VuGen

How to solve SSL 3 recording issues in HPE VuGen

How to solve SSL 3 recording issues in HPE VuGen

With web application security becoming more important you may find servers refusing to accept SSL 3.0 protocol due to security vulnerabilities such as POODLE (https://en.wikipedia.org/wiki/POODLE ).

Older versions of VuGen will refuse to record the application and display an error page similar to below giving vague information to what the problem is.

SSL3a updated

VuGen 12.50 will now show a popup giving a hint where the problem is:

SSL3b

Using Wireshark it become clear that the issue is with the SSL handshake:

SSL3c

Compared with a successful secure handshake recording when using the browser:

SSL3d

By default VuGen has the following “Recording -> Network -> Mapping and Filtering” settings:

SSL3e

The problem is that VuGen will not try later TLS versions after the first handshake has failed unlike a browser which will start from the highest TLS version and work down until the server accepts the handshake:

SSL3f

Simple solution is to change the VuGen Recording -> Network -> Mapping and Filtering to at least TLS 1.0

Posted by David Batty in Hewlett Packard Enterprise, Tech Tips, 0 comments
How to record Angular JS Single Page Applications (SPA)

How to record Angular JS Single Page Applications (SPA)

These days VuGen offers a number of ways to record SPA web application including TruClient and importing Session Archive Zip (SAZ) files from fiddler. However, you can still use HTTP/HTML protocol in VuGen. In doing so you may encounter a number of issues when recording the HTTP RESTful service calls.

To create robust maintainable scripts JDS recommend using HTML-based recording rather than URL-based scripts. The ‘HTML Mode’ will not extract every resource URL into the script but will either encapsulate them into the initial calling URL or add them to the EXTRARES section of the step:

web_url("home",
"URL=https://xxxxxxx.xxx",
"TargetFrame=","Resource=0",
"RecContentType=text/html",
"Referer=",
"Snapshot=t1.inf",
"Mode=HTML",
EXTRARES,
"Url=../fonts/OpenSans/OpenSans-Regular-webfont.eot", ENDITEM,
"Url=../fonts/fontawesome-webfont.eot", ENDITEM,
"Url=../media/bootstrap.min.css", ENDITEM,
"Url=../css/jds-logo-white.png", ENDITEM,
"Url=../fonts/OpenSans/OpenSans-Light-webfont.eot", ENDITEM,
"Url=../media/jds_bg.jpeg", ENDITEM,
"Url=../fonts/OpenSans/OpenSans-Semibold-webfont.eot", ENDITEM,
"Url=../css/bg3.jpg", ENDITEM,
"Url=../css/32px.png", ENDITEM,
"Url=../fonts/OpenSans/OpenSans-Bold-webfont.eot", ENDITEM,
"Url=../css/background.jpg", ENDITEM,
LAST);

This is a problem is you want to measure the transaction times of RESTful service calls used in SPA frameworks.

To enable the VuGen recorder to extract the Angular JS calls as separate steps we must change the “Recording Options -> HTTP Properties -> Advanced” recording scheme to not record responses with headers:

Content-Type application/javascript

As resources.

Posted by David Batty in Hewlett Packard Enterprise, Tech Tips, 1 comment
Vugen and GitHub Integration

Vugen and GitHub Integration

With the release of LoadRunner 12.53, VuGen now has built in GitHub integration. That means you not only have access to GitHub for saving versions of your script, but also other tools like bug tracking, access control and wikis.

Here’s an overview to VuGen’s GitHub integration to get you up and running.

Getting Started

First off, you’ll need a personal Git login. You can sign up for free at github.com/join.  Note that free repositories are publicly available.

You’ll also need LoadRunner 12.53 or higher from HPE.

GitHub Overview

VuGen’s GitHub integration (and GitHub in general) works by managing three versions of your script at a time.

Vugen and GitHub Integration 1

  1. The one you see in VuGen is your working copy. You can develop / replay your script as usual, and save it locally when you want.
  2. When you want a backup of your script – e.g. before doing correlation or rerecording, you can make a check point – or commit the script. This saves the script to a local staging area.
  3. After several commits, or perhaps at the end of the day, you might be ready to save everything to GitHub. To do this you Push the script.

Using GitHub integration straight from VuGen

The following example shows you how to push your first VuGen script to GitHub.

1. Starting out – Creating a Repository

Log into GitHub and create a new repository:

Vugen and GitHub Integration 2

Fill in the details and click “Create Repository”. With a free GitHub account the script will be publicly available, with a paying account you can make it private.

Vugen and GitHub Integration 3

2. VuGen Version Control – Create Local Git Repository
Now create a script in VuGen – in our example it’s ‘BankofSunshine’.

You’ll see a new ‘Version Control’ menu available in VuGen. Chose the option to ‘Create a local Git Repository’.

Vugen and GitHub Integration 4

VuGen manages the files to include so you don’t need to create a .gitignore file. If you prefer to manage it yourself, you can do that too.

3. Commit Changes to the Staging Area

Now you need to commit your script to the local repository. Do this each time you’ve made changes that you might want to push to Git Hub, or if you want to be able to roll back any changes.

When you commit, your local repository is ready to be pushed up to GitHub – but is still only available to you.

Vugen and GitHub Integration 5

4. Push Changes to GitHub

Once you are ready to save your script up to GitHub, you will need to Push the changes.

The first time you do this with your script you will need to tell VuGen some details about the GitHub repository.

Enter your details that you created in Step 1:

Vugen and GitHub Integration 7

Now your newly created script is saved to GitHub.

5. There’s no step 5.

That’s all you need to do. When you go to GitHub and click on your repository, you will see all the files that you just pushed:

Vugen and GitHub Integration 8

To keep track of changes made locally to the script, VuGen will show you which files have updated with a red tick:

Vugen and GitHub Integration 9

While you can access your scripts in ALM from the Controller, you can’t yet access your scripts in GitHub from the Controller. You’ll need to pull down a local copy before you run your test.

Now you are up and running, how about exploring more of what GitHub has to offer. Each script saved to GitHub comes with a Wiki and issues register. These could come in handy when you have large or tricky scripts or for handover to another team

Share your thoughts on VuGen GitHub integration below.

Posted by Daniel Spavin in Hewlett Packard Enterprise, Tech Tips, 1 comment

Tips for Replaying RDP VuGen Scripts in HP BSM or HP LoadRunner

If you’ve ever worked with RDP VuGen scripts, you’ll know it can be challenging to develop a reliable script.  This applies if you need to generate high load via LoadRunner RDP scripts for performance testing. It also applies if you need reliable RDP scripts over time as part of a monitoring solution using Business Process Monitors (BPM)s in HP BSM. Differentiating between false errors and real errors with RDP VuGen scripts can be time consuming and drive you insane.

Over and above writing a robust RDP VuGen script, here are some tips to more reliably run RDP scripts in either LoadRunner or HP BSM. We have successfully run 250+ concurrent RDP user tests with no errors using a combination of the below, even without the RDP agent using LoadRunner. There are a number of additional techniques to make RDP scripts more reliable but these are beyond the scope of this article.
 
Script Run-Time Settings:

RDP Synchronization Image Tolerance:

Set the default tolerance for image synchronization to Exact. This should be the global setting. You can relax the tolerance on a case by case basis in the rdp_sync_on_image function using “Tolerance= Medium” where tolerance can be Exact, Low, Medium or High.

RDP Synchronization Typing Speed:

Set the typing speed (msec/char) to at least 300 (msec/char). In some cases the script will still run faster in LoadRunner than you want it to, in which case you can try increasing the typing speed further.
 
RDP Server settings:

RDP-tcp Session Properties:

Set your Terminal Server settings to automatically end disconnected sessions after 1 minute. This will ensure that any disconnected/hung sessions are automatically logged out so the next user can pick up a “clean” session. If allowed also set Active and Idle session limits to Never. This will ensure there will be no limits to how long a user can be active or idle in the RDP session.

These options are found in Remote Desktop Session Host Configuration > Properties > Sessions Tab.

  • End a disconnected session: 1 minute
  • Set Active session limit: Never
  • Idle session limit: Never

 
Still having problems?

Connection Reset by Server Errors.During test execution on the LR Controller, you are getting the following error:-202930 xxx.c(xx): Error:Connection reset by the server

image001

 

Generally this is a difficult error to find the root cause for but if you have a scenario with large think-time and/or pacing (minutes) and find that your vusers are failing with the above error, we suggest you try this first.

Increase the Socket receive buffer size (bytes) in Run-Time settings. This option is found under Run-Time Settings > RDP > Advanced > Socket receive buffer size (bytes).

VuGen has a description as follows:

The amount of bytes to allocate for the socket’s receive buffer. If the buffer is too small, it can fill up causing the server to disconnect. If the buffer is too large, it uses more local system resources (non-paged memory) and can slow system performance.

image003

 

Posted by Yauseng Chew in Hewlett Packard Enterprise, Tech Tips, 0 comments

What’s new in LoadRunner 12.02

HP recently released LoadRunner 12.02 and here at JDS, we have had first hand look at what HP has to offer in this new release. Many new and interesting features were introduced as part of this release, with a new feature called Web Controller available for non-production testing included. Here is a brief summary and initial thoughts of the new release.

Web Controller

  • Must run separately from the desktop Controller.
  • Currently not released for Production. Released as part of a Preview Project.
  • HP has gone with a much cleaner, white themed look for the Scenario Set Up in the Web Controller and have also removed a few options which are available in the desktop Controller
    • Removed these options in Scenario Schedule
    • Schedule by: Scenario
    • Run Mode: Real- world Schedule
    • Scenario Schedule is now replaced by

    • Schedule By Test
    • Schedule By Script

WebController



Noise Testing

  • The noise test performs basic load testing without an actual business process. The approach of this test scenario is to create heavy load on the server by having the same URL accessed simultaneously by a large number of virtual users.
  • 1 web Vuser license can instead be used for for 10 “noise” Vusers.
  • A noise testing scenario can be set up with a standard Vugen script load scenario. One scenario will contain standard Vusers and the other will have noise generator type Vusers.
  • “noise_” prefix will be automatically added to the group name in the scenario groups. This helps with distinguishing the different group tests.
  • Make sure that either the “Define each actions as a transaction” or Define each step as a transaction” is selected in the Run-time settings.
  • NoiseTest



Vugen

  • Run Time Settings now appears in a Tab instead of a separate window. This will allow easier access to multiple run time settings for multiple scripts.
  • Traffic filtering is now possible before/after recording. This means you can record a script, and then regenerate to exclude Google analytics etc. Might be a useful alternative to creating a blacklist of servers as was the previous way to achieve this.
  • Updates to the way TruClient identifies objects. The enhancement is in the Descriptor Editor where the user selects attributes to identify the object by. This does not require the use of XPath as with previous versions.
  • New JSON view in snapshot pane, for HTTP requests and responses with an application/json content type.
  • Proxy recording for Java over HTTP, Oracle NCA, and Oracle – Web protocols
  • Large scripts with multiple correlations can be easily handled
  • Vugen



Analysis

  • Analysis can now support much larger results files without consuming all the system resources. Good news for analysing soak results with lots of transactions / monitoring stats.



