CHECK_NRPE: Error - Could not complete SSL handshake

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
amitgupta19
Posts: 286
Joined: Fri Sep 08, 2017 5:53 am

CHECK_NRPE: Error - Could not complete SSL handshake

Post by amitgupta19 »

I have installed the Nagios Core on Cent OS.

I am trying to monitor a windows server 2012, using the NSClient++ ---Version--05.2.35 .

I have followed the process to enable the NRPE Listener for the NSClient.
But when i run the following command from the Nagios Server:

./check_nrpe -H xxx.xxx.xxx.xxx
I gets the below Error.
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx : 1

nsclient.ini file is attached for your referrence.
Attachments
nsclient.ini
(1.36 KiB) Downloaded 1732 times
amitgupta19
Posts: 286
Joined: Fri Sep 08, 2017 5:53 am

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by amitgupta19 »

Can anyone please look into it?
jomann
Development Lead
Posts: 611
Joined: Mon Apr 22, 2013 10:06 am
Location: Nagios Enterprises

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by jomann »

It looks like you have insecure set twice in the NRPE section of your nsclient.ini file. Is that on purpose? It sets it to true up top and then false down below. Depending on the version of OpenSSL on the check_nrpe side it may not be able to connect.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
amitgupta19
Posts: 286
Joined: Fri Sep 08, 2017 5:53 am

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by amitgupta19 »

I have deleted the 1 instance of the insecure.

Restarted the NSClient. Still same error.
User avatar
lmiltchev
Former Nagios Staff
Posts: 13587
Joined: Mon May 23, 2011 12:15 pm

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by lmiltchev »

I have deleted the 1 instance of the insecure.
Which line do you currently have in the config?

Code: Select all

insecure = true
or

Code: Select all

insecure = false
Does your command work when you use the "-2" flag?

Code: Select all

./check_nrpe -H xxx.xxx.xxx.xxx -2
Be sure to check out our Knowledgebase for helpful articles and solutions!
amitgupta19
Posts: 286
Joined: Fri Sep 08, 2017 5:53 am

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by amitgupta19 »

I have the following line
insecure= true

i tried with following command as well, but still the same error:

[xxxxx@-------libexec]$ sudo ./check_nrpe -H xxx.xxx.xxx.xxx -2
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1
User avatar
lmiltchev
Former Nagios Staff
Posts: 13587
Joined: Mon May 23, 2011 12:15 pm

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by lmiltchev »

Comment out these two lines in the nsclient.ini, so that they will look like this:

Code: Select all

; ssl options = no-sslv2,no-sslv3
; verify mode = peer-cert
Add the following line under the [/settings/NRPE/server] section:

Code: Select all

allowed ciphers = ALL:!MD5:@STRENGTH
and restart the nsclient++ service.

Is your check working now?
Be sure to check out our Knowledgebase for helpful articles and solutions!
amitgupta19
Posts: 286
Joined: Fri Sep 08, 2017 5:53 am

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by amitgupta19 »

Yes it is working Now.

Thanks for the Help.
amitgupta19
Posts: 286
Joined: Fri Sep 08, 2017 5:53 am

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by amitgupta19 »

I am trying to monitor the Physical memory on the windows server using the following command:

sudo ./check_nrpe -H 172.16.5.180 -p 5666 -c CheckMEM -a MaxWarn=80% MaxCrit=90% ShowAll type=physical

When i run the command manually from the nagios server, it is giving the following error:

++++++++++++++++++++++++++++++++++++++++++++++++++++
[XXXXXXXXX@XXXXXXXX libexec]$ sudo ./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c CheckMEM -a MaxWarn=80% MaxCrit=90% ShowAll type=physical
[sudo] password for xxxxxx:
Unknown command(s): checkmem

+++++++++++++++++++++++++++++++++++++++++++++++++++++

Do i need to do any configuration on the windows server so that command can run without any error?
User avatar
lmiltchev
Former Nagios Staff
Posts: 13587
Joined: Mon May 23, 2011 12:15 pm

Re: CHECK_NRPE: Error - Could not complete SSL handshake

Post by lmiltchev »

Try enabling the disabled modules in the nsclient.ini. Currently, you have:

Code: Select all

; Undocumented key
CheckExternalScripts = disabled

; Undocumented key
CheckHelpers = disabled

; Undocumented key
CheckNSCP = disabled

; Undocumented key
CheckDisk = disabled

; Undocumented key
CheckSystem = disabled

; Undocumented key
CheckEventLog = disabled
Change "disabled" to "enabled", restart the nsclient++ service, and try your check again. If this doesn't work, post the entire nsclient.log file on the forum. Thanks!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked