I am running Nagios XI in production on a CentOS 6.9 server running XI 5.4.13
I used the backup/restore method to put it onto an Ubuntu 18.04.03 box and then updated the version to the latest version.
However, I find the new box has thousands of errors along the lines of CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with x.x.x.x!
I see that the IP of my Nagios server is in the NRPE.cfg files for these systems. So I am slightly at a loss as to how to proceed.
Trouble with NRPE after XI Upgrade
Re: Trouble with NRPE after XI Upgrade
Are you failing to communicate with all NRPE clients? Are the servers you're trying to monitor Windows, or Linux, or just a mix of operating systems?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Trouble with NRPE after XI Upgrade
It is a mix, and some are working and some are not.mbellerue wrote:Are you failing to communicate with all NRPE clients? Are the servers you're trying to monitor Windows, or Linux, or just a mix of operating systems?
For example I have two linux boxes, one is working, and one does not.
The only difference I can see is the working one is running NRPE 3.2.1 and the failing one is 2.15
When I run Check_Nrpe to the failing one I get CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 10.1.2.154: 1
Re: Trouble with NRPE after XI Upgrade
Ah, this starts to come together now. Looks like this was a problem in NRPE sub 3.0.1, with newer versions of OpenSSL.BollaertN wrote:The only difference I can see is the working one is running NRPE 3.2.1 and the failing one is 2.15
When I run Check_Nrpe to the failing one I get CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 10.1.2.154: 1
https://github.com/NagiosEnterprises/nrpe/issues/113
Is it possible to update the older clients?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Trouble with NRPE after XI Upgrade
We're talking hundreds of clients. Is there a quicker workaround solution?
Re: Trouble with NRPE after XI Upgrade
Reading through the thread, it looks like if you run through the enhance security configuration for NRPE, that will allow you to work around the issue. However, that still requires touching all of the clients. The only thing that you could do server side would be to install an older version of OpenSSL, which we highly advise against. But it is an option. Our best estimate is OpenSSL pre-1.1.0.
NRPE Enhanced Security
https://support.nagios.com/kb/article.php?id=519
NRPE Enhanced Security
https://support.nagios.com/kb/article.php?id=519
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!