Protocol Enhancements

  • Support for latest versions of XenDesktop, and NetScaler Access Gateway.
  • TLS1.1 and TLS1.2 are now supported
  • RTE has Win 8.1, Windows 2012 R2, and IPv6 support.
  • Support for SOAP 1.2
  • Support for latest versions of Flex and GraniteDS



HP LR 12.02 ReadMe Notes

Posted by Lionel Lim in Hewlett Packard Enterprise, Tech Tips, 0 comments

LoadRunner Correlation with web_reg_save_param_regexp

Do you have a correlation which you can’t solve because the values of the left and right boundary are dynamic? Correlation is an essential part of performance test scripting and there are plenty of different challenges with correlation. Imagine having a value of “GraphA123567EndGraphA” and the goal is to correlate 123567

From the example above, the left and right boundaries would be “LB=GraphA” “RB=EndGraphA”
What if the word GraphA is dynamic and can be anything from GraphA-GraphZ?

There is a solution at hand!

Using web_reg_save_param_regex will allow the user to grab a correlation value using dynamic left and right boundaries. This function uses the power of regular expressions, below are a few examples:

Example 1:
Source: “GraphA123567EndGraphA”
Solution: web_reg_save_param_regexp(“ParamName=CorrValue”, “RegExp=\“Graph[A-Za-z]\”, \“([0-9]+)\”, \“EndGraph[A-Za-z]\””, LAST);
Result: 123567

Example 2:
Correlate the values from a drop down list of a form
Source: dropdown >>> red, blue, green
Solution: web_reg_save_param_regexp(“ParamName=ColourList”, “RegExp=option=[0-9]+>([A-Za-z])

  • {ColourList1}=red
  • {ColourList2}=blue
  • {ColourList3}=green

Example 3:
Correlate up till the end of 642
Source: J\u002blsGd3zj1qdP\u002bvk0vDRaKyJFde5tCa6spDEy08SNab1hP8j5GTs4j6\u002f\u002bTqOwvxMHEQZLWd\u002btu8NlHJrVAarIQ==|634998513832503642″];
Solution: web_reg_save_param_regexp(“ParamName=SecurityString”,”RegExp=\”([A-Z0-9a-z\\\\+]+==\\|[0-9]+)\”\\];”,LAST);
Result:J\u002blsGd3zj1qdP\u002bvk0vDRaKyJFde5tCa6spDEy08SNab1hP8j5GTs4j6\u002f\u002bTqOwvxMHEQZLWd\u002btu8NlHJrVAarIQ==|634998513832503642

Example 4:
Correlate only “634998513832503642” Source:

<em>J\u002blsGd3zj1qdP\u002bvk0vDRaKyJFde5tCa6spDEy08SNab1hP8j5GTs4j6\u002f\u002bTqOwvxMHEQZLWd\u002btu8NlHJrVAarIQ==|634998513832503642"];</em>

Solution:

web_reg_save_param_regexp("ParamName=SecurityString",
    "RegExp=\"[A-Z0-9a-z\\\\+]+==\\|([0-9]+)\"\\];",
    LAST);

Result: 634998513832503642

So what is a Regular Expression?
Also known as regex, a regular expression is a search string which enables matching of a string. Think of it as an advance searching function which can pick out values from a string of multiple characters.

Examples of regex:

  • \d matches a single digit
  • \w matches a single word (including alphanumeric characters and underscore)
  • [A-Z]+ matches any word which is upper case
  • [a-z]+ matches any word which is lower case
  • [0-9]+ matches any numeric value

There are other alternatives to web_reg_save_param_regexp. However these functions are limited and not as flexible.

LB/DIG RB/DIG – # will be a wildcard for a numeric value“session_id_##”

  • Adding LB/IC/DIG will ignore case
  • “LB/IC/DIG=session_id_##=” (e.g. Session_id_20)

LB/ALNUM or RB/ALNUM – ^ will be a wildcard for an alphanumeric value

  • ALNUMIC – ignore case
  • ALNUMLC – match only lower case
  • ALNUMUC – match only upper case

SaveOffSet

  • If there is a dynamic value for a boundary e.g. “session_id_2” (3,4,5)
  • SaveOffSet = 2 (to cover “2=”)
  • Web_reg_save_param(“SessionID”, “LB=session_id_”, “RB=\””, “SaveOffSet=2”, LAST);

LR implementation

  • PERL based
  • LR 11 does not support multiple capture groups however this is now supported in LR 11.52 (example below)

Example Multiple Capture Groups
Source: rows”:[[“NW,RO,RA”,”DLY”,”10/07/2011″,”10/17/2011″,”10/01/2011″,”RA”,”Y”,”FR”,”AMEA”,”AC”,”1945″,”50″,”50″,”AC 100IOSH-08″,”UserDefined”,”10/07/2011″,”Reassigned”…”

Solution: web_reg_save_param_regexp(“ParamName=ParamValue”,”RegExp=rows”:\[\[“[^”\r\n]*”,”([A-Z]{3})”,”[^”\r\n]*”,”[^”\r\n]*”,”[^\/]+\/[\d]+?\/2011″,”[A-Za-z]*”,”[^”\r\n]*”,”[^”\r\n]*”,”([^”\r\n]*)”,”[^”\r\n]*”,”([^”\r\n]*)”,LAST);

Result:

  • {ParamValue1} = DLY
  • {ParamValue2} = AMEA
  • {ParamValue3} = 1945
Posted by Lionel Lim in Hewlett Packard Enterprise, Tech Tips, 9 comments

Problems recording HTTPS with VuGen

Recently a client had an urgent request to monitor a HTTPS URL due to poor availability and performance. No problem, give me the URL and I’ll have the monitor set up and running in 10 minutes. However, a simple task turned into an investigation of Vugen certificates and Windows security patching.

For any HTTPS request Vugen would not show any events after code generation and the recording browser would show:

The recording environment was:

  • Vugen 11.04
  • Windows XP
  • Internet Explorer 7

As HTTPS requests worked from normal browsing the problem pointed towards a Certificate issue somewhere between Vugen and the requested site. Investigation discovered that a recent Windows Security patch (http://support.microsoft.com/kb/2661254) now blocks all RSA certificates less than 1024 bits long.

This is a problem for Vugen as it uses RSA private key of length 512 bits in files wplusCA.crt and wplusCAOnly_.crt.

Note: In Vugen 11.50 these files are called 1.wplusCA_Expiration_2020.crt and wplusCAOnly_Expiration_2020.crt.

You can find the Vugen certificates in the following directory:

<LoadRunner installation folder>\bin\certs\

Fortunately HP are aware of the problem and have issued the following critical updates to increase the private key length to 2048 bits:

Note you will need a valid HP Support account to download these patches.

Posted by David Batty in Tech Tips, 7 comments

Asynchronous Communication: Scripting For Cognos

A recent client engagement presented me with an interesting challenge when scripting for a performance test of Cognos (version 10.1). Cognos uses asynchronous communication between the client and Cognos server; which is essentially polling by the client to the server, to determine the progress of a report being generated. Rather than making a request and waiting patiently for the server to return the generated report, the client will send a separate request every few seconds until the report is returned. Anyone who has driven on a family holiday with children yelling “are we there yet” will be familiar with this.

So what this means from a scripting perspective is that your script needs to be quite dynamic for 3 reasons:

  1. You need to cater for fast response times, which will only require 1 request per step
  2. You need to cater for long response times once the load increases, which will require a variable number of requests per step
  3. You need to cater for correlation and text checks when the complete response comes through, however you’ll never know which request to register them for.

During a report request step, the client (VuGen) will typically make 2 types of requests; a ‘run’ or ‘wait’ request, and the server will respond with one of 3 types of status; ‘working’, ‘stillworking’ or ‘complete’. The request type can be identified by the request parameter ‘ui.action’, which will be in the body of the request:

web_custom_request("cognosisapi.dll_5_WaitLoop",
   "URL=http://{pServerName}/cognos/cgi-bin/cognosisapi.dll",
   "Method=POST",
   "TargetFrame=",
   "Resource=0",
   "RecContentType=text/plain",
   "Referer=http://{pServerName}/cognos/...&amp;ui.action=run&amp;ui.object...
   "Snapshot=t8.inf",
   "Mode=HTML",
   "Body=…cv.actionState={actionstate_Type1_1}&amp;ui.action=wait&amp;ui.object=...
   LAST);

