Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Error - Could not complete SSL handshake

https://support.nagios.com/forum/viewtopic.php?t=62938

Page 1 of 1

Error - Could not complete SSL handshake

Posted: Tue Jun 29, 2021 10:09 am
by kalyanpabolu
Hello Team,

We are monitoring on server in Nagios. We are getting below error:

[root@HO1-NAGIOSXI libexec]# ./check_nrpe -H 10.50.20.13 -t 30 -c check_ntp -a '-w 20 -c 40'
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 10.50.20.13: 1
[root@HO1-NAGIOSXI libexec]#

1.There is no firewall.
2. Port 5666 is open.
[root@HO1-NAGIOSXI libexec]# nmap 10.50.20.13 -p 5666
Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-29 19:07 +04
Nmap scan report for 10.50.20.13
Host is up (0.11s latency).

PORT STATE SERVICE
5666/tcp open nrpe

Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds
[root@HO1-NAGIOSXI libexec]#


3. Telnet is working fine:
[root@HO1-NAGIOSXI libexec]# telnet 10.50.20.13 5666
Trying 10.50.20.13...
Connected to 10.50.20.13.
Escape character is '^]'.
^C^C^CConnection closed by foreign host.


4. dont_blame_nrpe =1
5. Nagios IP is added in allowed_hosts entry.
#add entry for allowed hosts
allowed_hosts=10.50.10.21,10.1.0.220

Please help us to understand the issue.

Re: Error - Could not complete SSL handshake

Posted: Tue Jun 29, 2021 5:15 pm
by ssax
Please send the full output of this command from the XI server:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 10.50.20.13 -s-1; tail -n30 /var/log/messages
What does /var/log/messages show on 10.50.20.13 when it fails?

Re: Error - Could not complete SSL handshake

Posted: Tue Jun 29, 2021 11:44 pm
by kalyanpabolu
Hello,

PFB the output:

[root@HO1-NAGIOSXI ~]# /usr/local/nagios/libexec/check_nrpe -H 10.50.20.13 -s-1; tail -n30 /var/log/messages
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 10.50.20.13: 1
Jun 30 08:35:01 HO1-NAGIOSXI systemd[1]: Started Session 5789299 of user nagios.
Jun 30 08:35:01 HO1-NAGIOSXI systemd[1]: Started Session 5789300 of user nagios.
Jun 30 08:35:01 HO1-NAGIOSXI systemd[1]: Started Session 5789301 of user nagios.
Jun 30 08:35:01 HO1-NAGIOSXI systemd[1]: Started Session 5789302 of user nagios.
Jun 30 08:35:09 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Process Count' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:09 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Disk Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:09 HO1-NAGIOSXI nagios[41551]: Error: Got host checkresult for 'NCPA 2', but no such host can be found
Jun 30 08:35:09 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Memory Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:09 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'CPU Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:09 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Swap Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:19 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Swap Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:19 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Process Count' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:19 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'CPU Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:19 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Memory Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:19 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Disk Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:19 HO1-NAGIOSXI nagios[41551]: Error: Got host checkresult for 'NCPA 2', but no such host can be found
Jun 30 08:35:19 HO1-NAGIOSXI nagios[41551]: SERVICE NOTIFICATION: Chalhoub_Infra_CC;HO1-NET-MGMT_10.1.0.20;RemoteRegistry Service Status;CRITICAL;xi_service_notification_handler;CRITICAL: RemoteRegistry is stopped (should be running)
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Disk Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got host checkresult for 'NCPA 2', but no such host can be found
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Process Count' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Memory Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Memory Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Process Count' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Swap Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Swap Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'Disk Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'CPU Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got host checkresult for 'NCPA 2', but no such host can be found
Jun 30 08:35:29 HO1-NAGIOSXI nagios[41551]: Error: Got check result for service 'CPU Usage' on host 'NCPA 2'. Unable to find service
Jun 30 08:35:30 HO1-NAGIOSXI nagios[41551]: SERVICE NOTIFICATION: Chalhoub_Infra_CC;SA-RUH-KINGDOM-VER-AP4;Meraki Status_ac:17:c8:03:95:a4;CRITICAL;xi_service_notification_handler;SA-RUH-KINGDOM-VER-AP4 is Offline
[root@HO1-NAGIOSXI ~]#

Re: Error - Could not complete SSL handshake

Posted: Wed Jun 30, 2021 2:35 pm
by ssax
Sorry, that didn't pick it up because you had a lot of entries in /var/log/messages, please run this instead and post the output:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H 10.50.20.13 -s-1; tail -n500 /var/log/messages | grep check_nrpe

Re: Error - Could not complete SSL handshake

Posted: Sun Jul 04, 2021 11:16 pm
by kalyanpabolu
Hello,

Below is the output:

CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 10.50.20.13: 1
Jul 5 07:54:52 HO1-NAGIOSXI check_nrpe[14888]: Error: (!log_opts) Could not complete SSL handshake with 10.50.20.13: dh key too small
Jul 5 08:15:48 HO1-NAGIOSXI check_nrpe[3099]: SSL Certificate File: None
Jul 5 08:15:48 HO1-NAGIOSXI check_nrpe[3099]: SSL Private Key File: None
Jul 5 08:15:48 HO1-NAGIOSXI check_nrpe[3099]: SSL CA Certificate File: None
Jul 5 08:15:48 HO1-NAGIOSXI check_nrpe[3099]: SSL Cipher List: ALL:!MD5:@STRENGTH:@SECLEVEL=0
Jul 5 08:15:48 HO1-NAGIOSXI check_nrpe[3099]: SSL Allow ADH: 1
Jul 5 08:15:48 HO1-NAGIOSXI check_nrpe[3099]: SSL Log Options: 0xffffffff
Jul 5 08:15:48 HO1-NAGIOSXI check_nrpe[3099]: SSL Version: TLSv1_plus And Above
[root@HO1-NAGIOSXI ~]#

Re: Error - Could not complete SSL handshake

Posted: Tue Jul 06, 2021 12:20 pm
by gsmith
It looks like you have an old version of SSL on one of the machines.

You can see what you have by running:

yum list installed | grep SSL
- or -
apt list --installed | grep SSL

You should update the lower package to match the higher package.

Let us know how you make out.

Thanks
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited