Failed to establish secure connection: sslv3 alert handshake
Posted: Sun Sep 15, 2019 11:56 pm
I just recently installed NEMS on a raspberry pi to mess around with Nagios. I'm trying to setup windows server monitoring and I'm getting this error message. I see that it is quite common and I've tried all the fixes in the forum to no avail. Hoping someone can help me out.
error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: sslv3 alert handshake failure: 1040
# If you want to fill this file with all available options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; in flight - TODO
[/settings/default]
; Undocumented key
password = password
; Undocumented key
allowed hosts = 127.0.0.1,172.16.105.0/24,192.168.3.0/24
; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = false
; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30
; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
;bind to = UNKNOWN
; in flight - TODO
[/settings/NRPE/server]
allow arguments = true
allow nasty characters = true
; Undocumented key
verify mode = none
; Undocumented key
insecure = true
; PORT NUMBER - Port to use for NRPE.
port = 5666
; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false).
extended response = false
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = true
;ssl options =
ssl options = no-sslv2,no-sslv3
verify mode = peer-cert
; in flight - TODO
[/modules]
; Undocumented key
CheckHelpers = disabled
; Undocumented key
CheckNSCP = disabled
; Undocumented key
CheckDisk = disabled
; Undocumented key
WEBServer = enabled
; Undocumented key
CheckSystem = disabled
; Undocumented key
NSClientServer = enabled
; Undocumented key
CheckEventLog = disabled
; Undocumented key
NSCAClient = enabled
; Undocumented key
NRPEServer = enabled
; CheckExternalScripts - Module used to execute external scripts
CheckExternalScripts = enabled
; LOG SECTION - Configure log file properties.
[/settings/log/file]
; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled
max size = -1
; LOG SETTINGS - Section for configuring the log handling.
[/settings/log]
; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = info
; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log
; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S
; CRASH HANDLER - Section for configuring the crash handler.
[/settings/crash]
; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP
; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${shared-path}/crash-dumps
; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post
;
[/settings/WEB/server/users/sample]
; ROLE - The role which will grant access to this user
role = UNKNOWN
; PASSWORD - The password to use.
password = UNKNOWN
; Roles - A list of roles and with coma separated list of access rights.
[/settings/WEB/server/roles]
; Users - Users which can access the REST API
[/settings/WEB/server/users]
; sample - To configure this create a section under: /settings/WEB/server/users/sample
sample = UNKNOWN
; TARGET - Target definition for: default
[/settings/NSCA/client/targets/default]
; VERIFY MODE -
verify mode = UNKNOWN
; TIMEOUT - Timeout when reading/writing packets to/from sockets.
timeout = 30
; RETRIES - Number of times to retry sending.
retries = 3
; ALLOWED CIPHERS - A better value is: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
allowed ciphers = UNKNOWN
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = UNKNOWN
; TARGET ADDRESS - Target host address
address = UNKNOWN
; ENCRYPTION - Name of encryption algorithm to use. Has to be the same as your server i using or it wont work at all.This is also independent of SSL and generally used instead of SSL. Available encryption algorithms are: none = No Encryption (not safe) xor = XOR des = DES 3des = DES-EDE3 cast128 = CAST-128 xtea = XTEA blowfish = Blowfish twofish = Twofish rc2 = RC2 aes128 = AES aes192 = AES aes = AES serpent = Serpent gost = GOST
encryption = aes
; SSL CERTIFICATE -
certificate = UNKNOWN
; CLIENT HANDLER SECTION -
[/settings/NSCA/client/handlers]
; NSCLIENT SERVER SECTION - Section for NSClient (NSClientServer.dll) (check_nt) protocol options.
[/settings/NSClient/server]
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = false
; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = true
; PORT NUMBER - Port to use for check_nt.
port = 12489
; NSCA CLIENT SECTION - Section for NSCA passive check module.
[/settings/NSCA/client]
; HOSTNAME - The host name of the monitored computer. Set this to auto (default) to use the windows name of the computer. auto Hostname ${host} Hostname ${host_lc} Hostname in lowercase ${host_uc} Hostname in uppercase ${domain} Domainname ${domain_lc} Domainname in lowercase ${domain_uc} Domainname in uppercase
hostname = auto
; CHANNEL - The channel to listen to.
channel = NSCA
;
[/paths]
; Path for shared-path -
shared-path = C:\Program Files\NSClient++
; Path for certificate-path -
certificate-path = ${shared-path}/security
; Path for exe-path -
exe-path = C:\Program Files\NSClient++
; Path for module-path -
module-path = ${exe-path}/modules
; Path for base-path -
base-path = C:\Program Files\NSClient++
; Path for scripts -
scripts = ${exe-path}/scripts
; Web server - Section for WEB (WEBServer.dll) (check_WEB) protocol options.
[/settings/WEB/server]
; PORT NUMBER - Port to use for WEB server.
port = 8443
; CERTIFICATE - Ssl certificate to use for the ssl server
certificate = ${certificate-path}/certificate.pem
; NUMBER OF THREADS - The number of threads in the sever response pool.
threads = 10
; INCLUDED FILES - Files to be included in the configuration
[/includes]
; REMOTE TARGET DEFINITIONS -
[/settings/NSCA/client/targets]
; script: default - The configuration section for the default script.
[/settings/external scripts/scripts/default]
; IGNORE PERF DATA - Do not parse performance data from the output
ignore perfdata = UNKNOWN
; COMMAND - Command to execute
command = UNKNOWN
; External scripts - A list of scripts available to run from the CheckExternalScripts module. Syntax is: `command=script arguments`
[/settings/external scripts/scripts]
; Wrapped scripts - A list of wrapped scripts (ie. script using a template mechanism). The template used will be defined by the extension of the script. Thus a foo.ps1 will use the ps1 wrapping from the wrappings section.
[/settings/external scripts/wrapped scripts]
; Command aliases - A list of aliases for already defined commands (with arguments). An alias is an internal command that has been predefined to provide a single command without arguments. Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
[/settings/external scripts/alias]
; alias_volumes_loose - To configure this create a section under: /settings/external scripts/alias/alias_volumes_loose
alias_volumes_loose = UNKNOWN
; alias_volumes - To configure this create a section under: /settings/external scripts/alias/alias_volumes
alias_volumes = UNKNOWN
; alias_service_ex - To configure this create a section under: /settings/external scripts/alias/alias_service_ex
alias_service_ex = UNKNOWN
; alias_service - To configure this create a section under: /settings/external scripts/alias/alias_service
alias_service = UNKNOWN
; alias_sched_long - To configure this create a section under: /settings/external scripts/alias/alias_sched_long
alias_sched_long = UNKNOWN
; alias_sched_all - To configure this create a section under: /settings/external scripts/alias/alias_sched_all
alias_sched_all = UNKNOWN
; alias_process_hung - To configure this create a section under: /settings/external scripts/alias/alias_process_hung
alias_process_hung = UNKNOWN
; alias_process - To configure this create a section under: /settings/external scripts/alias/alias_process
alias_process = UNKNOWN
; alias_mem - To configure this create a section under: /settings/external scripts/alias/alias_mem
alias_mem = UNKNOWN
; alias_file_size - To configure this create a section under: /settings/external scripts/alias/alias_file_size
alias_file_size = UNKNOWN
; alias_event_log - To configure this create a section under: /settings/external scripts/alias/alias_event_log
alias_event_log = UNKNOWN
; alias_disk - To configure this create a section under: /settings/external scripts/alias/alias_disk
alias_disk = UNKNOWN
; alias_cpu - To configure this create a section under: /settings/external scripts/alias/alias_cpu
alias_cpu = UNKNOWN
; alias_process_count - To configure this create a section under: /settings/external scripts/alias/alias_process_count
alias_process_count = UNKNOWN
; alias_up - To configure this create a section under: /settings/external scripts/alias/alias_up
alias_up = UNKNOWN
; alias_process_stopped - To configure this create a section under: /settings/external scripts/alias/alias_process_stopped
alias_process_stopped = UNKNOWN
; alias_disk_loose - To configure this create a section under: /settings/external scripts/alias/alias_disk_loose
alias_disk_loose = UNKNOWN
; alias_sched_task - To configure this create a section under: /settings/external scripts/alias/alias_sched_task
alias_sched_task = UNKNOWN
; alias_file_age - To configure this create a section under: /settings/external scripts/alias/alias_file_age
alias_file_age = UNKNOWN
; alias_cpu_ex - To configure this create a section under: /settings/external scripts/alias/alias_cpu_ex
alias_cpu_ex = UNKNOWN
; Script wrappings - A list of templates for defining script commands. Enter any command line here and they will be expanded by scripts placed under the wrapped scripts section. %SCRIPT% will be replaced by the actual script an %ARGS% will be replaced by any given arguments.
[/settings/external scripts/wrappings]
; Batch file - Command used for executing wrapped batch files
bat = scripts\\%SCRIPT% %ARGS%
; Visual basic script - Command line used for wrapped vbs scripts
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
; POWERSHELL WRAPPING - Command line used for executing wrapped ps1 (powershell) scripts
ps1 = cmd /c echo If (-Not (Test-Path "scripts\%SCRIPT%") ) { Write-Host "UNKNOWN: Script `"%SCRIPT%`" not found."; exit(3) }; scripts\%SCRIPT% $ARGS$; exit($lastexitcode) | powershell.exe /noprofile -command -
; alias: default - The configuration section for the default alias
[/settings/external scripts/alias/default]
; COMMAND - Command to execute
command = UNKNOWN
;
[/settings/WEB/server/users/default]
; ROLE - The role which will grant access to this user
role = UNKNOWN
; PASSWORD - The password to use.
password = UNKNOWN
; External script settings - General settings for the external scripts module (CheckExternalScripts).
[/settings/external scripts]
; Command timeout - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60
; Script root folder - Root path where all scripts are contained (You can not upload/download scripts outside this folder).
script root = ${scripts}
; Load all scripts in a given folder - Load all scripts in a given directory and use them as commands.
script path = UNKNOWN
; Allow arguments when executing external scripts - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; Allow certain potentially dangerous characters in arguments - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
./check_nrpe -H 172.16.105.5
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.16.105.5: 1