Page 1 of 3
CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Thu Jul 12, 2018 10:17 am
by amitgupta19
I have installed the Nagios Core on Cent OS.
I am trying to monitor a windows server 2012, using the NSClient++ ---Version--05.2.35 .
I have followed the process to enable the NRPE Listener for the NSClient.
But when i run the following command from the Nagios Server:
./check_nrpe -H xxx.xxx.xxx.xxx
I gets the below Error.
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx : 1
nsclient.ini file is attached for your referrence.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Fri Jul 13, 2018 5:22 am
by amitgupta19
Can anyone please look into it?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Fri Jul 13, 2018 12:56 pm
by jomann
It looks like you have insecure set twice in the NRPE section of your nsclient.ini file. Is that on purpose? It sets it to true up top and then false down below. Depending on the version of OpenSSL on the check_nrpe side it may not be able to connect.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Tue Jul 17, 2018 7:56 am
by amitgupta19
I have deleted the 1 instance of the insecure.
Restarted the NSClient. Still same error.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Wed Jul 18, 2018 1:04 pm
by lmiltchev
I have deleted the 1 instance of the insecure.
Which line do you currently have in the config?
or
Does your command work when you use the "-2" flag?
Code: Select all
./check_nrpe -H xxx.xxx.xxx.xxx -2
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Thu Jul 19, 2018 7:07 am
by amitgupta19
I have the following line
insecure= true
i tried with following command as well, but still the same error:
[xxxxx@-------libexec]$ sudo ./check_nrpe -H xxx.xxx.xxx.xxx -2
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Thu Jul 19, 2018 9:56 am
by lmiltchev
Comment out these two lines in the nsclient.ini, so that they will look like this:
Code: Select all
; ssl options = no-sslv2,no-sslv3
; verify mode = peer-cert
Add the following line under the [/settings/NRPE/server] section:
Code: Select all
allowed ciphers = ALL:!MD5:@STRENGTH
and restart the nsclient++ service.
Is your check working now?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Mon Jul 23, 2018 7:04 am
by amitgupta19
Yes it is working Now.
Thanks for the Help.
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Mon Jul 23, 2018 7:51 am
by amitgupta19
I am trying to monitor the Physical memory on the windows server using the following command:
sudo ./check_nrpe -H 172.16.5.180 -p 5666 -c CheckMEM -a MaxWarn=80% MaxCrit=90% ShowAll type=physical
When i run the command manually from the nagios server, it is giving the following error:
++++++++++++++++++++++++++++++++++++++++++++++++++++
[XXXXXXXXX@XXXXXXXX libexec]$ sudo ./check_nrpe -H xxx.xxx.xxx.xxx -p 5666 -c CheckMEM -a MaxWarn=80% MaxCrit=90% ShowAll type=physical
[sudo] password for xxxxxx:
Unknown command(s): checkmem
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Do i need to do any configuration on the windows server so that command can run without any error?
Re: CHECK_NRPE: Error - Could not complete SSL handshake
Posted: Mon Jul 23, 2018 9:13 am
by lmiltchev
Try enabling the disabled modules in the nsclient.ini. Currently, you have:
Code: Select all
; Undocumented key
CheckExternalScripts = disabled
; Undocumented key
CheckHelpers = disabled
; Undocumented key
CheckNSCP = disabled
; Undocumented key
CheckDisk = disabled
; Undocumented key
CheckSystem = disabled
; Undocumented key
CheckEventLog = disabled
Change "disabled" to "enabled", restart the nsclient++ service, and try your check again. If this doesn't work, post the entire nsclient.log file on the forum. Thanks!