Random SSL handshake failure with nrpe on SunOS

[gereebl]

Hi!

We have several hosts which throws "CHECK_NRPE: Error - Could not complete SSL handshake with" alerts randomly. In most of the time we can't see any issue, but in rare cases, we get this alert.

We have tried some workaround based on other requests, but none of them worked so far.
We also tried to enable debug log, but it didn't showed anything just the error line, that the SSL handshake has failed.

OS version: SunOS 5.11 11.3
Nrpe package is: CSWnrpe with version 3.2.1
SSL package: CSWlibssl1-0-0 with version 1.0.1u

Please help us, as a lot of false alerts are generated now because of this issue.

[ssax]

Do you have multiple nagios servers?

Please PM me a copy of your profile, you can download it from Admin > System Profile > Download Profile.

Additionally, let us know a couple of hostnames that are experiencing the issue.

Do you receive that on all of the services during the times you're having issues or just some of them?

Please attach the output of these commands run from a non-working SunOS server:

Code: Select all

svcs | grep "nrpe"
svcs -xv nrpe
ps aux | grep nrpe

[gereebl]

Hi!

No, we have only one NagiosXI server.

Hostnames look like this pattern: [a-z][a-z][a-z]-[a-z][a-z][a-z]-[a-z][a-z]-[A-Z][A-Z]

We receive this error from various services, not just one.

Output of the commands:

Code: Select all

-bash-4.4$ svcs | grep "nrpe"
online         Dec_18   svc:/network/cswnrpe:default
-bash-4.4$ svcs -xv nrpe
svcs: Pattern 'nrpe' doesn't match any instances
-bash-4.4$ ps aux | grep nrpe
nagios   19880  0.1  0.0 6128 2800 ?        S   Dec 18 75:24 /opt/csw/bin/nrpe
nagios    3125  0.0  0.1 8928 5896 pts/1    S 06:21:38  0:00 grep nrpe
-bash-4.4$

About the System Profile: Can you help me how I can send it to you?

Thank you for your help!

[ssax]

Please post the output of this command:

Code: Select all

svcs -xv cswnrpe

Please download your profile by logging into the Nagios XI web interface and go to Admin > System Profile > Download Profile, then click the Download Profile button.

Then click my forum username and click the "Send private message", at the bottom select your profile and then click the "Add the file" button, then click the Submit button.

[gereebl]

This is the output you've requested:

Code: Select all

-bash-4.4$ svcs -xv cswnrpe
svc:/network/cswnrpe:default (?)
 State: online since December 18, 2018 06:26:00 AM CET
   See: /var/svc/log/network-cswnrpe:default.log
Impact: None.

I'll send you the system profile also.
Thank you!

[ssax]

Are you seeing anything in this log that could be related?

Code: Select all

/var/svc/log/network-cswnrpe:default.log

[gereebl]

No. The last entry is more than 1 month old, that it was started.
Nothing relevant is there for this issue.

[ssax]

Please enable debug logging by editing your nrpe.cfg then restart the NRPE service, then let it run and see what the debug log shows when those errors occur.

[gereebl]

We did that one already, so if we can find any clue where to search further, but only such lines are logged around the errors:

Code: Select all

[1547672654] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1
[1547672681] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1
[1547672683] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1
[1547672691] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1

Other lines in the log only show the successful requests.

[ssax]

Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:

https://support.nagios.com/tickets/