Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Windows server 2003 - NCPA 1.8.1 - sslv3 alert handshake fai

https://support.nagios.com/forum/viewtopic.php?t=62673

Page 1 of 1

Windows server 2003 - NCPA 1.8.1 - sslv3 alert handshake fai

Posted: Tue May 25, 2021 1:37 pm
by dragan.vucanovic
I have issues trying to get NCPA 1.8.1 passive check to communicate with nagios server

ncpa.cfg

Code: Select all

[listener]
uid = nagios
certificate = adhoc
loglevel = info
ip = 0.0.0.0
gid = nagcmd
logfile = var/ncpa_listener.log
port = 5693
pidfile = var/ncpa_listener.pid
# Available versions: PROTOCOL SSLv2, SSLv3, TLSv1
ssl_version = TLSv1

[passive]
uid = nagios
handlers = nrds,nrdp
loglevel = info
gid = nagcmd
sleep = 300
logfile = var/ncpa_passive.log
pidfile = var/ncpa_passive.pid

[nrdp]
token =UjdZYhrlDT7w84
hostname =vm.example.com
parent =https://nrdp.example.com

[nrds]
URL =https://nrdp.example.com
CONFIG_VERSION =0
TOKEN =UjdZYhrlDT7w84
CONFIG_NAME =
CONFIG_OS = None
PLUGIN_DIR=plugins/
UPDATE_CONFIG=1
UPDATE_PLUGINS=1

[api]
community_string =UjdZYhrlDT7w84

[plugin directives]
plugin_path = plugins/
.sh = /bin/sh $plugin_name $plugin_args
.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args
.vbs = cscript $plugin_name $plugin_args //NoLogo

[passive checks]
%HOSTNAME%|cpu usage = /cpu/percent --warning 20 --critical 30
%HOSTNAME%|swap usage = /memory/swap/percent --warning 40 --critical 80
%HOSTNAME%|memory usage = /memory/virtual/percent --warning 60 --critical 80
When sending data to Nagios server getting

Code: Select all

SSLError: [Errno 1] _ssl.c:507: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Re: Windows server 2003 - NCPA 1.8.1 - sslv3 alert handshake

Posted: Tue May 25, 2021 3:11 pm
by dchurch
Is this NCPA for windows sending the passive check?

The latest NCPA version is 2.3.1. Have you tried installing the latest version of NCPA?

What's the output from the following commands on the Nagios XI machine's command line?

Code: Select all

openssl version
php --version
grep -rPi '^\sSSL' /etc/httpd*

Re: Windows server 2003 - NCPA 1.8.1 - sslv3 alert handshake

Posted: Tue May 25, 2021 3:43 pm
by dragan.vucanovic
I can't install latest version because Windows server 2003 cannot support it, regarding your second question, when i log in to nagios i'll post it

Re: Windows server 2003 - NCPA 1.8.1 - sslv3 alert handshake

Posted: Wed May 26, 2021 9:34 am
by dchurch
Okay, let us know what the result of those commands are.

What I'm thinking is wrong is that either NCPA or the Windows Server 2003 stack isn't capable of negotiating an SSL protocol and cipher with the Nagios REST API for submitting passive check. We'll have to update the Apache settings to allow using insecure cipher suites.

In lieu of figuring out what cipher suite Apache <=> NCPA can use, what you could do instead is simply move to using an active check which NCPA supports.

What you could also try is changing the passive check endpoint (parent) from "https" to "http" inside of ncpa.cfg on the Windows computer. This would circumvent any connection problems associated with SSL protocol negotiation on older systems, but it would mean the traffic wasn't encrypted.

Re: Windows server 2003 - NCPA 1.8.1 - sslv3 alert handshake

Posted: Mon Jun 14, 2021 9:06 am
by dragan.vucanovic
We decided to give up and not to use Nagios for this server, instead ,we'll use another product for server 2003

Re: Windows server 2003 - NCPA 1.8.1 - sslv3 alert handshake

Posted: Tue Jun 15, 2021 9:55 am
by ssax
Okay, thanks for the update! Locking the post.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited