Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

CentOS - CHECK_NRPE: Error - Could not complete SSL handshak

https://support.nagios.com/forum/viewtopic.php?t=34301

Page 1 of 1

CentOS - CHECK_NRPE: Error - Could not complete SSL handshak

Posted: Thu Aug 20, 2015 3:42 pm
by [email protected]
We have noticed that the CHECK_NRPE: Error - Could not complete SSL handshake happens, but then the agent after another few checks works - any ideas as to what might be going on here - we have this happening on several of our CentOS monitored hosts

Re: CentOS - CHECK_NRPE: Error - Could not complete SSL hand

Posted: Thu Aug 20, 2015 4:26 pm
by jdalrymple
Hi [email protected]

I heard through the grapevine that you're using DNS to resolve your XI server. While I think this is a good practice it is important that your DNS infrastructure is solid and consistent for good results. Let me share with you some notes I have about the way DNS works on a Linux host running the NRPE daemon:
my notes wrote:xinetd:

- At xinetd start time it does a forward lookup to get the address for "only_from" - this doesn't seem to matter though
- Every time a request comes in there is a reverse lookup. If the proper name isn't returned in the reverse lookup the connection fails with "CHECK_NRPE: Error - Could not complete SSL handshake."

nrpe -d:

- Every time a check_nrpe request comes in a forward lookup is done, if the IP matches it works, if the record doesn't match check_nrpe fails with "CHECK_NRPE: Error - Could not complete SSL handshake."
Is it possible that you have multiple DNS servers being resolved and not all of them are resolving the XI server properly? Maybe to test you can take a trouble host and change it to IP - just for testing purposes?

Re: CentOS - CHECK_NRPE: Error - Could not complete SSL hand

Posted: Fri Aug 21, 2015 8:46 am
by [email protected]
Thanks for the reply and that could be the case here, I will take once of the troubled hosts and will change it's allow_only to the Nagios XI server's IP address.

Re: CentOS - CHECK_NRPE: Error - Could not complete SSL hand

Posted: Fri Aug 21, 2015 8:51 am
by [email protected]
I tested on one of the troubled CentOS hosts being monitored..I had seen a few quick criticals on it stating ( CHECK_NRPE: Socket timeout after 30 seconds ) , but they stopped...still continuing to monitor this host to see how the FQDN to IP test is working. Thanks again for your help troubleshooting this with us

Re: CentOS - CHECK_NRPE: Error - Could not complete SSL hand

Posted: Fri Aug 21, 2015 12:14 pm
by jolson
Be sure to keep us up to date if you encounter any difficulties. Thanks!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited