NRPE on Redhat EL 6.6 Could not complete SSL handshake

[dlukinski]

Hello XI Support

Test RedHat EL 6.6 server with NRPE (and NCPA) installed

all NRPE checks produce same "CHECK_NRPE: Error - Could not complete SSL handshake." messages

Thank you,
Dimitri

[hsmith]

How did you install NRPE?

If you used our fullinstall script, can you check the /etc/xinetd.d/nrpe file and make sure that the proper host is allowed?

If you didn't use our NRPE installation script, please let us know how it was installed.

[dlukinski]

How did you install NRPE?

If you used our fullinstall script, can you check the /etc/xinetd.d/nrpe file and make sure that the proper host is allowed?

If you didn't use our NRPE installation script, please let us know how it was installed.

Yes these are the proper hosts and we've used NRPE agent from your assets

[hsmith]

Assets has both an NRPE that you install from source, and one that does a fullinstall script. Do you know which one was ran?

[dlukinski]

Assets has both an NRPE that you install from source, and one that does a fullinstall script. Do you know which one was ran?

./fullinstall

[hsmith]

From the Nagios XI server, can you run this command and post the output here?

/usr/local/nagios/libexec/check_nrpe -H <YOURIPHERE> -n

[dlukinski]

From the Nagios XI server, can you run this command and post the output here?

/usr/local/nagios/libexec/check_nrpe -H <YOURIPHERE> -n

[root@fikc-nagxidev01 ~]# /usr/local/nagios/libexec/check_nrpe -H 10.102.36.62 -n
CHECK_NRPE: Error receiving data from daemon.
[root@fikc-nagxidev01 ~]#

no matter if iptables running or not

[lmiltchev]

Run the following commands and show us the output:

On the client (remote box):

Code: Select all

ps axuw | grep nrpe
netstat -at | grep nrpe
service xinetd status
iptables -nL | grep 5666
grep only_from /etc/xinetd.d/nrpe

On the Nagios XI server:

Code: Select all

ip addr | grep global | grep -m 1 'inet' | awk '/inet[^6]/{print substr($2,0)}' | sed 's|/.*||'
/usr/local/nagios/libexec/check_nrpe -H <client ip>
nmap <client ip> -p 5666

[dlukinski]

Run the following commands and show us the output:

On the client (remote box):

Code: Select all

ps axuw | grep nrpe
netstat -at | grep nrpe
service xinetd status
iptables -nL | grep 5666
grep only_from /etc/xinetd.d/nrpe

On the Nagios XI server:

Code: Select all

ip addr | grep global | grep -m 1 'inet' | awk '/inet[^6]/{print substr($2,0)}' | sed 's|/.*||'
/usr/local/nagios/libexec/check_nrpe -H <client ip>
nmap <client ip> -p 5666

------------------------------------------------
Must be permissions again (I use sudo)

-client part
[lukindi@fihp-rheltst01 ~]$ sudo ps axuw | grep nrpe
lukindi 48232 0.0 0.0 103252 848 pts/0 S+ 17:26 0:00 grep nrpe
[lukindi@fihp-rheltst01 ~]$ sudo netstat -at | grep nrpe
tcp 0 0 *:nrpe *:* LISTEN
[lukindi@fihp-rheltst01 ~]$ service xinetd status
/etc/init.d/xinetd: line 46: /etc/sysconfig/xinetd: Permission denied
xinetd (pid 36004) is running...
[lukindi@fihp-rheltst01 ~]$ iptables -nL | grep 5666
WARNING: Failed to open config file vmware-tools.conf: Permission denied
iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
[lukindi@fihp-rheltst01 ~]$ grep only_from /etc/xinetd.d/nrpe
only_from = 127.0.0.1 10.96.30.40 10.102.36.162 10.102.36.163
[lukindi@fihp-rheltst01 ~]$

-XI part
login as: root
[email protected]'s password:
Last login: Thu Apr 7 17:43:05 2016 from 8cg50903k0.res.kcg.global
[root@fikc-nagxiprod01 ~]# ip addr | grep global | grep -m 1 'inet' | awk '/inet[^6]/{print substr($2,0)}' | sed 's|/.*||'
10.x.x.162
[root@fikc-nagxiprod01 ~]# /usr/local/nagios/libexec/check_nrpe -H 10.102.36.62
NRPE v2.15
[root@fikc-nagxiprod01 ~]# nmap 10.102.36.62 -p 5666

Starting Nmap 6.47 ( http://nmap.org ) at 2016-04-07 17:47 UTC
Nmap scan report for 10.102.36.62
Host is up (0.00049s latency).
PORT STATE SERVICE
5666/tcp open nrpe
MAC Address: 00:50:56:A5:35:49 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds
[root@fikc-nagxiprod01 ~]#

[lmiltchev]

[root@fikc-nagxiprod01 ~]# /usr/local/nagios/libexec/check_nrpe -H 10.102.36.62
NRPE v2.15

It seems like you are able to run check_nrpe against the client machine successfully...

Try running the "Linux Server" wizard against the same machine. Enter "10.102.36.62" in the "IP Address" field in Step 1, and select "RedHat Enterprise" from the "Linux Distribution" drop-down menu. Click "Next", "Next", "Finish".

Are the checks on the newly created host still failing?