Page 1 of 3

check_nrpe operations on windows

Posted: Thu Jul 26, 2018 2:22 pm
by Pierogi
I currently have a Nagios 4.2.0 server in production and monitoring our Microsoft Exchange environment. It is monitoring all critical services but I'd like to start running some scripts as well for more information, like the amount of items in the mail queues. As I understand it, I need "check_nrpe" commands to work.

To test whether it works, I try the command below and get the current results:

/usr/local/nagios/libexec/check_nrpe -H 10.192.3.172
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

I've made a number of changes in the nsclient.ini but none seem to fix it.

Does anyone have a good idea of where to focus to resolve this?

Re: check_nrpe operations on windows

Posted: Fri Jul 27, 2018 12:14 pm
by scottwilkerson
Can you share your nsclient.ini and version?

Re: check_nrpe operations on windows

Posted: Mon Jul 30, 2018 1:33 pm
by Pierogi
Please see attached.

Running version .5.2035

I have another install where I made a lot of changes to the ini file but still same results. I can share that as well.

Re: check_nrpe operations on windows

Posted: Mon Jul 30, 2018 1:47 pm
by scottwilkerson
See page 2-4 of this doc on how to enable the listener
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Re: check_nrpe operations on windows

Posted: Fri Aug 10, 2018 1:58 pm
by Pierogi
Will do. I started the process about a week ago but that particular client stopped working when I ran the first command so I'll see what errors I get and find what changed. Be back shortly!

Re: check_nrpe operations on windows

Posted: Fri Aug 10, 2018 2:24 pm
by lmiltchev
Let us know if you have any more questions.

Re: check_nrpe operations on windows

Posted: Wed Aug 15, 2018 12:02 am
by Pierogi
So I've run through the article and getting the same result:

./check_nrpe -H 10.192.3.173
CHECK_NRPE: Received 0 bytes from daemon.

Below is the debug info from the client.

2018-08-15 00:59:05: debug:c:\source\master\include\nrpe/server/protocol.hpp:92: Accepting connection from: 10.192.0.7, count=1
2018-08-15 00:59:05: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2018-08-15 00:59:05: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.

I'll keep diving into the SSL communication but hit a wall with this earlier. Any insight is appreciated.

Re: check_nrpe operations on windows

Posted: Wed Aug 15, 2018 9:26 am
by lmiltchev
Add the following two lines to the nsclient.ini file under the [/settings/NRPE/server] section:

Code: Select all

allowed ciphers = ALL:!MD5:@STRENGTH
verify mode = none
and restart the nsclient service.

Let us know if this fixed your issue.

Re: check_nrpe operations on windows

Posted: Wed Aug 15, 2018 10:32 am
by Pierogi
Thanks lmiltchev.

So I opened the nsclient.ini file on Windows node 10.192.3.173, went to the [/settings/NRPE/server] section.

"verify mode = none" was there from following the previously mentioned article.

I added "allowed ciphers = ALL:!MD5:@STRENGTH" under the same section, saved and restarted the nsclient++ monitoring agent service.

On the Nagios server, I navigated "/usr/local/nagios/libexec$" and ran "./check_nrpe -H 10.192.3.173"

I got the same result: CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.

In the client log, I also see the same thing:

2018-08-15 11:25:47: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2018-08-15 11:25:47: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.

Re: check_nrpe operations on windows

Posted: Wed Aug 15, 2018 2:34 pm
by lmiltchev
I just noticed that you have the following line in the nsclient.ini file:

Code: Select all

insecure = false
Change it to:

Code: Select all

insecure = true
save, exit, and restart the nsclient service.

Did this help?