(Be careful not to confuse this with the ui.action of the ‘Referer’ item in the request)

The response status will be near the start of the response after the text ‘status’. This can display enclosed in either quotation marks, or the words “quot”, so if you don’t find one, search for the other:

"status": "working",

or:

&amp;quot;status&amp;quot;: &amp;quot;working&amp;quot;,

As mentioned above, this relates specifically to Cognos v10.1, I’m know it is also true for version 8, and I believe this is the same if not similar to other versions (don’t hold me to this).

In order for your script to cater for each of the above points, every step that incorporates some sort of report generation e.g. not logins or navigation, will require the original ‘run’ request, as well as the ability to run 1 or more ‘wait’ requests, depending on the response status. A new request is sent around every 3 seconds:

Client request (ui.action) Traffic Server Response (status)
Request with   immediate response:
run Request a report
Report is returned complete
Request with 1   wait cycle:
run Request a report
Generating report… working
wait Waiting for report
Report is returned complete
Request with   many wait cycles:
run Request a report
Generating report… working
wait Waiting for report
Still generating report… stillworking
wait Still waiting for report
Still generating report… stillworking
*Repeat until report is returned
wait Still waiting for report
Report is returned complete

When recording the script initially, you will need to ensure that each ‘run’ request will also generate at least 1 ‘wait’ request, so that you can capture this and duplicate it as needed. As the requests send about every 3 seconds, this means you need to ensure that each request will take at least 3 seconds while recording. This can be done by changing the following config settings on the cognos server/s:

  1. In each instance of Cognos, locate a file called rsvpproperties.xml.sample in the “configuration” directory.
  2. Rename it to rsvpproperties.xml
  3. Using an editor, uncomment, and edit the AsynchWaitOverride property within the file like so: <property>AsynchWaitOverride</property> <value type=”long”>-3</value>
  4. Restart Cognos

What this setting does is “sleeps” the initial run request for 1 second longer than the value of AsynchWaitOverride, which forces the async conversation to begin for at least one cycle. To change this setting back rename the rsvpproperties.xml back to rsvpproperties.xml.sample, and re-comment the AsynchWaitOverride property within the file. (Ensure you change the setting back after recording the script!)

Now that you’ve captured a ‘run’ request and at least 1 ‘wait’ request for each step, you can go through each step and apply some logic and functions that will enable you to remove all of the extra (2nd and more) ‘wait’ request that you may have initially recorded. In your script, as the complete response could come back after the first ‘run’ request, you need to assess whether this has happened or not, and if not, continue executing the ‘wait’ response until it does. The pseudo code should look something like this:

  • Set web_reg_save_param(ResponseStatus)
  • Get Report (ui.action=run)
  • If ResponseStatus != “Complete” Then
    • Do Until ResponseStatus = “Complete”
      • Set web_reg_save_param(ResponseStatus)
      • Get Report (ui.action=wait)
      • Loop
    • End If

This caters for fast or slow response times, however there is still the issue of correlation and text checks that may or may not appear after each request. My quick and nasty solution was to register all possible correlation and text checks before every request, but to use SaveCount for web_reg_find, and set “Notfound=warning” for each web_reg_save_param to stop the script from failing whenever a value is not found.

