This week end there was an update of centreon (from 22.04 to 23.04.8-1)
Since thoses updates one of my nrpe supervision doesn't work anymore to my windows server 2012 (There also was security updates on this windows 2012 server this week) but work well to another windows server (2016).
Here is the command :
/usr/lib64/nagios/plugins/check_centreon_nrpe3 -H x.x.x.x -p 5666 -t 30 -A /etc/ssl/certs/centreon-nrpe/nrpe_ca_cert.pem -C /etc/ssl/certs/centreon-nrpe/nrpe_client_cert.pem -K /etc/ssl/certs/centreon-nrpe/nrpe_client.key -u -2 -c check_files -a "paths=c://test/" "pattern=*.txt" "warning=0" "critical=count>0" top-syntax='${status}: ${count} fichier(s) de plus de 5min trouvé(s) (${problem_list})' detail-syntax='${name}' filter="written < -600s" empty-state=ok empty-syntax='${status}: ${problem_count} file(s) found'
Expected Behavior
OK: 0 file(s) found
Actual Behavior
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with x.x.x.x: 1
2023-09-26 11:05:02: error:c:\source\0.5.2\modules\NRPEServer\NRPEServer.cpp:121: DH key not found: none
2023-09-26 11:05:03: error:c:\source\0.5.2\include\socket/server.hpp:217: Failed to bind 0.0.0.0:5666(ipv4): An attempt was made to access a socket in a way forbidden by its access permissions
2023-09-26 11:05:03: error:c:\source\0.5.2\include\socket/server.hpp:165: Failed to setup endpoint
I check on the Windows server 2012, the firewall is still the same, no new rules. Port 5666 is still open and listenning.
This week end there was an update of centreon (from 22.04 to 23.04.8-1)
Since thoses updates one of my nrpe supervision doesn't work anymore to my windows server 2012 (There also was security updates on this windows 2012 server this week) but work well to another windows server (2016).
Here is the command :
Expected Behavior
OK: 0 file(s) found
Actual Behavior
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with x.x.x.x: 1
Details
Additional Details
NSClient.ini : [/settings/log] level = info date format = %Y-%m-%d %H:%M:%S file name = ${exe-path}/nsclient.log
[/settings/log/file] max file = 2048000
[/modules] NRPEServer = 1 WEBServer = 0 CheckDisk = 1 CheckEventLog = 1 CheckExternalScripts = 1 CheckHelpers = 1 CheckNSCP = 1 CheckSystem = 1 CheckTaskSched = 1 CheckNet = 1
[/settings/NRPE/server] allowed hosts = poller-1.x.net,poller-2.x.net,poller-1.dev.x.net port = 5666 verify mode = peer-cert allow arguments = true allow nasty characters = true insecure = false ssl options = no-sslv2,no-sslv3 dh = none certificate = C:\Program Files\Centreon NSClient++\security\nrpe_client_cert.pem ca = C:\Program Files\Centreon NSClient++\security\nrpe_ca_cert.pem certificate key = C:\Program Files\Centreon NSClient++\security\nrpe_client.key allowed ciphers = ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH [/settings/external scripts] allow arguments = 1 allow nasty characters = 1
[/settings/external scripts/scripts/default] ignore perfdata = true [/settings/external scripts/scripts] ;check_custom=\
NSClient++ log:
I check on the Windows server 2012, the firewall is still the same, no new rules. Port 5666 is still open and listenning.
PS C:\Users\XXX> netstat -aon | findstr ":5666" | findstr "LISTENING" TCP 0.0.0.0:5666 0.0.0.0:0 LISTENING 796 TCP 0.0.0.0:5666 0.0.0.0:0 LISTENING 9052 TCP [::]:5666 [::]:0 LISTENING 796
Do you have a solution? or even a idea?