NSClient++/NRPE strange timeout


#1

Hi everyone,

I’m experiencing very strange behavior of my NSclient program. When I set it up for the first time it seems to work properly since I check with my linux CLI and it give me a positive answer.

Then I try to make a powershell script for exchange to work. At the begining it works fine, then I try to optimize it and for no apparent reason, at some time, everything start to crash and do not work anymore. I get “no bytes received first” then after a while “socket timeout”… I’m desesparate since I can’t understand what’s going on. There is no apparent reason, nmap shows port 5666 open, no firewall issue… Anyway it was working few minutes ago but don’t right now !! Hope you can help me cause I’m starting to lose my hair on this problem…

image

Here is the result of “nscp test --debug” :

Here is my nsclient.ini :

; Undocumented section [/settings/default]

; Undocumented key password = coucou

; Undocumented key allowed hosts = 127.0.0.1,10.33.0.90

; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server. cache allowed hosts = true

; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out. timeout = 30

; BIND TO ADDRESS - Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses. ;bind to = UNKNOWN

; Undocumented section [/settings/NRPE/server]

; allows user to control the execution (true = security issue) allow arguments = true

; allows arguments to conatin dangerous characters such as redirection and pipes allow nasty characters = true

; Undocumented key ;ssl options = no-sslv2,no-sslv3

; Undocumented key ;verify mode = peer-cert

; Undocumented key insecure = true

; port default 5666 port = 5666

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. ;use ssl = true

; EXTENDED RESPONSE - Send more then 1 return packet to allow response to go beyond payload size (requires modified client if legacy is true this defaults to false). ;extended response = false

[/settings/external scripts]

; allows user to control the execution (true = security issue) allow arguments = true

; Command timeout - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones. timeout = 60

; Load all scripts in a given folder - Load all scripts in a given directory and use them as commands. ;script path = UNKNOWN

; Allow certain potentially dangerous characters in arguments - This option determines whether or not the we will allow clients to specify nasty (as in |`&><’"[]{}) characters in arguments. ;allow nasty characters = false

; Undocumented section [/modules]

; Undocumented key CheckExternalScripts = enabled

; Undocumented key NSClientServer = enabled

; Undocumented key NRPEServer = enabled

[/settings/external scripts/scripts]

[/settings/external scripts/wrappings]

; template to run PowerShell scripts ps1 = cmd /c echo scripts\\%SCRIPT% %ARGS%; exit($lastexitcode) | powershell.exe -command -

; Batch file - Command used for executing wrapped batch files bat = scripts\%SCRIPT% %ARGS%

; Visual basic script - Command line used for wrapped vbs scripts vbs = cscript.exe //T:30 //NoLogo scripts\lib\wrapper.vbs %SCRIPT% %ARGS%

[/settings/external scripts/wrapped scripts] ;check_veeam = check_veeam_backups.ps1 $ARG1$ $ARG2$ ;check_veeam = check_veeam_backups2.ps1 $ARG1$ $ARG2$ check_exch = check_exchange.ps1 $ARG1$ $ARG2$

[/settings/log]

; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace ;level = debug

; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve. ;date format = %Y-%m-%d %H:%M:%S

; FILENAME - The file to write log data to. Set this to none to disable log to file. ;file name = ${exe-path}/nsclient.log

; LOG SECTION - Configure log file properties. [/settings/log/file]

; MAXIMUM FILE SIZE - When file size reaches this it will be truncated to 50% if set to 0 (default) truncation will be disabled ;max size = -1

[/settings/NSClient/server]

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. ;use ssl = false

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data). ;performance data = true

; PORT NUMBER - Port to use for check_nt. ;port = 12489

; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled. ;use ssl = false

; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data). ;performance data = true

; PORT NUMBER - Port to use for check_nt. ;port = 12489

; COUNTER - Definition for counter: default

[/paths]

; Path for module-path - module-path = ${exe-path}/modules

; Path for exe-path - exe-path = C:\Program Files\NSClient++

; Path for certificate-path - certificate-path = ${shared-path}/security

; Path for shared-path - shared-path = C:\Program Files\NSClient++

; Path for base-path - base-path = C:\Program Files\NSClient++


#2

If a powershell script fails to run it can jam the port open so no matter what you do the port is ‘open’ but it wont accept connections

There is a tool called TCPView-

Run it on the host and check if there are any port 5666 connections open but set to CLOSE WAIT

If there are then terminate any powershell processes running in task manager