Nagios Support Forum

I randomly get the error:

CHECK_NRPE: Error - Could not complete SSL handshake

This seems to be able to happen on just about any check. It will happen just once, and then will green up on the next check. Because of this error, I've had to configure each service to re-check after 15 seconds when it comes back with a non-OK state, and will only send an email alert after 2 consecutive failed checks.

Any idea why this would be happening? What can I do to rectify this? Seems like it could be a resource issue on either the server being monitored, or the NagiosXI server itself. However, according to all the CPU/Memory/swap checks, there aren't any issues.

Occassionally there is an issue when the OpenSSL installs are not of the same version. Check the version on both items with openssl and then typing version at the openssl prompt. Also, you might try install openssl-devel on both machines.

Thanks for the reply.

I checked the version of openssl and on both servers it is 0.9.8e-fips-rhel5 01 Jul 2008

Also, openssl-devel is installed on both boxes. It is version openssl-devel-0.9.8e-12.el5_5.7

Could this be due to too many checks running too frequently?

This seems to be happening more often than I originally thought.

How many hosts is this happening across? Can you see if their logs are showing anything interesting?

Which plugins in particular are you using?

This has happened intermittently on just about all of our Linux hosts. However, there is one in particular that seems to have it happen a lot more than the others.

I scaled back how often some of the checks happen on that server (from every 30 seconds to every minute) and that seems to have alleviated the symptoms, at least for now.

Which logs would have pertinent information?

ok, probably a stupid question, but how do I verify which version of NRPE I have installed on these hosts?

Resource based, interesting. The first place I would check would be /var/mail/root for things going awry. But if it is indeed resource based, are these servers synced up as far as time goes?

Edit:

/usr/local/nagios/libexec/check_nrpe -H localhost

Should do the trick to see which NRPE version you've installed.

When manually running check_nrpe, I got the same error:

CHECK_NRPE: Error - Could not complete SSL handshake.

I tried check_nrpe -H localhost

and I also tried with the server's IP address in place of 'localhost'

same results.

I ran it multiple times, and got the same results every time. When the nagios server runs the check, it only gets that error periodically.

Check the /var/log/messages on one of the remote hosts. Thats usually swarming with NRPE information.