connect to address ... and port 12489 connection refused

[scottwilkerson]

If you so not see results running

Code: Select all

netstat -an | find "12489"

You may need to verify the NSClient++ service is running.

If it is running, we are going to need you to share the nsclient.ini from the C:\Program Files\NSClient++ directory

[inform]

If you so not see results running

Code: Select all

netstat -an | find "12489"

You may need to verify the NSClient++ service is running.

If it is running, we are going to need you to share the nsclient.ini from the C:\Program Files\NSClient++ directory

The service is running.

The nsclient.ini is already here on my second post.

thanks alot for trying to help me.

almir

[npolovenko]

@inform, your log file NSClient log file tells me that you might have a firewall related issue. Is there a possibility to turn off the firewall during this troubleshooting process? Then restart the NSClient++ service from the windows services menu. Also, before you do that can you change these lines in your ini file:

Code: Select all

; Undocumented key
CheckDisk = disabled

; Undocumented key
CheckSystem = disabled

to

Code: Select all

CheckDisk = enabled

; Undocumented key
CheckSystem = enabled

Let us know if that fixes the problem.

[inform]

@inform, your log file NSClient log file tells me that you might have a firewall related issue. Is there a possibility to turn off the firewall during this troubleshooting process? Then restart the NSClient++ service from the windows services menu. Also, before you do that can you change these lines in your ini file:

Code: Select all

; Undocumented key
CheckDisk = disabled

; Undocumented key
CheckSystem = disabled

to

Code: Select all

CheckDisk = enabled

; Undocumented key
CheckSystem = enabled

Let us know if that fixes the problem.

i changed the two options to enabled and then restarted the NSClient service, but still the same error.

Windows Firewall on my exchange server is desactivated. i still checked in the allowed programs of the firewall and i saw NSClient ++, then i stoped the firewall service but i still have the same problem.

I got a fortigate firewall, but that should not make any problems.

i turned off my eset antivirus to...

[npolovenko]

@inform, Let's try this. Make a copy of your nsclient.ini file somewhere. Then delete all the content from the original file and paste the following configuration:

Code: Select all

# If you want to fill this file with all available options run the following command:
#   nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
#   nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help


; TODO
[/settings/default]

; Undocumented key
password = 6540636

; Undocumented key
allowed hosts = 127.0.0.1,::1,10.0.0.174

; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = 1

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30


; TODO
[/modules]

; Undocumented key
CheckHelpers = 1

; Undocumented key
CheckEventLog = 1

; Undocumented key
CheckNSCP = 1

; Undocumented key
CheckSystem = 1

; Undocumented key
NSClientServer = 1

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1


; A set of options to configure the real time checks
[/settings/system/windows/real-time]


; Configure which services has to be in which state
[/settings/system/windows/service mapping]


; TODO
[/settings/system/windows/counters/default]


; TODO
[/settings/system/windows/counters]


; TODO
[/settings/log/file]


; TODO
[/settings/log]

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = debug

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log


; TODO
[/settings/system/windows]

; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h


; TODO
[/settings/external scripts/scripts/default]

; IGNORE PERF DATA - Do not parse performance data from the output
ignore perfdata = 1


; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]
check_windows_time = check_windows_time.bat.pool.ntp.org $ARG1$ $ARG2$

; TODO
[/settings/external scripts/alias]


; TODO
[/settings/eventlog/real-time/filters/default]

; EMPTY MESSAGE - The message to display if nothing matches the filter (generally considered the ok state).
empty message = eventlog found no records

; MAGIMUM AGE - How long before reporting "ok". If this is set to "false" no periodic ok messages will be reported only errors.
maximum age = 5m


; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]


; TODO
[/settings/eventlog/real-time]

; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m

; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = 0

; LOGS TO CHECK - Comma separated list of logs to check
log = application,system

; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0


; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
restart_service = scripts\restart_service.bat "$ARG1$"
check_windows_time=scripts\check_windows_time.bat $ARG1$

; TODO
[/settings/external scripts/alias/default]


; TODO
[/settings/shared session]


; TODO
[/settings/crash]

; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP

; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${crash-folder}

; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true

; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post

; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true


; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]


; TODO
[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0

; PORT NUMBER - Port to use for check_nt.
port = 12489

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = 1


; TODO
[/settings/external scripts]

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true


; TODO
[/paths]

; Path for shared-path - 
shared-path = C:\Program Files\NSClient++

; Path for module-path - 
module-path = ${shared-path}/modules

; Path for crash-folder - 
crash-folder = ${shared-path}/crash-dumps

; Path for exe-path - 
exe-path = C:\Program Files\NSClient++

; Path for certificate-path - 
certificate-path = ${shared-path}/security

; Path for base-path - 
base-path = C:\Program Files\NSClient++


; Files to be included in the configuration
[/includes]


; TODO
[/settings/eventlog]

; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0

; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = 1

; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072


; TODO
[/settings/external scripts/wrappings]

; BATCH FILE WRAPPING - 
bat = scripts\\%SCRIPT% %ARGS%

; VISUAL BASIC WRAPPING - 
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%

; POWERSHELL WRAPPING - 
ps1 = cmd /c echo If (-Not (Test-Path "scripts\%SCRIPT%") ) { Write-Host "UNKNOWN: Script `"%SCRIPT%`" not found."; exit(3) }; scripts\%SCRIPT% $ARGS$; exit($lastexitcode) | powershell.exe /noprofile -command -


; TODO
[/settings/NRPE/server]

; PORT NUMBER - Port to use for NRPE.
port = 5666

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = 1

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 1

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true

; Undocumented key
veryify mode = none

; Undocumented key
ssl options = 

; Undocumented key
verify mode = 

When done, restart your NSClient++ service from the windows services menu.
On your XI machine run

Code: Select all

service nagios restart
service httpd restart

And then do the forced check for all services on that host from the XI web interface.

