KNOWLEDGE BASE

Tableau Resource Monitoring Tool WebUI Not Accessible After Configuring HTTPS


Published: 23 Feb 2021
Last Modified Date: 24 Feb 2021

Issue

After configuring the Tableau Resource Monitoring Tool for HTTPS connections, modern browsers like Chrome and Firefox may not load the webpage due to inadequate security settings on the server. 

The following may be presented when loading the RMT page in the Chrome browser:
CHROME_RMT_INSECURE



 

Environment

  • Tableau Resource Monitoring Tool 2020.3+
  • Windows Server 2016+

Resolution

This may be due to the server OS hosting RMT not having the appropriate cipher suites enabled for HTTP2 connections.  
Verify what ciphers are used, check the Security tab of Chrome's Developer Tools with HTTP2 disabled.  

1. Close all running Chrome instances.
2. Use Windows Run program and enter the following: chrome --disable-http2
CHROME_DISABLE_HTTP2
3. Open the Developer Tools and head to the Security tab where you may be presented with the following message:
CHROME_SECURITY_DEVELOPER_TOOLS
This confirms that the HTTP2 connection is insecure because the AES-GCM cipher suite is not enabled.

These steps should be verified and applied by your IT department as this involves changes to the registry.

1. Open the registry with regedit.exe
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002\Functions
3. Make sure the following entries are entered into the registry:

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_NULL_SHA384
TLS_PSK_WITH_NULL_SHA256

4. Save and reboot the machine for the changes to take effect.

Cause

RMT uses ASP.NET's Kestrel Server with default settings for HTTP2.

Windows servers that do not support HTTP2 cipher suites will run into this problem.
Did this article resolve the issue?