Nagios Support Forum

Hi,

Can i get a little bit help here?

I'm configuring now check_http plugin on my Solaris producation machine (ssbpech01)
the command running prefactly from the server itself:

root@ssbpech01:/apps/nagios/libexec# pwd
/apps/nagios/libexec
root@ssbpech01:/apps/nagios/libexec# ./check_http --ssl -H 10.146.1.38 -p 8443 -u /echos/SSB -s ECHOS -t 20
HTTP OK: HTTP/1.1 200 OK - 3535 bytes in 0.685 second response time |time=0.684777s;;;0.000000 size=3535B;;;0

but on the dashboard for this service i got:
ECHOS EP1 URL CRITICAL 01-31-2017 12:02:43 1d 3h 42m 19s 3/3 CHECK_NRPE: Error - Could not complete SSL handshake.

please see my services.cfg for this:
define service{
use generic-service
host_name ssbpech01
service_description ECHOS EP1 URL
contact_groups nagios-admins
check_command check_nrpe!check_http
check_period 24x7_except_maintenance
notification_period 24x7_except_maintenance
check_interval 1
}

root@ssbpech01:/apps/nagios/libexec# /apps/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.
root@ssbpech01:/apps/nagios/libexec# netstat -a | grep nrpe
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55156 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpech01.46479 49152 0 49152 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55218 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55228 14720 0 50316 0 ESTABLISHED
*.nrpe *.* 0 0 49152 0 LISTEN
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55070 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55080 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55096 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55098 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55118 14720 0 50316 0 TIME_WAIT
ssbpech01.nrpe ssbpops01.ssb.sungard.com.55126 14720 0 50316 0 TIME_WAIT
root@ssbpech01:/apps/nagios/libexec#

Can you please help me here? dont understand why in the dashborad i got differnet expirance?

Page 3, Section III of https://assets.nagios.com/downloads/nag ... utions.pdf covers that error.

Are you using xinetd? If so, can you post the contents of /etc/xinetd.d/nrpe? Please remove sensitive info as necessary.

HI im not using xinted im using nrpe service

Can you post your /usr/local/nagios/etc/nrpe.cfg from Solaris?

Also, did you go through the troubleshooting guide (https://assets.nagios.com/downloads/nag ... utions.pdf)? If so, I don't want to repeat those steps. Thanks!

Hi,

of course i checked in the procedure before asked you

but the solution not helped me.

this is my nrpe.cfg configurtion:

What happens if you run /apps/nagios/libexec/check_nrpe -H 10.146.1.38 -n from the Nagios machine? It looks like all teh SSL parts are commented out.

Additionally. from the client side, please run something similar to what I've posted against your NRPE binary, this will show us what SSL it's compiled with -

I had similar problem with ssl handshake like yours.
http://sharadchhetri.com/2013/06/11/how ... t-command/
Try to fallow instructions fom step 1 to 5 and check if it is working. It was helpfull to me.

from Nagios machine:

-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.

from the client side:

root@ssbpech01:/# /apps/nagios/bin/nrpe

NRPE - Nagios Remote Plugin Executor
Copyright (c) 1999-2008 Ethan Galstad ([email protected])
Version: 2.15
Last Modified: 09-06-2013
License: GPL v2 with exemptions (-l for more info)
SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required
TCP Wrappers Available

***************************************************************
** POSSIBLE SECURITY RISK - COMMAND ARGUMENTS ARE SUPPORTED! **
** Read the NRPE SECURITY file for more information **
***************************************************************

Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>

Options:
-n = Do not use SSL
<config_file> = Name of config file to use
-4 = use ipv4 only
-6 = use ipv6 only
<mode> = One of the following operating modes:
-i = Run as a service under inetd or xinetd
-d = Run as a standalone daemon
-d -s = Run as a subsystem under AIX

Notes:
This program is designed to process requests from the check_nrpe
plugin on the host(s) running Nagios. It can run as a service
under inetd or xinetd (read the docs for info on this), or as a
standalone daemon. Once a request is received from an authorized
host, NRPE will execute the command/plugin (as defined in the
config file) and return the plugin output and return code to the
check_nrpe plugin.

rkennedy wrote:What happens if you run /apps/nagios/libexec/check_nrpe -H 10.146.1.38 -n from the Nagios machine? It looks like all teh SSL parts are commented out.

-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.

Please run it with the -n to specify no SSL.

check_nrpe from Nagios machine:
-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38
CHECK_NRPE: Error - Could not complete SSL handshake.

-bash-4.1# /usr/local/nagios/libexec/check_nrpe -H 10.146.1.38 -n
CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.