"Could not complete SSL handshake"

Lee Azzarello lee at dropio.com
Thu Feb 12 18:34:28 CET 2009

Previous message: Configuring Nagios on Solaris 10 (Sparc)
Next message: "Could not complete SSL handshake"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's a mystery for the books. I was alerted this morning of a socket
timeout while nagios attempted to connect the NRPE server on a remote
host. I go in and manually check that host and sure enough:

Feb 12 16:02:59 conversion-10 nrpe[6886]: Error: Could not complete
SSL handshake. 5
Feb 12 16:36:03 conversion-10 nrpe[7270]: Error: Could not complete
SSL handshake. 5

Weird, but sort of understandable. Just to make sure it's down, from
the host where Nagios is running:

control-1:~# telnet conversion-10.internal 5666
Trying 10.254.163.50...
Connected to conversion-10.internal.
Escape character is '^]'.

Huh? I can connect via telnet. NRPE is not down.

Then I visually check other services on the remote host though the web
interface, two of which are also a NRPE service check. They are not
generating the SSL handshake error, no socket timeout, status OK, same
host. Wacky. Well, last thing to try is to execute the NRPE check
manually from the host where Nagios is running:

control-1:~# /usr/lib/nagios/plugins/check_nrpe -H
conversion-10.internal -c check_tmpdir_links
check_tmpdir_links OK - result:2823  |links$=2823

Woah, dude!? Uhhh, why is this singular service check telling me it's
having a socket timeout ONLY when run from Nagios but not from an
interactive shell? I give up...

2 hours pass, then I am alerted of the following event:

[1234458138] SERVICE ALERT:
conversion-10;tmpdir-links;OK;HARD;1;check_tmpdir_links OK -
result:2846

WTF? It "fixed itself"? Scary. The only trend I can make of this is
that the timed out service is infrequent. I configured it to be
checked every 30 minutes, while the others are far more frequent,
checking every 5 minutes. Maybe I just got unlucky and hit some high
network latency? I don't know.

-lee

------------------------------------------------------------------------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Configuring Nagios on Solaris 10 (Sparc)
Next message: "Could not complete SSL handshake"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list