Fuse XI Server Running SSL

[andyb4u]

We are setting up Fusion and are trying to fuse a XI server which is running under SSL.

We cannot get it to fuse successfully. It keeps giving a "Failed authentication check" messsages in auth_subsys.log. We have checked the credentials we are using and these are correct.

I can run wget from the fusion and access the XI server - although I have to use the --no-check-certificate switch - would this point to why it's not fusing?

A proxy has been set in fusion and use proxy for polling fused servers is ticked. This is the same proxy wget is using.

I've set the log level to trace and enabled writing to log file but I don't see anything which would help me explain the failures.

I'm looking for steps to help troubleshoot this further. Any help would be much appreciated.

[bolson]

Hello Andyb4u,

If you would attach the log file you've created as well as the system profile from your XI host, we'd be happy to take a look.

Admin >> System Profile >> Download System Profile.

[andyb4u]

Thank you bolson. I've pm'd you some logs.

[tgriep]

Thanks for the profile. I did not find any clues on the issue but the profile only has a short period of time so it may have been missed in the files.


What version of Fusion is the Fusion server running?

The following example is a command you can run as root on the Fusion server to see if it can connect to the remote Nagios server using the fusekey.
Run the following replacing the nagiosxiserver with the XI server's host name and the xxxxxxxxxxxxxxxxxxxxxxxx with the fusion key.

Code: Select all

curl -XGET https://nagiosxiserver/nagiosxi/api/v1/system/status?fusekey=xxxxxxxxxxxxxxxxxxxxxxxx -k -v

Add the output of the curl command to the ticket.

We may need to see the Apache config files from the XI server so we can check them to see if the settings are correct so can you get the following files from the XI server and post them here?

Code: Select all

/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/nagiosxi.conf
/etc/httpd/conf.d/ssl.conf

Also, can you verify that the proxy server is passing the request without changing the URL in any way?

[andyb4u]

Apologies I was away over the holiday period.

We are running Fusion 4.1.5

Running the curl command does not return anything. It just sits trying to connect. If I use CURL specifying a proxy it returns data OK.

Code: Select all

{"instance_id":"1","instance_name":"localhost","status_update_time":"2019-01-07 15:07:14","program_start_time":"2019-01-07 10:22:34","program_run_time":"17084","program_end_time":"0000-00-00 00:00:00","is_currently_running":"1","process_id":"8333","daemon_mode":"1","last_command_check":"1970-01-01 01:00:00","last_log_rotation":"1970-01-01 01:00:00","notifications_enabled":"1","active_service_checks_enabled":"1","passive_service_checks_enabled":"1","active_host_checks_enabled":"1","passive_host_checks_enabled":"1","event_handlers_enabled":"1","flap_detection_enabled":"1","process_performance_data":"1","obsess_over_hosts":"0","obsess_over_services":"0","modified_host_attributes":"3","modified_service_attributes":"3","global_host_event_handler":"xi_host_event_handler","global_service_event_handler":"xi_service_event_handler"}

I've attached the files requested from the XI server we are trying to connect to and have asked our comms guys to investigate. I'll post back if they find anything.

[tgriep]

Can you verify that the proxy settings in the Fusion GUI match what you used in the curl command?

Can you provide any details on what and how the proxy is setup to pass the traffic between the Fusion Server and the Nagios XI server?
If it passing the data through the tunnel directly or is it translating it in anyway?

When you ran the curl command, what did you use for the proxytunnel option?

[andyb4u]

I was using the same proxy for the curl command that is configured for fusion

curl -x proxy-lb.nigov.net:8080 -XGET https://nagiosxiserver/nagiosxi/api/v1/ ... xxxxxxxxxx -k -v

I'm still waiting for our comms guys to get back to me about how it's passing through.

[tgriep]

When you find out the details on the Proxy server, go ahead and post them here.
Can you have the administrator of the Proxy server see what types of errors they are seeing on the Proxy server while the Fusion server is trying to connect?

One thing to try, login to the Fusion GUI and go to the Proxy Configuration menu.

Change the Use HTTP tunnel option that is set and Update the Settings and see if the Fusion server can authenticate to the XI server.

[andyb4u]

The issue is now resolved. It was a comms issue in the end. The comms guys told us to use a different proxy and it's now working. Thanks for your help. This post can be closed.

[tgriep]

Thanks for reporting back what the cause of the issue was. I'll lock the post up for you.