Nothing special just yet.

@pengstrom - Happy to help! SSL is a good thing for everyone =)

Sounds great - thanks for the plugin Tim!

Love it! Any way I could get a list of [tags] that the email form will accept? Could I do HTML in the email?

So my URL Rewrite configuration looks like this It yields the behavior I think your after. Even if someone tries to go to http://my.ltserver.com, they are redirected to https://my.ltserver.com. Agent communication seems to be unaffected. EDIT You'll also probably need this - EDIT 2: Just had to put this back together for LT 11 and did so successfully. Came back to add the fact that your Action type needs to be 'Redirect'. Otherwise you just get a 404 with 'my.ltserver.com/WCC2' in the address bar.

TheCloudGuy's solution sounds a hell of a lot easier, but I got this working with the URL Rewrite module of IIS.

Probably using the LDAP proxy. But unfortunately that's on-prem CW only =/ I'm sure you can use the Google Authenticator, but you don't have to.

If I recall, everything needs to come over except for the "h_*****" tables and the eventlogs table.

Deleted =/

Pretty freakin slick. I got the RD App up and working. Apparent caveat: The RD Application config screen does NOT like spaces in the Alias or the Program Name fields. Made me keep throwing "cannot connect to this application" errors. It integrates beautifully. I'm running Duo on a SonicWall that's got access to 3306. So from my Android I tap the SonicWall widget to get VPN'd in, accept the Duo notification, 3 taps to open Microsoft RDP and the RemoteApp, one tap to login to the Touch client and poof! A much friendlier LabTech interface than the official App no doubt! I wonder how this would feel with the full Control Center.. Obviously would have to be a tablet or something like that. PROTIP: Change the input mode of the Microsoft RDP app from "Mouse" to "Touch".

Not that I can specifically recall actually. Ok ok I cave - these are the shell commands used to get yourself an A from https://www.ssllabs.com/. Side note: while you get an A from SSL Labs and a TLS1.2 connection for WebCC, browsers whine about using an obsolete cipher suite if you click the lock in the address bar and go digging. On the to do list =). reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128" /v "Enabled" /t REG_DWORD /d "00000000" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128" /v "Enabled" /t REG_DWORD /d "00000000" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128" /v "Enabled" /t REG_DWORD /d "00000000" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /v "Enabled" /t REG_DWORD /d "00000000" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /v "DisabledByDefault" /t REG_DWORD /d "00000001" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server" /v "Enabled" /t REG_DWORD /d "00000000" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server" /v "DisabledByDefault" /t REG_DWORD /d "00000001" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "Enabled" /t REG_DWORD /d "00000001" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" /v "DisabledByDefault" /t REG_DWORD /d "00000000" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "Enabled" /t REG_DWORD /d "00000001" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" /v "DisabledByDefault" /t REG_DWORD /d "00000000" /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman" /v Enabled /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168" /v Enabled /t REG_DWORD /d 0 /f EDIT: Sorry I misspoke, the above commands are only good enough for an 'A' =/. Edited the main post appropriately. EDIT 2: Added command to disable TLS_RSA_WITH_3DES_EDE_CBC_SHA, a cipher defined as weak by SSLlabs. WARNING: The Internet suggests here that this may interfere with RDP. Use at your own risk!!!

Mine was pretty painless. We were running LT/SC on a single box, but with the 10.5 upgrade I took the opportunity to split those roles up. Some of the staging was rather difficult. After it was all said and done it was definitely not a process I felt like I could've executed by myself like had been suggested. The tech I worked with busted out a big toolbox of .sqls after the upgrade was done to get things up and going. But other than definitely needing support to do it for me, no real problems. CW sync tables didn't quite come over right, but still a minor issue they fixed up. Got 'em to migrate me over to MySQL x64 while we were at it! =)

Running TLS 1.0 for my agents. WebCC runs on TLS1.2 with a URL re-write to force the issue. I have SSL3.0, SSL2.0, and a bunch of outdated ciphers disabled too. Was able to harden it enough to get an A+ out of the Qualys SSL Labs site.

@lemtargatwing - Using VBscript yeah? That's one of the features I have not yet delved into: creating my own simple plugins. Sounds like I'll either need to learn myself or engage someone with some experience on the topic? @somecallme...tim - Thanks for the explanation, I like understanding how my LT server works