Nagios simply will not communicate with NSClient on particular server

mickem / nscp

NSClient++

http://nsclient.org

GNU General Public License v2.0

240 stars 94 forks source link

Nagios simply will not communicate with NSClient on particular server #746

Open brian-bbc opened 3 years ago

brian-bbc commented 3 years ago

Issue and Steps to Reproduce

Describe your issue and tell us how to reproduce it.

/usr/local/nagios/libexec/check_nt -H Host1 -p 12489 -s PASSWORD -v CLIENTVERSION

Expected Behavior

This issue is not limited to CLIENTVERSION but rather any attempt to query using check_nt. All other servers we have installed NSClient on respond normally with the NSClient version number. We have one particular server which simply will not allow itself to be accessed on port 12489. I have triple checked the firewall rules and there is nothing blocking it.

Actual Behavior

CRITICAL - Socket timeout after 10 seconds

Details

NSClient++ version: 0.5.2
OS and Version: Windows Server 2019
Checking from: Nagios Core 4.4.6
Checking with: check_nt

Additional Details

NSClient++ log:

The log is empty

brian-bbc commented 3 years ago

When I run netstat on the server locally, it appears that Port 12489 is open and listening.

P:\>netstat -na | find "12489"
  TCP    HOST1:12489     0.0.0.0:0              LISTENING

However when I try to test it from any other server, even servers from within the same security group, it cannot be accessed. I ran this command and got the same result from two other servers:

PS P:\> Test-NetConnection HOST1 -Port 14689
WARNING: TCP connect to (HOST1 : 14689) failed

ComputerName           : HOST1
RemoteAddress          : HOST1
RemotePort             : 14689
InterfaceAlias         : Ethernet 2
SourceAddress          : HOST2
PingSucceeded          : True
PingReplyDetails (RTT) : 89 ms
TcpTestSucceeded       : False

So whatever is happening appears to be localized to that one server. I have already verified the Windows firewall is allowing the port.

daooze commented 3 years ago

I would start by verifying if the right port can be accessed from the remote system: In your example you are checking the connection to port 14689 while the software on the remote host is listening on port 12489. This is expected to fail.

brian-bbc commented 3 years ago

Thanks for pointing out the typo. I did check again with port 12489 but it also fails.

PS P:\> Test-NetConnection HOST1 -Port 12489
WARNING: TCP connect to (HOST1 : 14689) failed