Nagios Support Forum

Hi,

I'm using the Nagios XI 2012R2.2
I have a problem with the below command:

$USER1$/check_esx3 -D 'easy-forex-production' -u '$USER11$' -p '$USER12$' -N $ARG1$ -l runtime -s status

the "$" is taken from "resource.cfg" file.
when I run the "test check command" from the GUI it always returns:
"UTPUT: CHECK_ESX3 CRITICAL - Error: Cannot complete login due to an incorrect user name or password"

when I run it from the linux cli entering the credentials manually, it works fine:
"/usr/local/nagios/libexec/check_esx3 -D 'abcdefg' -u 'aaabbb\cccddd' -p 'passpass' -N NTP -l runtime -s status
"CHECK_ESX3 OK - "NTP" overall status=green"

On a daily bases, most of the time, when the check is schedule, it's returning OK state (even thought that error from the GUI).
but sometimes it just returns that error and can happen simultaneously on any of my services using that method.
when it's happening on a schedule, it returns to OK state on the next schedule command.

Note that I have tried several cases on the command and on the cfg file with ",',before the $, after the $, with none, etc ..... but none of this helps.
I'm using the most updated check_esx plugin and also tried to downgrade it.

Do you have an idea ?
I have many commands which uses the cfg file and I don't want to start and edit them manually to fix that.

Thanks

ok, to get us started let's verify a few things.

Do you in fact have the user and password defined in the resources.cfg?
Are you using local vmware credentials or AD integrated accounts?
What are the permissions on your resources.cfg? (ll /usr/local/nagios/etc/resources.cfg)

Hi,

I have the user & password defined in the cfg file:
$USER11$='domain\user'
$USER12$='the_password'

I'm using AD domain admin account.
these are the permissions:

[root@nagios etc]# ls -lhtr | grep resource
-rwxrwxr-x 1 apache nagios 406 Oct 1 07:40 resource.cfg


Thanks

The "test check command" option will fail as the check, when run as a test, runs as user "apache" and does not have access to the resource.cfg $USERn$ macros. It sounds as if the check works when scheduled *most* of the time. How many retries are configured on the check?

abrist wrote:The "test check command" option will fail as the check, when run as a test, runs as user "apache" and does not have access to the resource.cfg $USERn$ macros. It sounds as if the check works when scheduled *most* of the time. How many retries are configured on the check?

in addition to what Andy said, when testing it from command line, do you test it with as user nagios? That is the user it would be run as when nagios runs the check. That might shed some light on the issue (doubt it does, but just in case).

Additionally to what both of these two have said, check_esx4, often if not always, will not work with domain authentication and instead needs a local vmware account. I would highly suggest at least creating one for testing to see if that is the issue.

Hi,

Some corrections, the CLI command doesn't work neither from root or nagios users, it works only when I insert the credentials manually without the variables:

[root@nagios libexec]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@nagios libexec]# ./check_esx3 -D 'easy-forex-production' -u $USER11$ -p $USER12$ -H esx3.ezfxproduction.com -l runtime -s status
CHECK_ESX3 CRITICAL - Error: Cannot complete login due to an incorrect user name or password.

[nagios@nagios libexec]$ id
uid=500(nagios) gid=100(users) groups=100(users),500(nagios),501(nagcmd)
[nagios@nagios libexec]$ ./check_esx3 -D 'easy-forex-production' -u $USER11$ -p $USER12$ -H esx3.ezfxproduction.com -l runtime -s status
CHECK_ESX3 CRITICAL - Error: Cannot complete login due to an incorrect user name or password.

also tried to give the cfg file 777 permissions.

I can use an Authentication file which will work from CLI on both users and from the TCC as well:

./check_esx3 -D 'easy-forex-production' -f /usr/local/nagios/scripts/vm_login.txt -N NTP -l runtime -s status
CHECK_ESX3 OK - "NTP" overall status=green

but I don't think non of these are relevant to the problem because my retry interval is not more then 5 minutes and as I said, it can work fine for 2,3 days then suddenly to give that login error.

Do you know what can suddenly happen ?
I guess I'll change meanwhile all my checks to work with an Authentication file and see how it goes.
if not I'll try that esx4 plugin you offered.

Thanks

Great. Just a note, the $USERn$ macros will not work from the cli as the checks must be run through the nagios daemon for the macros to be replaced.

Hi,

regarding the "incorrect user name or password..." just wanted to update that this was resolved by restarting the "vCenter Single Sign On Service" service on vmware vcenter

Thanks

Great! Any other related issues, or can we lock this thread?