[inform]

You did it! This solved 95% of the issues i had! Thanks alot.

As soon as i copied what you send me into my nsclient.ini and restarted the NSClient service. and forced chcked at XI web page, everthing started to work.

Only issues i got are these on my screenshoot

Would you please help me for that to?

[npolovenko]

@inform, Glad that it worked! Now as far as Exchnage Core Services. I think by default it tries to monitor all ever known exchange services on your host. Here's the list:

Code: Select all

MSExchangeADTopology,MSExchangeAntispamUpdate,MSExchangeDagMgmt,MSExchangeDelivery,MSExchangeDiagnostics,MSExchangeEdgeSync,MSExchangeFastSearch,MSExchangeFrontEndTransport,MSExchangeHM,MSExchangeImap4,MSExchangeIMAP4BE,MSExchangeIS,MSExchangeMailboxAssistants,MSExchangeMailboxReplication,MSExchangePop3,MSExchangePOP3BE,MSExchangeRepl,MSExchangeRPC,MSExchangeServiceHost,MSExchangeSubmission,MSExchangeThrottling,MSExchangeTransport,MSExchangeTransportLogSearch,MSExchangeUM,MSExchangeUMCR

Looks like if atleast one of these services is down the whole check goes into critical. So my advise is to modify this check to monitor only important services, the ones that you know for sure are actually running on your Exchange Server.
Your check result might even give you more info on which services are down if you click on it. And read the whole Status information paragraph.

Also, with IMAP and POP, are they set up and running on your server? Because the plugin says that their default ports are closed.

Code: Select all

https://support.prolateral.com/index.php?/Knowledgebase/Article/View/179/35/what-ports-does-ms-exchange-use

If you are actually running them, can you check your configuration to make sure you aren't using, for example, IMAP/SSL 993, and POP3/SSL ports?

With OWA HTTP service check, it checks the specified http path and returns OK if it's up and exists. You might want to change the default /exchange/ to some reachable webpage. Like /index/

Code: Select all

check_xi_service_http! -H centos7x64 -f ok -I yourIP -u "/exchnage/"

check_pdh. This plugin is using a counter, and I think some new versions of Exchange do not have it by default. Search windows for performance monitor. Then go to monitoring tools/select performance monitor. Then right-click on the empty graph space on your screen and choose "Add counters". Look in a drop-down list for "SMTP Server\Remote Queue Length counter" and "SMTP Message Pending Routing". Good chance that you don't actually have them on your system.

Finally, go to core configuration manager and delete services that you're not using.

Let us know if you have any other questions.

[inform]

@inform, Glad that it worked! Now as far as Exchnage Core Services. I think by default it tries to monitor all ever known exchange services on your host. Here's the list:

Code: Select all

MSExchangeADTopology,MSExchangeAntispamUpdate,MSExchangeDagMgmt,MSExchangeDelivery,MSExchangeDiagnostics,MSExchangeEdgeSync,MSExchangeFastSearch,MSExchangeFrontEndTransport,MSExchangeHM,MSExchangeImap4,MSExchangeIMAP4BE,MSExchangeIS,MSExchangeMailboxAssistants,MSExchangeMailboxReplication,MSExchangePop3,MSExchangePOP3BE,MSExchangeRepl,MSExchangeRPC,MSExchangeServiceHost,MSExchangeSubmission,MSExchangeThrottling,MSExchangeTransport,MSExchangeTransportLogSearch,MSExchangeUM,MSExchangeUMCR

Looks like if atleast one of these services is down the whole check goes into critical. So my advise is to modify this check to monitor only important services, the ones that you know for sure are actually running on your Exchange Server.
Your check result might even give you more info on which services are down if you click on it. And read the whole Status information paragraph.

Thanks that solved it.

@inform
With OWA HTTP service check, it checks the specified http path and returns OK if it's up and exists. You might want to change the default /exchange/ to some reachable webpage. Like /index/

Code: Select all

check_xi_service_http! -H centos7x64 -f ok -I yourIP -u "/exchnage/"

It still don't work, any other idea?

[npolovenko]

@inform, Do you have HTTP service set up on your server? If you put your server's IP address/exchange/ in the web browser, would you see a web page? In other words, do you have any live web pages that run on the server?

[inform]

@inform, Do you have HTTP service set up on your server? If you put your server's IP address/exchange/ in the web browser, would you see a web page? In other words, do you have any live web pages that run on the server?

yes : https://10.0.0.6/owa/auth/logon.aspx?re ... 6%2fowa%2f

with https but i get an certifate error, but it still work if i ignore that.