CHECK_NRPE: Error -: Conn

[shamrozkadiwal]

I am not able to monitor nagios client servers. However, I have already check networking side and everything looks good to me.
When I google, I found that there is an SSL issue. I already checked that SSL got enabled while installation. Not sure what else should I look into.

Code: Select all

ubuntuadmin@iusa-lin-db01:/etc/default$ sudo systemctl status nrpe.service
● nrpe.service - Nagios Remote Plugin Executor
   Loaded: loaded (/lib/systemd/system/nrpe.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-01-26 00:20:03 CST; 4 days ago
     Docs: http://www.nagios.org/documentation
 Main PID: 1285 (nrpe)
    Tasks: 1
   Memory: 3.2M
      CPU: 76ms
   CGroup: /system.slice/nrpe.service
           └─1285 /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -f

Jan 26 00:20:03 iusa-lin-db01 systemd[1]: Started Nagios Remote Plugin Executor.
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Starting up daemon
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Server listening on 0.0.0.0 port 5666.
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Server listening on :: port 5666.
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Warning: Daemon is configured to accept command arguments from clients!
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Listening for connections on port 5666
Jan 26 00:20:04 iusa-lin-db01 nrpe[1285]: Allowing connections from: 127.0.0.1,45.55.251.117
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$ telnet 45.55.251.117 5666
Trying 45.55.251.117...
Connected to 45.55.251.117.
Escape character is '^]'.
Connection closed by foreign host.
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$
ubuntuadmin@iusa-lin-db01:/etc/default$ /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1
NRPE v3.2.1
ubuntuadmin@iusa-lin-db01:/etc/default$ /usr/local/nagios/libexec/check_nrpe -H 45.55.251.117
CHECK_NRPE: Error - Could not connect to 45.55.251.117: Connection reset by peer
ubuntuadmin@iusa-lin-db01:/etc/default$

Installation from this source:
https://support.nagios.com/kb/article.php?id=515#Ubuntu

[shamrozkadiwal]

so this is what I found in /var/log/syslog...
/etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem --> this cert is located on the Nagios server (not client)

Code: Select all

Jan 30 10:51:45 iusa-lin-db01 systemd[1]: Started Session 334 of user ubuntuadmin.
Jan 30 10:54:10 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 10:54:25 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 10:55:41 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=0 SSL-error=5
Jan 30 10:58:33 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:09:01 iusa-lin-db01 CRON[16180]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
Jan 30 11:12:38 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:12:54 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:17:01 iusa-lin-db01 CRON[16252]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Jan 30 11:19:58 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-error=5
Jan 30 11:39:01 iusa-lin-db01 CRON[16335]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: Stopping Nagios Remote Plugin Executor...
Jan 30 11:41:41 iusa-lin-db01 nrpe[1285]: Caught SIGTERM - shutting down...
Jan 30 11:41:41 iusa-lin-db01 nrpe[1285]: Daemon shutdown
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: Stopped Nagios Remote Plugin Executor.
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: Started Nagios Remote Plugin Executor.
Jan 30 11:41:41 iusa-lin-db01 nrpe[16418]: Error: could not use certificate file [b]/etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem[/b] : error:02001002:system library:fopen:No such file or directory
Jan 30 11:41:41 iusa-lin-db01 nrpe[16418]: Error: could not use certificate file /etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem : error:20074002:BIO routines:FILE_CTRL:system lib
Jan 30 11:41:41 iusa-lin-db01 nrpe[16418]: Error: could not use certificate file /etc/letsencrypt/live/monitor.theismailiusa.org/cert.pem : error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: nrpe.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: nrpe.service: Unit entered failed state.
Jan 30 11:41:41 iusa-lin-db01 systemd[1]: nrpe.service: Failed with result 'exit-code'.
Jan 30 11:42:07 iusa-lin-db01 check_nrpe: Error: (nerrs = 0)(!log_opts) Could not complete SSL handshake with 45.55.251.117: rc=-1 SSL-erro

[dwhitfield]

Please provide the nrpe.cfg and any included configs from the remote host. Also, please provide the command and service definitions from the nagios side. On what OS/version is Core running?

I see you are running NRPE 3.2.1. What version of check_nrpe are you running?

Does the check run if you add -n to the end of it?

[shamrozkadiwal]

Could you please delete my post? I have figured it out the issue my own.

[dwhitfield]

I believe you should be able to delete the post yourself. Certainly, you can edit them.

That said, it would be great if you could share the solution with other forum members.