To ensure each step has been successfully however, a combined assessment of the response status returning as ‘complete’ as well as a web_reg_find SaveCount of ‘>0’ needs to pass. By including these concepts, the above pseudo code now looks like this for each step:

  • Set web_reg_save_param(ResponseStatus)
  • Set web_reg_save_param(AllPossibleCorrelations)
  • Set web_reg_find(StepSuccessfulSaveCount)
  • Get Report (ui.action=run)
  • If ResponseStatus != “Complete” Then
    • Do Until ResponseStatus = “Complete”
      • Set web_reg_save_param(ResponseStatus)
      • Set web_reg_save_param(AllPossibleCorrelations)
      • Set web_reg_find(StepSuccessfulSaveCount)
      • Get Report (ui.action=wait)
      • Loop
    • End If
    • If StepSuccessfulSaveCount = 0 Then
      • Lr_error_message(“Response returned ‘complete’, but was not successful”)
    • End If

Now obviously this is going to get a bit messy listing all these ‘web_reg…’ steps for every report-generating step in your script, so the obvious solution is to create functions to handle this. As I was a bit under the pump, I only had time to create functions to handle the status and web_reg_find assessment as it’s identical every time. I’d imagine that the whole process could be built into functions with variable information passing in as parameters to tidy things up a bit though.

This function was used to grab the status of each response, using a function just made the script a bit tidier as I was using it several times for every request:

void GetResponseStatus()
{
   web_reg_save_param_ex(
   "ParamName=ResponseStatus",
   "LB=status&amp;quot;: &amp;quot;",
   "RB=&amp;quot;, ",
   "Notfound=warning",
   SEARCH_FILTERS,
   "Scope=Body",
   "IgnoreRedirections=Yes",
   "RequestUrl=*/cognosisapi.dll*",
   LAST);
}

This function was called after every request, to assess if the response is still working. If the response is complete, it then assesses if the previously defined web_reg_find was successful:

void CheckResponseAndSuccess()
{
   if (strcmp(lr_eval_string("{ResponseStatus}"), “complete”) != 0){
      lr_output_message("**** Still Working response ****");
   }
 
   if (strcmp(lr_eval_string("{ResponseStatus}"), “complete”) == 0){
      if (atoi(lr_eval_string("{WebRegFindSuccessful}")) &gt; 0){
         lr_output_message("**** WebRegFind Successful ****");
      } else{
           lr_error_message("**** WebRegFind Failed!! ****");
      }
   }
}

As the text for each web_reg_find will be variable, ideally this could be passed into the two functions as a parameter. This would allow you to include the web_reg_find in the first function, as well as report the string that wasn’t found in the second function for more accurate error reporting.

Posted by Adam Reincke in Tech Tips, 2 comments

How to fix common VuGen recording problems

One of the problems that occurs on occasion when using VuGen, are problems with Internet Explorer when starting a recording of a Web HTTP/HTML protocol script.

These problems can manifest in different ways; for example, a hanging or unresponsive IE window; a windows error message; or a VuGen crash.
Continue reading →

Posted by Nick Wilton in Tech Tips, 66 comments

Monitoring Active Directory accounts with HP BAC

Lately we’ve had an annoying problem of an Active Directory (AD) account that is used for our HP Business Process Monitor (BPM) scripts getting locked at random times. Because it’s an intermittent problem, it’s hard to track down where the request is coming form.

I wasn’t getting alerted straight away of login failure because of how slowly the AD replication works at the site I was on. The account will keep on working for most BPM’s for up to a day after the original failure and alerts don’t get sent out until it’s too late to check the domain controller logs for the original lock.

One of the Active Directory sysadmins sent me a Microsoft program called lockoutstatus.exe. This tool queries the domain controllers and reports on if the account is locked out and for how long it has been locked out. Unfortunatly this only lets you check the problem re-actively instead of proactively. So I thought that maybe we could monitor the lockout status by using a BPM, recorded in the LDAP recording protocol.

Recording lockoutstatus.exe showed many hits other DCs as well as additional search functions, but we’re just interested in the bind (mldap_logon_ex function) and the search query (mldap_search_ex function). The “SaveAsParam=True” in the mldap_search_ex function saves the LDAP directory entries as parameters, the one that we’re interested in is {mldap_attribute_lockoutTime_1}.

