Altaro VM Backup and Altaro Offsite Server require TLS 1.2 along with a couple of other requirements in order to communicate with the Cloud Management Console (CMC).
Disclaimer: The PowerShell script is being provided to You “AS IS”. Use this script at your own risk. Altaro will not be liable for any damage, cost, support or loss to the systems with the use of this script.
We have developed a tool that makes it easy checking for these requirements with a click of a button. The tool will check if the following requirements on the machine where Altaro VM Backup is installed are met:
The following requirements must be met by 6th April 2020 for Altaro VM Backup or Altaro Offsite Server to continue to communicate with Altaro CMC. The script will report True or False if the below requirements are met on the host where Altaro VM Backup or Altaro Offsite Server is installed:
- Altaro VM Backup must be 8.0.3 or newer
- Altaro Offsite Backup must be 8.0.3 or newer
- .NET Framework Version installed must be 4.6.2 or newer
- The Operating System version must be running Windows Server 2008R2 SP1 or newer
- TLS 1.2 must be installed, enabled and working on the server
Information about the Script
The tool is written in PowerShell for ease of use and backward compatibility, as well as for transparency. You can go through the script and read what commands are being executed to perform the validation checks on your systems. For Known Issues, check the section below.
How to run the Tool
The tool can be used in 2 ways:
- Through the User Interface by running the script without any parameters, or
- In Shell by running the script using the parameters documented below.
The script can be used to scan a local installation or remote installations. If you will be using this script to scan remote installations, Windows Remote Management (WinRM*) must be enabled on the remote computer to receive PowerShell remote commands.
The script can output the results in UI, PowerShell or comma separated format (csv) file.
* for further information on how to enable and configure WinRM refer to these articles:
Follow the instructions below in order to run the tool:
- Download the tool (AltaroTlsTool.ps1) from here
Your browser might give you a warning that this file can harm your computer.
- Running the Tool via GUI (Go to Step 3 for CLI instructions)
Right click on the downloaded file and select [Run with PowerShell]
If you need to test the Local installation of Altaro, use the [Local] option. If you're looking to scan multiple Altaro installations, you can use the hostname or IP address of these installations by choosing the [Remote] option.
Please note that the tool does not that support a subnet range and requires a hostname or an IP address. Servers in a WORKGROUP are also unsupported.
The tool can also output the results to a CSV file, simply choose your preferred location (the path and folder must exist). A filename must also be provided.
Once you're ready, click [RUN]
Once completed the tool will output the results in user interface as well as the CSV file, if you selected that option. As you can see, you can easily identify which server is not compatible and which component is resulting as 'Failed':
- How to run via CLI
You can find the Parameters to use the Tool via command line:
Will run the checks on the Local machine only. Use -ComputerName if you need to run on multiple servers.
-ComputerName <Host Name>, <...>
Specifies the computers ( Host Name) on which the command runs on.
Specifies the path to the CSV output file - relative paths and network paths also supported.
Find some examples below:
Will run locally and output to console.
.\AltaroTlsTool -Local -OutputCSV .\Results.csv
Will run locally, output to console and to CSV in the chosen directory.
.\AltaroTlsTool -ComputerName "HV001", "HV002" -OutputCSV .\Results.csv
Will run on the remote servers, print to shell and output to CSV in the chosen directory.
The tool has the following limitations:
- Script only supports PowerShell 2.0 and above
- Remote test to workgroup servers will not function as it requires credentials. It supports only domain joined servers and executed from workstation or servers joined to the same domain as the targets
- The output folder is not created automatically if it does not exist. You need to create manually
- Multiple remote entries will take time and without visible progress especially if you enter wrong host names or IP address. The app will still be running in the background so do not close the application within 10 minutes.
- WinRM will not work with an IP address across subnets, so best that use a hostname instead of an IP address