Connection Refused error with NSClient on Windows Box

[cybergene]

Hi,

I'm setting up nagios Core on AWS and remote hosts are Linux and Windows Servers. I'm able to make the Linux boxes to communicate and be monitored but the windows box is not working as of yet.

I have installed NSClient 0.5.2035, Opened security group for Nagios server adn teh Widnows remote host to talk on 12489 and 5666.
I can ping back and forth between Nagios and the Windows host. Both the Nagios server and the remotes are in the same subnet and should be able to communicate.

But so far, I can't get any of the command to run properly.

Errors from the NSClient Logs

Code: Select all

debug:c:\source\master\modules\CheckExternalScripts\CheckExternalScripts.cpp:67: Using regexp: UNKNOWN
2019-11-04 20:53:59: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: CheckHelpers
2019-11-04 20:53:59: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: CheckSystem
2019-11-04 20:53:59: error:c:\source\master\modules\CheckSystem\CheckSystem.cpp:226: Failed to load: disk_queue_length: Invalid strategy: UNKNOWN
2019-11-04 20:53:59: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: CheckTaskSched
2019-11-04 20:53:59: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: CheckWMI
2019-11-04 20:53:59: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: NRPEServer
2019-11-04 20:53:59: info:c:\source\master\modules\CheckSystem\pdh_thread.cpp:236: Not checking PDH data
2019-11-04 20:53:59: debug:c:\source\master\modules\NRPEServer\NRPEServer.cpp:126: Allowed hosts definition: <nagios_server_ip>
2019-11-04 20:53:59: debug:c:\source\master\modules\NRPEServer\NRPEServer.cpp:127: Server config: address: UNKNOWN:5666, ssl disabled
2019-11-04 20:54:02: error:B:\master\x64\dist\modules\NRPEServer\module.cpp:37: Exception in Failed to load NRPEServer: : resolve: No such host is known
2019-11-04 20:54:02: error:c:\source\master\service\plugin_manager.cpp:230: Plugin refused to load: NRPEServer
2019-11-04 20:54:02: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: NSCAClient
2019-11-04 20:54:02: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: NSClientServer
2019-11-04 20:54:02: debug:c:\source\master\modules\NSClientServer\NSClientServer.cpp:86: Allowed hosts definition: 10.108.8.8(255.255.255.255)
2019-11-04 20:54:04: error:c:\source\master\modules\NSClientServer\NSClientServer.cpp:105: Exception in start: resolve: No such host is known
2019-11-04 20:54:04: error:c:\source\master\service\plugin_manager.cpp:230: Plugin refused to load: NSClientServer
2019-11-04 20:54:04: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: Scheduler
2019-11-04 20:54:04: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: WebServer

If I try to run check_nrpe from Nagios Server I get :

Code: Select all

./check_nrpe -H <remote_server_ip>
connect to address <remote_server_ip> port 5666: Connection refused
connect to host <remote_server_ip> port 5666: Connection refused

If I try check_nt , I get the same for port 12489

Nagios Server UI is showing the following error for the host services:

Code: Select all

connect to address <IP> and port 12489: Connection refused
could not fetch information from server

Any help is appreciated.

Thanks!

[mbellerue]

The NSClient checks (e.g. check_nt) will communicate over port 12489 (though sometimes I've seen the port configured to just 1248) by default. The check_nrpe command will go over port 5666 by default. I just want to make sure we're absolutely clear that there is a separation between normal NSClient checks and NRPE checks on NSClient. This causes a lot of confusion.

That being said, given the option between the two, I would recommend the NRPE checks. If you're open to other options, I would recommend our NCPA client, as NSClient is a 3rd party product.
https://www.nagios.org/ncpa/

If you want to keep going with NSClient, then I would say double check that your Windows firewall is either off, or allowing traffic on port 5666 (specifically from your Nagios server, if this server has an internet addressable IP). If that's in place, then check your nsclient.ini file, and make sure that the NRPE server is enabled. By default it isn't. I'm attaching my nsclient.ini file so you can have an example to go off of.

[cybergene]

Thanks for clarifying the difference. I used to install NSClient and through that I use the check_nt with proper arguments and all worked before for me. From what I understand from you is that I can use pure check_nrpe commands over NSClient if I set it's port to 5666 instead of 12489 (This is what I see in the init file you sent me).

I'm comfortable going with both,but if you recommend using check_nrpe ONLY, what is required to be done? and what do I need to change?

Windows Firewall is OFF on this windows box.
AWS SG for this box allow 5666 and 12489 from and to Nagios Server.

This is what I have in my nsclient.init file which is different from yours.

Code: Select all

[/settings/NRPE/server]

; Undocumented key
verify mode = none

; Undocumented key
insecure = true

; PORT NUMBER - Port to use for NRPE.
port = 5666

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = false

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = yes

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

I'm going to try out NCPA and let you know how that goes!

[mbellerue]

You might also try telnet to verify that you can get to port 5666 on the Windows machine. From your Nagios server just do, telnet WindowsIP 5666 and if you get a message saying you're connected to the IP address, then you're definitely in. If you get a message saying connection refused, then we're getting blocked somewhere.

Or you can try nmap. nmap -Pn WindowsIP -p 5666

[cybergene]

Good news and Bad news,

The bad new is that I still can't connect to the Windows box over 5666, tried what @@mbellerue mentioned, still nothing.


The good news:

i tried NCPA and it seems to work with the configuration from https://www.nagios.org/ncpa/getting-sta ... monitoring and using port 5693.

I have a question about the ncpa config, please check if the <nagios_server_IP> in the attached is placed properly.

And can I use NRPE commands withNCPA?

[mbellerue]

Yes the <nagios_server_IP> should be assigned to the allowed_hosts variable, much like you have it there. Except remove the # from the start of that line. Anything to the right of a # will not be parsed.

[cybergene]

Thanks for checking. I was wondering how it worked without the allowed_hosts enabled.

Anyways, it works now and thank you very much for the help!

[scottwilkerson]

Thanks for checking. I was wondering how it worked without the allowed_hosts enabled.

Anyways, it works now and thank you very much for the help!

Great!

Locking thread