Nagios Support Forum

I have 2 nagios server one is running 5.2.8 and the other one is 5.4.7. The old nagios server is working fine when do a service check on windows with check_nrpe whereas the new server is failing with

From new Nagios server (5.4.7)

/usr/local/nagios/libexec/check_nrpe -H windowserver -t 30 -c Barcodereader
CHECK_NRPE: Error - Could not complete SSL handshake.

-----------------------------------------------------------------------------------------------------------
From Old Nagios server (5.2.8)
--------------------------------------------------------------------------
/usr/local/nagios/libexec/check_nrpe -H windowserver -t 30 -c Barcodereader
2018-01-11 11:14:02 [000006dc] info [native] Loading collector peer list from C:/Program Files/dynaTrace/dynaTrace Agent 6.2/agent/conf/collectorlist.unnamed
2018-01-11 11:14:02 [000006dc] info [native] Agent has no active settings - running normally
OK: Barcodereader process running
---------------------------------------------------------------------------------------------

Port 5666 and 12489 are open to both the servers. I can telnet without issues from both of them. Any ideas...

Sorry the title should be CHECK_NRPE: Error - Could not complete SSL handshake.

Just fyi.. I have both the hosts are allowed.


; ALLOWED HOSTS - A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 127.0.0.1,10.97.0.166,10.97.0.34

[/settings/NRPE/server]

; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true

; VERIFY MODE -
verify mode = none

ssl options =


; Undocumented section
[/modules]
CheckExternalScripts = 1

; Undocumented key
Scheduler = 0

; Undocumented key
NSCAClient = 0

; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1

; CheckHelpers - Various helper function to extend other checks.
CheckHelpers = 1

; NSClientServer - A server that listens for incoming check_nt connection and processes incoming requests.
NSClientServer = 1

; CheckNSCP - Use this module to check the healt and status of NSClient++ it self
CheckNSCP = 1

; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1

; CheckSystem - Various system related checks, such as CPU load, process state, service state memory usage and PDH counters.
CheckSystem = 1

; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1

; CheckEventLog - Check for errors and warnings in the event log.
CheckEventLog = 1

nrpe plugin sizes are different.

new server(5.4.7)
-rwxrwxr-x. 1 nagios nagios 81518 Jul 13 14:51 check_nrpe

Old server (5.2.8)
-rwxrwxr-x 1 nagios nagios 76809 Jul 12 2016 /usr/local/nagios/libexec/check_nrpe

Hello, @rjmon. Are you running nrpe as a standalone service or under xinetd? Because if it's under xinetd the IP addresses should be added to /etc/xinetd.d/nrpe. And if you do need to add IP addresses to that file, they should be separated by spaces, not with commas(unlike in nrpe.cfg).
Did you restart nrpe after you added a new IP address? Finally, you may take a look at the /var/log/messages and/or error.log file if you have one, on the nrpe server. You should see a more detailed error message.

Here is my nrpe conf file

cat /etc/xinetd.d/nrpe
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
flags = REUSE
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
log_on_failure += USERID
disable = no
only_from = 127.0.0.1
}

Output from chkconfig. nrpe is running under xinetd service

chkconfig

Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.

If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.

Galaxy 0:off 1:off 2:off 3:on 4:off 5:on 6:off
ajaxterm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
gearmand 0:off 1:off 2:off 3:off 4:off 5:off 6:off
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nagios 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rhnsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
scx-cimd 0:off 1:off 2:off 3:on 4:off 5:on 6:off


xinetd based services:
nrpe: on


I dont need to add ip address to nrpe file right for this setup?

@rjmon, You don't but you may leave it in nrpe.cfg as well, it's not going to make things worse.
Just chnage the following line in /etc/xinetd.d/nrpe: And restart nrpe with:

I added to nrpe and restarted it. No luck.

@rjmon, Were you able to get more information from the log files?

I am getting could not fetch informaton from server for nrpe service

Jan 11 13:42:07 nagios1a nagios: SERVICE ALERT: Ststestserver;Memory Usage;UNKNOWN;HARD;5;could not fetch information from server