After updating my WLAN controller, I stumbled across a small problem. The WLAN controller is monitored using PRTG and a PowerShell script. After updating the controller, the script only returns the following error message:
The request was canceled: No protected SSL/TLS channel could be created.
In this case, it is the Unifi Controller from Ubiquiti, but that is only a minor matter here. I had already read through the release notes for the update before the update and feared difficulties. The release notes contained the following sentence:
- Remove TLSv1 from default SSL protocols for Java 7/8.
I had already feared that the PowerShell sensor would have difficulties with this, a test directly on the PowerShell confirms the problem:
Although the .NET Framework and the PowerShell are relatively up-to-date, no connection can be established via HTTPs. Apparently the PowerShell or NET Framework still likes to use TLSv1, which is no longer supported by the controller.
To ensure that PowerShell scripts prefer to use the latest versions of the TLS protocol, this can be adjusted at script runtime. The following two lines only allow TLSv1.1 and TLSv1.2 connections:
$AllProtocols = [System.Net.SecurityProtocolType]'Tls11,Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
The two lines can be executed within a script before opening a connection:
In this example, the response from the server is now delivered. Another reason for the error may be an invalid certificate; the validity check can also be switched off at runtime:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
For the PRTG monitoring script and the Unifi controller, I have added the two lines mentioned above to the script. This means that the controller can also be monitored again:
The Unifi Controller version used is 5.4.18, in case anyone has similar problems.
Update 09.07.17: I have just noticed that PRTG has already added the corresponding lines in a new version of the sensor:
Monitoring Ubiqiti UniFi Devices with PRTG
Hätte ich mal vorher den das Script für den Sensor aktualisiert…