CHECK_NRPE: Error - Could not complete SSL handshake
CHECK_NRPE: Error - Could not complete SSL handshake
Hi,
Can i get a little bit help here?
I'm configuring now check_http plugin on my Solaris producation machine (ssbpech01)
the command running prefactly from the server itself:
root@ssbpech01:/apps/nagios/libexec# pwd
/apps/nagios/libexec
root@ssbpech01:/apps/nagios/libexec# ./check_http --ssl -H 10.146.1.38 -p 8443 -u /echos/SSB -s ECHOS -t 20
HTTP OK: HTTP/1.1 200 OK - 3535 bytes in 0.685 second response time |time=0.684777s;;;0.000000 size=3535B;;;0
but on the dashboard for this service i got:
ECHOS EP1 URL CRITICAL 01-31-2017 12:02:43 1d 3h 42m 19s 3/3 CHECK_NRPE: Error - Could not complete SSL handshake.
please see my services.cfg for this:
define service{
use generic-service
host_name ssbpech01
service_description ECHOS EP1 URL
contact_groups nagios-admins
check_command check_nrpe!check_http
check_period 24x7_except_maintenance
notification_period 24x7_except_maintenance
check_interval 1
}
root@ssbpech01:/apps/nagios/libexec# /apps/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
root@ssbpech01:/apps/nagios/libexec# netstat -a | grep nrpe
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55156 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpech01.46479 49152 0 49152 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55218 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55228 14720 0 50316 0 ESTABLISHED
*.nrpe *.* 0 0 49152 0 LISTEN
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55070 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55080 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55096 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55098 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55118 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55126 14720 0 50316 0 TIME_WAIT
root@ssbpech01:/apps/nagios/libexec#
Can you please help me here? dont understand why in the dashborad i got differnet expirance?
Can i get a little bit help here?
I'm configuring now check_http plugin on my Solaris producation machine (ssbpech01)
the command running prefactly from the server itself:
root@ssbpech01:/apps/nagios/libexec# pwd
/apps/nagios/libexec
root@ssbpech01:/apps/nagios/libexec# ./check_http --ssl -H 10.146.1.38 -p 8443 -u /echos/SSB -s ECHOS -t 20
HTTP OK: HTTP/1.1 200 OK - 3535 bytes in 0.685 second response time |time=0.684777s;;;0.000000 size=3535B;;;0
but on the dashboard for this service i got:
ECHOS EP1 URL CRITICAL 01-31-2017 12:02:43 1d 3h 42m 19s 3/3 CHECK_NRPE: Error - Could not complete SSL handshake.
please see my services.cfg for this:
define service{
use generic-service
host_name ssbpech01
service_description ECHOS EP1 URL
contact_groups nagios-admins
check_command check_nrpe!check_http
check_period 24x7_except_maintenance
notification_period 24x7_except_maintenance
check_interval 1
}
root@ssbpech01:/apps/nagios/libexec# /apps/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
root@ssbpech01:/apps/nagios/libexec# netstat -a | grep nrpe
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55156 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpech01.46479 49152 0 49152 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55218 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55228 14720 0 50316 0 ESTABLISHED
*.nrpe *.* 0 0 49152 0 LISTEN
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55070 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55080 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55096 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55098 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55118 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55126 14720 0 50316 0 TIME_WAIT
root@ssbpech01:/apps/nagios/libexec#
Can you please help me here? dont understand why in the dashborad i got differnet expirance?
Last edited by katya on Tue Jan 31, 2017 12:13 pm, edited 1 time in total.
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Page 3, Section III of https://assets.nagios.com/downloads/nag ... utions.pdf covers that error.
Are you using xinetd? If so, can you post the contents of /etc/xinetd.d/nrpe? Please remove sensitive info as necessary.
Are you using xinetd? If so, can you post the contents of /etc/xinetd.d/nrpe? Please remove sensitive info as necessary.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
HI im not using xinted im using nrpe service
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Can you post your /usr/local/nagios/etc/nrpe.cfg from Solaris?
Also, did you go through the troubleshooting guide (https://assets.nagios.com/downloads/nag ... utions.pdf)? If so, I don't want to repeat those steps. Thanks!
Also, did you go through the troubleshooting guide (https://assets.nagios.com/downloads/nag ... utions.pdf)? If so, I don't want to repeat those steps. Thanks!
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Hi,
of course i checked in the procedure before asked you
but the solution not helped me.
this is my nrpe.cfg configurtion:
of course i checked in the procedure before asked you
but the solution not helped me.
this is my nrpe.cfg configurtion:
- Attachments
-
- nrpe.cfg
- nrpe.cfg
- (10.68 KiB) Downloaded 347 times
Re: CHECK_NRPE: Error - Could not complete SSL handshake
What happens if you run /apps/nagios/libexec/check_nrpe -H 10.146.1.38 -n from the Nagios machine? It looks like all teh SSL parts are commented out.
Additionally. from the client side, please run something similar to what I've posted against your NRPE binary, this will show us what SSL it's compiled with -
Additionally. from the client side, please run something similar to what I've posted against your NRPE binary, this will show us what SSL it's compiled with -
Code: Select all
[root@centos7 etc]# /usr/local/nagios/bin/nrpe
NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
Former Nagios Employee
-
- Posts: 3
- Joined: Fri Sep 23, 2016 2:31 am
Re: CHECK_NRPE: Error - Could not complete SSL handshake
I had similar problem with ssl handshake like yours.
http://sharadchhetri.com/2013/06/11/how ... t-command/
Try to fallow instructions fom step 1 to 5 and check if it is working. It was helpfull to me.
http://sharadchhetri.com/2013/06/11/how ... t-command/
Try to fallow instructions fom step 1 to 5 and check if it is working. It was helpfull to me.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
from Nagios machine:
-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
from the client side:
root@ssbpech01:/# /apps/nagios/bin/nrpe
NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
TCP Wrappers Available
***************************************************************
** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **
** Read the NRPE SECURITY file for more information **
***************************************************************
Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>
Options:
-n = Do not use SSL
<config_file> = Name of config file to use
-4 = use ipv4 only
-6 = use ipv6 only
<mode> = One of the following operating modes:
-i = Run as a service under inetd or xinetd
-d = Run as a standalone daemon
-d -s = Run as a subsystem under AIX
Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios. It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.
-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
from the client side:
root@ssbpech01:/# /apps/nagios/bin/nrpe
NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
TCP Wrappers Available
***************************************************************
** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **
** Read the NRPE SECURITY file for more information **
***************************************************************
Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>
Options:
-n = Do not use SSL
<config_file> = Name of config file to use
-4 = use ipv4 only
-6 = use ipv6 only
<mode> = One of the following operating modes:
-i = Run as a service under inetd or xinetd
-d = Run as a standalone daemon
-d -s = Run as a subsystem under AIX
Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios. It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
rkennedy wrote:What happens if you run /apps/nagios/libexec/check_nrpe -H 10.146.1.38 -n from the Nagios machine? It looks like all teh SSL parts are commented out.
Please run it with the -n to specify no SSL.-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
Former Nagios Employee
Re: CHECK_NRPE: Error - Could not complete SSL handshake
check_nrpe from Nagios machine:
-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38 -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.
-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38 -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.