Could not complete SSL handshake error on Solaris 10 client
Could not complete SSL handshake error on Solaris 10 client
Nagios Team,
We have installed Nagios client on Solaris 10 machine as per attached procedure. But, we are getting error "CHECK_NRPE: Error - Could not complete SSL handshake."
We checked the document http://assets.nagios.com/downloads/nagi ... utions.pdf : Section III thoroughly.
We have tried everything except reinstalling nrpe with SSL option. We are not aware how to uninstall nrpe 2.14 from Solaris 10 machine and try reinstall using SSL option.
Please advice us on how to go about from here.
Below is the output from nagios server and client.
#####################################################################################################
From Solaris client
#####################################################################################################
(nagios@usa0300ux320)/u01/home/nagios-> ps -ef|grep nrpe
nagios 1536 1 0 Sep 11 ? 2:14 /opt/nagios/bin/nrpe -c /etc/nagios/nrpe.cfg -d
nagios 27857 27519 0 05:35:14 pts/10 0:00 grep nrpe
(nagios@usa0300ux320)/u01/home/nagios-> svcs -a|grep nrpe
online Sep_11 svc:/application/nagios/nrpe:default
(nagios@usa0300ux320)/u01/home/nagios-> netstat -an|grep 5666
*.5666 *.* 0 0 49152 0 LISTEN
(nagios@usa0300ux320)/u01/home/nagios-> cat /etc/nagios/nrpe.cfg|grep allowed
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
allowed_hosts=13.129.109.69,127.0.0.1
(nagios@usa0300ux320)/u01/home/nagios-> cat /etc/nagios/nrpe.cfg|grep blame
dont_blame_nrpe=1
# command arguments *AND* the dont_blame_nrpe directive in this
(nagios@usa0300ux320)/u01/home/nagios-> telnet localhost 5666
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection to localhost closed.
(nagios@usa0300ux320)/u01/home/nagios-> cd /opt/nagios/libexec
(nagios@usa0300ux320)/opt/nagios/libexec-> ls -l check_nrpe
-rwxr-xr-x 1 nagios bin 56016 Jan 18 2013 check_nrpe
(nagios@usa0300ux320)/opt/nagios/libexec-> ./check_nrpe -H localhost
CHECK_NRPE: Error - Could not complete SSL handshake.]
#####################################################################################################
From nagios server: 13.129.109.69
#####################################################################################################
-bash-3.2$ telnet usa0300ux320 5666
Trying 13.129.12.64...
Connected to usa0300ux320.apps.mc.xerox.com (13.129.12.64).
Escape character is '^]'.
^]
telnet> quit
Connection closed.
-bash-3.2$ cd /usr/local/nagios/libexec/
-bash-3.2$ ls -l check_nrpe
-rwxrwxr-x 1 nagios nagios 66381 Jan 15 2013 check_nrpe
-bash-3.2$ ./check_nrpe -t 60 -H usa0300ux320
CHECK_NRPE: Error - Could not complete SSL handshake.
-bash-3.2$ ./check_nrpe -n -t 60 -H usa0300ux320
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
-bash-3.2$ nmap 13.129.12.64 -p 5666
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-10-01 06:52 EDT
Interesting ports on usa0300ux320.apps.mc.xerox.com (13.129.12.64):
PORT STATE SERVICE
5666/tcp open unknown
#####################################################################################################
#####################################################################################################
We have installed Nagios client on Solaris 10 machine as per attached procedure. But, we are getting error "CHECK_NRPE: Error - Could not complete SSL handshake."
We checked the document http://assets.nagios.com/downloads/nagi ... utions.pdf : Section III thoroughly.
We have tried everything except reinstalling nrpe with SSL option. We are not aware how to uninstall nrpe 2.14 from Solaris 10 machine and try reinstall using SSL option.
Please advice us on how to go about from here.
Below is the output from nagios server and client.
#####################################################################################################
From Solaris client
#####################################################################################################
(nagios@usa0300ux320)/u01/home/nagios-> ps -ef|grep nrpe
nagios 1536 1 0 Sep 11 ? 2:14 /opt/nagios/bin/nrpe -c /etc/nagios/nrpe.cfg -d
nagios 27857 27519 0 05:35:14 pts/10 0:00 grep nrpe
(nagios@usa0300ux320)/u01/home/nagios-> svcs -a|grep nrpe
online Sep_11 svc:/application/nagios/nrpe:default
(nagios@usa0300ux320)/u01/home/nagios-> netstat -an|grep 5666
*.5666 *.* 0 0 49152 0 LISTEN
(nagios@usa0300ux320)/u01/home/nagios-> cat /etc/nagios/nrpe.cfg|grep allowed
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
allowed_hosts=13.129.109.69,127.0.0.1
(nagios@usa0300ux320)/u01/home/nagios-> cat /etc/nagios/nrpe.cfg|grep blame
dont_blame_nrpe=1
# command arguments *AND* the dont_blame_nrpe directive in this
(nagios@usa0300ux320)/u01/home/nagios-> telnet localhost 5666
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection to localhost closed.
(nagios@usa0300ux320)/u01/home/nagios-> cd /opt/nagios/libexec
(nagios@usa0300ux320)/opt/nagios/libexec-> ls -l check_nrpe
-rwxr-xr-x 1 nagios bin 56016 Jan 18 2013 check_nrpe
(nagios@usa0300ux320)/opt/nagios/libexec-> ./check_nrpe -H localhost
CHECK_NRPE: Error - Could not complete SSL handshake.]
#####################################################################################################
From nagios server: 13.129.109.69
#####################################################################################################
-bash-3.2$ telnet usa0300ux320 5666
Trying 13.129.12.64...
Connected to usa0300ux320.apps.mc.xerox.com (13.129.12.64).
Escape character is '^]'.
^]
telnet> quit
Connection closed.
-bash-3.2$ cd /usr/local/nagios/libexec/
-bash-3.2$ ls -l check_nrpe
-rwxrwxr-x 1 nagios nagios 66381 Jan 15 2013 check_nrpe
-bash-3.2$ ./check_nrpe -t 60 -H usa0300ux320
CHECK_NRPE: Error - Could not complete SSL handshake.
-bash-3.2$ ./check_nrpe -n -t 60 -H usa0300ux320
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
-bash-3.2$ nmap 13.129.12.64 -p 5666
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-10-01 06:52 EDT
Interesting ports on usa0300ux320.apps.mc.xerox.com (13.129.12.64):
PORT STATE SERVICE
5666/tcp open unknown
#####################################################################################################
#####################################################################################################
You do not have the required permissions to view the files attached to this post.
-
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: Could not complete SSL handshake error on Solaris 10 cli
do you have dont_blame_nrpe set to 1 in the nrpe.cfg of the remote system? If not make that change, and restart the daemon, either xinetd or what you are using, then try to run the check command with a -n again.
Re: Could not complete SSL handshake error on Solaris 10 cli
Thanks for your reply.
Yes, we do have dont_blame_nrpe set to 1 in nrpe.cfg on the remote host. The remote host is Solaris 10.
I guess Solaris uses inetd service not xinetd. Am I right?
If that is the case, do we need to restart inetd deamon. We generally restart the below nrpe service but never restarted inetd.
(nagios@usa0300ux320)/u01/home/nagios-> svcs -a|grep nrpe
online Sep_19 svc:/application/nagios/nrpe:default
Yes, we do have dont_blame_nrpe set to 1 in nrpe.cfg on the remote host. The remote host is Solaris 10.
I guess Solaris uses inetd service not xinetd. Am I right?
If that is the case, do we need to restart inetd deamon. We generally restart the below nrpe service but never restarted inetd.
(nagios@usa0300ux320)/u01/home/nagios-> svcs -a|grep nrpe
online Sep_19 svc:/application/nagios/nrpe:default
-
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: Could not complete SSL handshake error on Solaris 10 cli
Well if nrpe is starting as a service itself you should only need to restart that, which is calling the init script itself. Do you have your nagios XI server's address defined in the allowed_from line in the nrpe.cfg? Also, have you tried the direct IP of the Solaris server instead of the address you are using? Does it make a difference? Keep in mind to try all commands with "-n" and without as well.
Re: Could not complete SSL handshake error on Solaris 10 cli
Good insight. Yes, we do have the nagios server IP in allowed_from in nrpe.cfg. Today we have restarted inetd service on the remote host. Now, all manual checks are working fine from default plugin folder on nagios server (did not use -n option). So, finally looking goodslansing wrote:Well if nrpe is starting as a service itself you should only need to restart that, which is calling the init script itself. Do you have your nagios XI server's address defined in the allowed_from line in the nrpe.cfg? Also, have you tried the direct IP of the Solaris server instead of the address you are using? Does it make a difference? Keep in mind to try all commands with "-n" and without as well.
Everything works fine except the command $check_nrpe -H <hostname/IP> from client end (tried -n option, replaced hostname with IP and vice versa) . The same command works fine in nagios server. Just curious to know.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Could not complete SSL handshake error on Solaris 10 cli
Not exactly sure what command you are using because usually you need something likeplakshmi wrote:slansing wrote: Everything works fine except the command $check_nrpe -H <hostname/IP> from client end (tried -n option, replaced hostname with IP and vice versa) . The same command works fine in nagios server. Just curious to know.
Code: Select all
/path/to/check_nrpe -H <hostname/IP>
Code: Select all
$check_nrpe -H <hostname/IP>
Re: Could not complete SSL handshake error on Solaris 10 cli
Yes, you are right.
Thanks for your support.
Thanks for your support.
Re: Could not complete SSL handshake error on Solaris 10 cli
We have Nagios up and running now on the remote host and monitoring has been established.
-
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: Could not complete SSL handshake error on Solaris 10 cli
Excellent, what was the resolution? Incorrect pathing?
Re: Could not complete SSL handshake error on Solaris 10 cli
Restarting inetd service on the remote host resolved the issue.