Page 1 of 1
Host returned with error hpp:149
Posted: Sun Jul 15, 2018 4:14 pm
by rifelixd
Gurus,
I have couple of hosts connected to my server passively over NSCA using NSClient++ 0.4.1. All hosts responding fine but this particular host did connected once and then failing with error returned in log as below:-
Code: Select all
2018-07-15 20:50:00: e:D:\source\nscp\trunk\include\socket/client.hpp:149: Failed to read data: The I/O operation has been aborted because of either a thread exit or an application request
Kindly advise.
Regards,
Richard F.
Re: Host returned with error hpp:149
Posted: Mon Jul 16, 2018 3:37 pm
by lmiltchev
Do you have another application on this host, that is using the same port (5667)?
Try the following:
1. Open a CMD prompt on the Windows host, and run:
to find the PIDs of the applications, using port 5667.
2. Next, run the following command to find the actual names of the applications:
where you substitute <PID> with the actual PID, found in step 1.
Also, post the
nsclient.ini file and the entire
nsclient.log on the forum. Remove/obfuscate sensitive data.
Re: Host returned with error hpp:149
Posted: Mon Jul 16, 2018 4:56 pm
by rifelixd
Hi
@lmiltchev,
Thank you for replying me. There are no other applications that I am aware of that do run on the same port from this machine. I have attached that were requested.
Code: Select all
C:\Users\Administrator>netstat -aon | find "5667"
TCP 10.2.2.2:51267 20x.x.x.x:5667 CLOSING 4768
TCP 10.2.2.2:51286 20x.x.x.x:5667 CLOSING 4768
TCP 10.2.2.2:51293 20x.x.x.x:5667 CLOSING 4768
TCP 10.2.2.2:51312 20x.x.x.x:5667 FIN_WAIT_1 4768
C:\Users\Administrator>tasklist | find "4768"
nscp.exe 4768 Services 0 29,088 K
Code: Select all
[/modules]
CheckWMI = 1
NSCAClient = 1
CheckExternalScripts = 1
CheckSystem = 1
CheckEventLog = 1
CheckDisk = 1
Scheduler = 1
CheckHelpers = 1
[/settings/default]
allowed hosts = localhost,<myServerIP>
[/settings/NSCA/client]
channel = NSCA
hostname = auto
[/settings/NSCA/client/targets/default]
address = <myServerIP>
encryption = <ecryptionSet>
password = <nscaPassword>
payload length = 4096
[/settings/external scripts]
allow arguments = 1
allow nasty characters = 1
timeout = 120
[/settings/external scripts/scripts]
eventsystem_check = cscript.exe //T:30 //NoLogo scripts//eventsystem_check.vbs
eventapp_check = cscript.exe //T:30 //NoLogo scripts//eventapp_check.vbs
wupdates_notif = cscript.exe //T:30 //NoLogo scripts//wupdates_notif.vbs
wupdates_status = cscript.exe //T:30 //NoLogo scripts//wupdates_status.vbs
wupdates_check = cscript.exe //T:120 //NoLogo scripts//wupdates_check.vbs
win_check = cscript.exe //T:30 //NoLogo scripts//win_check.vbs
[/settings/log]
date setting = %Y.%m.%d %H:%M:%S
file name = nsclient.log
level = info
[/settings/log/file]
max size = 2048000
[/settings/scheduler/schedules/default]
interval = 5m
[/settings/scheduler/schedules]
host_check = Check_OK "System is responding OK"
Windows_Disk: Drive C = CheckDriveSize MinWarn=10% MinCrit=5% Drive=C: ShowAll
Windows_Disk: Drive D = CheckDriveSize MinWarn=10% MinCrit=5% Drive=D: ShowAll
Windows_Event: System Log = eventsystem_check
Windows_Event: Application Log = eventapp_check
Windows_Memory: Physical Memory = checkMem MaxWarn=80% MaxCrit=90% ShowAll=long type=physical
Windows_OS: Status Check = win_check
Windows_Updates: Notification = wupdates_notif
Windows_Updates: Status = wupdates_status
Windows_Updates: Waiting Updates = wupdates_check
Code: Select all
2018-07-15 20:50:00: e:D:\source\nscp\trunk\include\socket/client.hpp:149: Failed to read data: The I/O operation has been aborted because of either a thread exit or an application request
2018-07-15 23:51:20: e:..\..\..\..\trunk\modules\CheckSystem\PDHCollector.cpp:139: Failed to query performance counters: Negative denominator issue (check FAQ for ways to solve this): \238(_total)\6: -2147481642: A counter with a negative denominator value was detected.
2018-07-16 21:19:07: e:..\..\..\..\trunk\modules\NSCAClient\NSCAClient.cpp:435: Error: Failed to connect to: <myServerIP>:5667 :A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
2018-07-16 21:19:24: e:D:\source\nscp\trunk\include\socket/client.hpp:149: Failed to read data: The I/O operation has been aborted because of either a thread exit or an application request
2018-07-16 21:19:24: e:..\..\..\..\trunk\modules\NSCAClient\NSCAClient.cpp:435: Error: Failed to connect to: <myServerIP>:5667 :A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Re: Host returned with error hpp:149
Posted: Wed Jul 18, 2018 3:09 pm
by lmiltchev
Can you check to see if port 5667 is not being blocked by a firewall? Run the following command from the CLI on the Nagios XI server and show the output:
Re: Host returned with error hpp:149
Posted: Thu Jul 19, 2018 8:52 am
by rifelixd
Hi
@lmiltchev,
My current setup is to receive the host details passively over NSCA. I dont own the IP details. Is there something else you require?
Re: Host returned with error hpp:149
Posted: Thu Jul 19, 2018 9:43 am
by lmiltchev
You can obtain the IP address of the Windows machine by running "ipconfig" from the CMD prompt, then use this IP in your nmap command.
We need to rule out any possible firewall issues.
Alternatively, you can examine the firewall rules on the Windows machine and make sure that port 5667 is indeed open.