CHECK_NRPE: Error - Could not complete SSL handshake

[Mitchell]

I am using NRPE_NT client on a windows server machine to monitor all windows hosts in my enviornment. I am using CHECK_NRPE on nagios XI to monitor windows hosts using the NRPE_NT on this server.
The setup works fine. I have around 320 hosts monitored using this this way with 3 service check each host (total 950) with 10 min frequency.

Monitor used to fail once in a while with following errors. After bouncing the nrpe_nt service, and restarting nagios process on nagios XI server, the errors used to go away.

CHECK_NRPE: Error - Could not complete SSL handshake.

Connection refused or timed out

Now these errors has become very frequent and do not go away even after bounce. Please let me know what additional details you need to further look into it.
Mostly these errors appear for many monitors together and do not stick to specific monitors. For example, you would see 10 monitors failed with the same error at exact same time (e.g. 5:06 AM) and in next run after 10 min they will return to OK state. Then after some time another bunch of monitors would fail with same pattern and will clear in next run.

It gives a feeling that some sort of bottlenect happens every time we see those failures, which releases eventually and monitor returns to good state.

Thanks
Ashish

[lmiltchev]

Have you tried increasing the timeout value? There should be a flag "-t". I believe the default value is set at 10 sec.

[Mitchell]

yes. I am already using 60 seconds.

[jtata]

I've experienced this, I was exceeding the # of connections allowed in the NRPE daemon on my remote hosts. You need to add per_source = UNLIMITED to /etc/xinetd.d/nrpe. The following article describes in detail: http://www.agitated.net/blog/?p=399

[scottwilkerson]

jata,

Thanks for sharing this experience.

[Mitchell]

Thank you Jata,

I am using windows on the remote side (nrpe_nt) . I tried researching if there is a connection limit in windows 2003 but could not find anything. is there anything on windows side?

thanks
Ashish

[yancy]

if your looking to use SSL, use check_nrpe on the windows side instead of check_nt. I don't think check_nt supports SSL but instead uses a configured password.

http://library.nagios.com/library/produ ... h-nsclient

[Mitchell]

I believe nrpe_nt supports SSL http://exchange.nagios.org/directory/Ad ... NT/details
It works fine all the time except the intermittent failures.

[yancy]

oops yes, Your right, NRPE_NT does support SSL.

Thanks for the link. I downloaded this on Windows 2003 and was able to get it to return information from Nagios.

[root@CENT6_x64_IP_79 libexec]$ ./check_nrpe -H 192.168.5.155
NRPE_NT v0.8b/2.0
[root@CENT6_x64_IP_79 libexec]$

Looks like the following DLLs are required:
ssleay32.dll
libeay32.dll

I added the IP address of Nagios to nrpe.cfg:
allowed_hosts=192.168.5.157

and also enabled arguments:
dont_blame_nrpe=1

then installed as a service, and started.

[jtata]

Have you tried just adding the per_source=UNLIMITED to your nrpe.cfg file?