This attribute is the amount in seconds since the account was locked. So if its not 0 we can fail the transaction and have BAC alert on this. We had some spare transactions in our BAC prod environment, while we worked out the problem, but this might be able to be deployed as a SiteScope VuGen script too if you have a stand alone SiteScope server and are short on BPM licenses.

Here is the code I used:

You will need to put these lines into your globals.h file if you’re creating a script from scratch (this will be done automatically if you do a record using LDAP protocol script):

#include "mic_mldap.h"
MLDAP mldap1;

Put this code into your Action.c or main block and modify the lr_save_string parameters to suit your environment:

Action()
{
      int Locktime;
 
      lr_start_transaction("LDAP Login and search");
 
	  lr_save_string("myaccount", "LDAPUser");  // AD account that's authorised to search AD
	  lr_save_string(lr_decrypt("4fc861406e270d5297cb2c4097f8"), "LDAPPass"); // Password for account
	  lr_save_string("dc01.mydomain.com.au", "DCmachine"); // FQDN of the domain controller
	  lr_save_string("lockoutaccount", "SearchUser");  // Account that's being monitored for lockout
	  lr_save_string("mydomain.com.au", "SearchUserDomain");  // Domain for the account that's being monitored for lockout
 
      mldap1 = 0;
 
	// Logon to Active Directory or LDAP
 
      mldap_logon_ex(&amp;mldap1,
                     "LdapLogon",
                     "URL=ldap://{LDAPUser}:{LDAPPass}@{DCmachine}",
                     "Version=3",
                     LAST);
	// Execute seach
 
      mldap_search_ex(&amp;mldap1,
                      "LdapSearch",
                      "Base=CN={SearchUser},OU=Service Accounts,OU=Security Principles,DC={SearchUserDomain},DC"
                      "=subdomain,DC=client,DC=com,DC=au",
                      "Scope=Base",
                      "SaveAsParam=True",
                      "Filter=(objectClass=*)",
                      LAST);
 
      lr_end_transaction("LDAP Login and search", LR_AUTO);
      lr_start_transaction("Account not locked");
 
      Locktime = atoi(lr_eval_string("{mldap_attribute_lockoutTime_1}"));
 
      if (Locktime != 0) {
                       lr_output_message("\n\n Account is locked out \n\n");
                       lr_fail_trans_with_error("Account locked out for %s seconds", lr_eval_string("{mldap_attribute_lockoutTime_1}"));
      }
 
      lr_end_transaction("Account not locked", LR_AUTO);
 
	  /* you can put this part outside of the transaction block to save yourself a transaction
	     because we don't care too much if it doesn't logoff gracefully  */
      mldap_logoff_ex(&amp;mldap1);
 
      return 0;
}

You can gather a large amount of useful information from Active directory using the LDAP protocol. Some other possible applications for the LDAP protocol in VuGen are:

  • monitor accounts which need to have their passwords changed a few weeks beforehand
  • monitor password resets of sensitive accounts
  • generating reports from active directory

 

Posted by Ryan Castles in Tech Tips, 0 comments

Changing LoadRunner/VuGen log options at runtime

LoadRunner has a whole bunch of logging options. These can be specified in your script’s runtime settings, or specified in your script’s code with lr_set_debug_message(). There are some gotchas when changing your logging options with a C function call, so I have written some functions that will be helpful.
Continue reading →

Posted by Stuart Moncrieff in Tech Tips, 4 comments

LoadRunner in Windows 7

IMPORTANT UPDATE:
HP Loadrunner 11 is now available. This new version now natively supports Windows 7 and Windows Server 2008. I recommend upgrading to this version for full Windows 7 integration, and Internet Explorer 8 support. The below article refers to earlier Loadrunner releases.

Windows 7 has finally been released, and I’ve had the pleasure to install the latest retail release. Whilst the application support for Windows 7 is quite good, I have to unfortunately report that at this time, HP Loadrunner 9.5 does not work at all as a native Windows 7 application.
Continue reading →

Posted by Nick Wilton in Tech Tips, 13 comments