NRPE not working (SSL-Handshake)

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
freakazoid
Posts: 9
Joined: Wed Oct 10, 2018 10:35 am

NRPE not working (SSL-Handshake)

Post by freakazoid »

Hi,

I am using Ubuntu Server 18.04 and have installed Nagios Core 4.4.2 (following this manual https://www.itzgeek.com/how-tos/linux/u ... 16-04.html).
and NRPE (following this manual https://www.itzgeek.com/how-tos/linux/c ... ios-3.html)
IP: x.x.x.3/24 (same subnet as Windows Example host)


Moreover I have Windows 2016 Server which is my example host. On this Win-Server I have installed NSCP-0.5.2.35-Win32.msi.
IP: x.x.x.20/24 (same subnet as Nagios Server)
My nsclient.ini is attached to this post.

The check_nt-checks are working fine.

Problem:
I am not able to use nrpe-checks.
Error-messages:

NAGIOS-WEBFRONTEND
"CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with x.x.x.20: 1"

NAGIOS-Server
"check_nrpe -H x.x.x.20"
--> CHECK_NRPE (ssl_err !=5) Error - could not complete SSL handshake with x.x.x.20:1"

I reinstalled this server 3 times and checked several nsclient-configurations but it didn't work.

Can anyone help me please? I am thankful for any ideas / suggestions

best wishes,
freakazoid
Attachments
nsclient.ini
nsclient.ini
(1.18 KiB) Downloaded 483 times
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: NRPE not working (SSL-Handshake)

Post by scottwilkerson »

I think in your [/settings/NRPE/server] section you want to add

Code: Select all

use ssl = 1
Then restart nsclient++
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
freakazoid
Posts: 9
Joined: Wed Oct 10, 2018 10:35 am

Re: NRPE not working (SSL-Handshake)

Post by freakazoid »

Thanks for the super fast reply.

I added "use ssl = 1" to the ini-file on the windows host.

When I check on the nagios-server ("check_nrpe -H <IP>.20"), I receive the same error message:

"CHECK_NRPE: (ssl_err !=5) Error - Could not complete SSL handshae with <IP>.20: 1"

Any other ideas?

best wishes,
freakazoid
freakazoid
Posts: 9
Joined: Wed Oct 10, 2018 10:35 am

Re: NRPE not working (SSL-Handshake)

Post by freakazoid »

I added
level = debug
And did a "Check_nrpe -H <IP>"

I received this in the logs
eroor:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: sslv3 alert handshake failure 1040
freakazoid
Posts: 9
Joined: Wed Oct 10, 2018 10:35 am

Re: NRPE not working (SSL-Handshake)

Post by freakazoid »

Hi,

are there any ideas / any suggestions?

Can anyone tell me how to analyze the problem so that I can find a solution by myself?

Thanks in advance.

Best wishes,
freakazoid
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE not working (SSL-Handshake)

Post by tgriep »

Edit the nsclient.ini file again and under this section

Code: Select all

[/settings/NRPE/server]
Add these options.

Code: Select all

ssl options = 
allow arguments = true
allow nasty characters = true
port = 5666
extended response = 1
Save the changes and restart the nsclient++ agent and let us know it this works.

Without the enpty ssl option settings, I think the Nsclient++ agent is selecting an incompatible ssl setting for the plugin.
The other options are needed for accepting arguments, etc...
Be sure to check out our Knowledgebase for helpful articles and solutions!
freakazoid
Posts: 9
Joined: Wed Oct 10, 2018 10:35 am

Re: NRPE not working (SSL-Handshake)

Post by freakazoid »

Thank you for your response.

I added the lines to the ini-file, yet the response is still the same

Code: Select all

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with <HOST_IP>: 1 
Do you need any other information?
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE not working (SSL-Handshake)

Post by tgriep »

Can you post the nsclient.ini file and the nsclient.log file from this folder on the Windows system?

Code: Select all

C:\Program Files\NSClient++
Thanks
Be sure to check out our Knowledgebase for helpful articles and solutions!
freakazoid
Posts: 9
Joined: Wed Oct 10, 2018 10:35 am

Re: NRPE not working (SSL-Handshake)

Post by freakazoid »

Thank you for your Reply.

Attached the two needed files.
Attachments
nsclient.log
(82.72 KiB) Downloaded 439 times
nsclient.ini
(1.32 KiB) Downloaded 574 times
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NRPE not working (SSL-Handshake)

Post by tgriep »

I would reinstall the check_nrpe plugin on the Nagios server using the following source installation instructions.

https://support.nagios.com/kb/article.php?id=515

At the bottom of the page, look for the following section.
Installing The Nagios Plugins

I feel that the plugin you currently have installed, may not have SSL enabled so it will have to be recompiled.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked