NRPE not working after NRPE plugin upgrade from v2.15 to v3.2.1

Question

I'm migrating our Icinga 2 from Debian 8 to Ubuntu 18.04. The old server had NRPE plugin 2.15. The new server has NRPE plugin 3.2.1.

If I try to connect with the new plugin to old NRPE servers (v2.15 too), I get these errors:

$ /usr/lib/nagios/plugins/check_nrpe -H some.server
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 1.2.3.4: 1

$ /usr/lib/nagios/plugins/check_nrpe -H some.server -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).

$ /usr/lib/nagios/plugins/check_nrpe -2 -H some.server 
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 1.2.3.4: 1

$ /usr/lib/nagios/plugins/check_nrpe -2 -H some.server -n
CHECK_NRPE: Receive header underflow - only -1 bytes received (4 expected).

The NRPE server always logs this:

Error: Could not complete SSL handshake. 1

The KB entry says, this should work. How to make the new plugin work with the old NRPE servers?

score 0 · Answer 1 · answered Sep 02 '20 at 14:21

The error "Receive header underflow " happens if the client-side nrpe is run with the -n argument to disable SSL but the server-side NRPE is still trying to do an SSL handshake. If you add -n to the arguments for the server-side NRPE this should fix it.

On Windows using Winrpe from ICW I had to change the arguments for the service in the registry here: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Nrpe\Parameters

Just search for nrpe.exe in the registry and add -n to the arguments. There may be more than one control set you have to change.

score 0 · Answer 2 · answered Apr 18 '19 at 19:16

I was just experiencing this same thing. What fixed it for me was recompiling the check_nrpe plugin with the following command: sudo ./configure --disable-ssl --enable-command-args

Then I just ran sudo make check_nrpe, dropped it in place over the bad plugin and restarted the nagios-nrpe-server. I'm no longer getting the 'SSL handshake' error (I'm getting exclusively the 'header underflow' error that you mentioned when you added the -n flag, but hey, baby steps). Hope this helps.

-Marshall

score 0 · Answer 3 · answered Apr 18 '19 at 20:37

0

I wanted to let you know that I was just informed about a package in apt (I'm working on Debian 9) called nagios-nrpe-plugin. I installed that via apt (it installed into /usr/lib/nagios/plugins) and was immediately able to run that command and get back the NRPE version of the remote server. I'm still getting the 'header underflow' message on the Nagios frontend, so I seem to still have some tweaking to do there, but will keep you updated. I hope this information helps. -Marshall D

answered Apr 18 '19 at 20:37

Marshall D

1

HUZZAH!!! I updated the commans.cfg to explicitly use the version of check_nrpe in `/usr/lib/nagios/plugins` and now my frontend is showing data as expected. Tomorrow (because I'm SO done fighting with this for today), I'm going to symlink the 'plugins' file into `/usr/local/nagios/libexec` so that I can set the command back and avoid having two versions of check_nrpe laying around to potentially cause confusion, but I think I'm in business now. – Marshall D Apr 18 '19 at 20:57

NRPE not working after NRPE plugin upgrade from v2.15 to v3.2.1

3 Answers3