Can't get NRPE to work on Windows 10


#1

Note: check_nt on nagios works fine. In case that helps clear up any networking issues.

I’ve read as many forum posts and articles as I can. I’ve done everything I can think of and I am completely stuck. I’m having all kinds of issues with SSL.

This is for my home network, I don’t need SSL or anything like that. I just want it to work. I’m running Nagios on a Raspberry Pi.

I downloaded, compiled and installed the latest version of the check_nrpe plugin (3.2.1) and installed it in the /usr/local/nagios/libexec directory.

I installed NSClient++ on my Windows 10 PC.

I’ve spent hours messing with the NSClient config file and haven’t made any progress.

Here is my nsclient.ini contents:

[/settings/default]
password = [password]
allowed hosts = 127.0.0.1,192.168.0.0/24

[/settings/NRPE/server]
ssl options = no-sslv2,no-sslv3
verify mode = peer-cert
allowed hosts = 127.0.0.1,192.168.0.0/24
insecure = false

[/modules]
CheckExternalScripts = enabled
CheckHelpers = disabled
CheckEventLog = disabled
CheckNSCP = disabled
WEBServer = enabled
NSClientServer = enabled
NRPEServer = enabled
CheckSystem = enabled
CheckDisk = enabled

[/settings/NSClient/server]
allowed hosts = 127.0.0.1,192.168.0.0/24

[/settings/WEB/server]
allowed hosts = 127.0.0.1,192.168.0.0/24

With the config as shown, I get the following errors, running check_nrpe from the nagios host:

./check_nrpe -H 192.168.0.111
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 192.168.0.111: 1

./check_nrpe -H 192.168.0.111 -n
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).

And I get the same error messages every time regardless of what I have “verify mode” or “insecure” settings set to.

I have also tried running check_nrpe.exe locally.

With the current config, I get:

.\check_nrpe.exe address=192.168.0.111 insecure
Error: Failed to connect to: 192.168.0.111:5666 :short read

But if I change the config to this, then it works:

;verify mode = peer-cert ; commented out
insecure = true

I get this:

.\check_nrpe.exe address=192.168.0.111 insecure
I (0.5.2.35 2018-01-28) seem to be doing fine...

#2

I am getting pretty much the same issues. The following is my config that lives on 2 Windows 10 desktop clients:

; in flight - TODO
[/settings/default]

; Undocumented key
password = xxxxxxxxxxxx   <--- not actually that

; Undocumented key
allowed hosts = 127.0.0.1,10.2.17.7


; in flight - TODO
[/settings/NRPE/server]

; Undocumented key
verify mode = none

; Undocumented key
insecure = true


; in flight - TODO
[/modules]

; Undocumented key
CheckExternalScripts = disabled

; Undocumented key
CheckHelpers = disabled

; Undocumented key
CheckEventLog = disabled

; Undocumented key
CheckNSCP = disabled

; Undocumented key
CheckDisk = disabled

; Undocumented key
CheckSystem = disabled

; Undocumented key
WEBServer = enabled

; Undocumented key
NRPEServer = enabled

The clients on a Windows 10 desktop. My server is running on a Debian 9 VM. When I run check_nrpe from my Debian server to the host I get the following errors.

./check_nrpe -H 10.2.19.102
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 10.2.19.102: 1

./check_nrpe -H 10.2.19.102 -n
CHECK_NRPE: Receive header underflow - only 0 bytes received (4 expected).

./check_nrpe -H 10.2.19.102 -V
NRPE Plugin for Nagios
Version: 3.2.1

I can PING this desktop just fine. I also tried this on another Windows 10 desktop client I have here and the exact same issue happens.


#3

possible solutions:

  1. user check_nsc_web (rest api) instead of nrpe => https://github.com/m-kraus/check_nsc_web

  2. add these key´s in your ini (not recommended)

[/settings/NRPE/server] allowed ciphers = ALL use ssl = false insecure = false verify mode = none

  1. fix your ssl settings for nrpe 3.x - see the nrpe documentation for details.

#4

Thanks, #2 fixed it for me. I don’t care about SSL, this is all on my local home network.