Hello,
I got this error on several services using the api plugins
Anyone know how to fix it?
i made a search about this in forum but the only thread with it did not help…
Hello,
I got this error on several services using the api plugins
Anyone know how to fix it?
i made a search about this in forum but the only thread with it did not help…
Hello,
do your probes check from cloud (poller) to onPremise (hosts to check) ?
Regards.
you went back to “can’t connect” and “connexion refused”, which is not good. replacing centreon-plugins.exe in the script subfolder should not impact NSCLIENT, you don’t even have to restart it.
if you didn’t modify the nsclient.ini this really looks like there is something interfering with the https on tcp8443 on your windows hosts
this is a network problem or config problem on the windows side (are you sure about the cause “1” I listed in a previous post above, about multiple service/program using the TCP8443 port?)
i am gonna test again. will let you know.
Hello,
do your probes check from cloud (poller) to onPremise (hosts to check) ?
Regards.
hello,
everything on premise.
Best regards,
Hi,
Does all yours probes using api with port 8443 on hosts windows have the same problem ?
Does you set on hosts windows the same nsclient.ini ?
Regards.
Hi,
Does all yours probes using api with port 8443 on hosts windows have the same problem ?
Does you set on hosts windows the same nsclient.ini ?
Regards.
Yes, all probes using the rest api have the same error message. We've downgraded the nsclient.ini by GPO, so all hosts have the same configuration.
you went back to “can’t connect” and “connexion refused”, which is not good. replacing centreon-plugins.exe in the script subfolder should not impact NSCLIENT, you don’t even have to restart it.
if you didn’t modify the nsclient.ini this really looks like there is something interfering with the https on tcp8443 on your windows hosts
this is a network problem or config problem on the windows side (are you sure about the cause “1” I listed in a previous post above, about multiple service/program using the TCP8443 port?)
With the nsclient rest api service started on port 8445 I can't see the port when doing netstat on the command line.
Maybe this is the problem
Hi,
Does windows firewall on windows hosts in Inbound Rules, allow “C:\programs files\Centreon NSClient++\nscp.exe” ?
Regards.
Hi,
Does windows firewall on windows hosts in Inbound Rules, allow “C:\programs files\Centreon NSClient++\nscp.exe” ?
Regards.
it does
Hi
If you use https://127.0.0.1:8443 ( on windows Host ) accept insecure connexion, do you obtain Sign in to use NSClient++ banner ?
Regards.
you went back to “can’t connect” and “connexion refused”, which is not good. replacing centreon-plugins.exe in the script subfolder should not impact NSCLIENT, you don’t even have to restart it.
if you didn’t modify the nsclient.ini this really looks like there is something interfering with the https on tcp8443 on your windows hosts
this is a network problem or config problem on the windows side (are you sure about the cause “1” I listed in a previous post above, about multiple service/program using the TCP8443 port?)
With the nsclient rest api service started on port 8445 I can't see the port when doing netstat on the command line.
Maybe this is the problem
there should a log in the nsclient folder, it should say stuff when it can’t bind a port or have major issues.
no idea what is happening
could you paste your section for nsclient restapi (here is mine for tcp port 5443, notice the “s” for ssl over 5443)
; Section for REST API
[/settings/WEB/server]
; ALLOWED HOSTS - A coma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = mypoller
;CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = false
; PORT NUMBER - Port to use for REST API.
port = 5443s
;PASSWORD - Password used to authenticate against server
password = xxxx
; CERTIFICATE - Ssl certificate to use for the ssl server
certificate = ${certificate-path}/certificate.pem
you went back to “can’t connect” and “connexion refused”, which is not good. replacing centreon-plugins.exe in the script subfolder should not impact NSCLIENT, you don’t even have to restart it.
if you didn’t modify the nsclient.ini this really looks like there is something interfering with the https on tcp8443 on your windows hosts
this is a network problem or config problem on the windows side (are you sure about the cause “1” I listed in a previous post above, about multiple service/program using the TCP8443 port?)
With the nsclient rest api service started on port 8445 I can't see the port when doing netstat on the command line.
Maybe this is the problem
there should a log in the nsclient folder, it should say stuff when it can’t bind a port or have major issues.
no idea what is happening
could you paste your section for nsclient restapi (here is mine for tcp port 5443, notice the “s” for ssl over 5443)
; Section for REST API
[/settings/WEB/server]
; ALLOWED HOSTS - A coma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = mypoller
;CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = false
; PORT NUMBER - Port to use for REST API.
port = 5443s
;PASSWORD - Password used to authenticate against server
password = xxxx
; CERTIFICATE - Ssl certificate to use for the ssl server
certificate = ${certificate-path}/certificate.pem
; Section for REST API
[/settings/WEB/server]; ALLOWED HOSTS - A coma separated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges.
allowed hosts = 10.3.10.50;CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won’t allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = true; PORT NUMBER - Port to use for REST API.
port = 8443s;PASSWORD - Password used to authenticate against server
password = c.x.x.x.4; CERTIFICATE - Ssl certificate to use for the ssl server
certificate = ${certificate-path}/certificate.pem
well, we went far, and we are running in circles.
your nsclient on your windows host seems OK.
you have the right windows firewall rules (nscp.exe allowed)
your centreon central seems to be able to communicate on https tcp8443 with the windows host, but only some times
sometimes it works (but cannot run the plugin), sometimes it says 403, which can mean a lot of things…
I personnally never seen that, and can’t help you more, you need to figure what is happening between your servers and on your network (do you have another FW, EDPR, antivirus, or anything that could interact with the network of the windows host?)
please make a clean windows for testing, and just try to run basic nsclient restapi things like cpu/ram/disk before trying to run advanced plugin like wsus and exchange.
be sure to use the same config file and source for nsclient
also try what Piere asked above with the opening the url locally on the server, the web page should say NSCLIENT++
well, we went far, and we are running in circles.
your nsclient on your windows host seems OK.
you have the right windows firewall rules (nscp.exe allowed)
your centreon central seems to be able to communicate on https tcp8443 with the windows host, but only some times
sometimes it works (but cannot run the plugin), sometimes it says 403, which can mean a lot of things…
I personnally never seen that, and can’t help you more, you need to figure what is happening between your servers and on your network (do you have another FW, EDPR, antivirus, or anything that could interact with the network of the windows host?)
please make a clean windows for testing, and just try to run basic nsclient restapi things like cpu/ram/disk before trying to run advanced plugin like wsus and exchange.
be sure to use the same config file and source for nsclient
also try what Piere asked above with the opening the url locally on the server, the web page should say NSCLIENT++
In any case, thank you for our exchange, I'm really short of ideas, I don't have the possibility to create VMs just for testing, I'm on the company infrastructure. I'll keep on testing and trying to find leads/solutions if I ever get everything working I'll put the solution here.
Thanks again for everything.
Edit : About opening the link on the machine concerned the internet explorer page gives me an error
OK
Then your nsclient is not running properly
Be sure the service is running
Please check nsclient.log in the nsclient folder
2023-10-10 11:48:12: error:c:\source\0.5.1\modules\WEBServer\WEBServer.cpp:119: Invalid password/token from: 10.3.10.50: cXnXXX
2023-10-10 11:48:26: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 14:42:01: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 14:42:03: error:c:\source\0.5.1\modules\WEBServer\WEBServer.cpp:761: Failed to start server: Failed to set ssl_certificate: Cannot load PEM
2023-10-10 14:43:40: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 14:43:41: error:c:\source\0.5.1\modules\WEBServer\WEBServer.cpp:761: Failed to start server: Failed to set ssl_certificate: Cannot load PEM
2023-10-10 14:56:32: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 14:57:26: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 14:57:56: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 14:59:57: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 14:59:57: error:c:\source\0.5.1\modules\WEBServer\WEBServer.cpp:761: Failed to start server: Failed to set ssl_certificate: Cannot load PEM
2023-10-10 15:06:50: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:07:21: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:07:27: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:07:41: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:08:04: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:08:57: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:09:15: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:09:38: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:10:08: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:14:12: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:14:12: error:c:\source\0.5.1\modules\WEBServer\WEBServer.cpp:761: Failed to start server: Failed to set ssl_certificate: Cannot load PEM
2023-10-10 15:15:59: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-10 15:15:59: error:c:\source\0.5.1\modules\WEBServer\WEBServer.cpp:761: Failed to start server: Failed to set ssl_certificate: Cannot load PEM
2023-10-11 03:00:56: error:c:\source\0.5.1\modules\CheckSystem\pdh_thread.cpp:307: Failed to get network metrics: Failed to fetch network metrics: ConnectServer failed: namespace=root\cimv2, user=:8007045b: Un arrêt système est en cours.
2023-10-11 03:01:08: error:c:\source\0.5.1\modules\CheckSystem\pdh_thread.cpp:307: Failed to get network metrics: Failed to fetch network metrics: ConnectServer failed: namespace=root\cimv2, user=:8007045b: Un arrêt système est en cours.
2023-10-11 03:01:39: debug:c:\source\0.5.1\service\logger\nsclient_logger.cpp:52: Creating logger: threaded-file
2023-10-11 03:01:41: error:c:\source\0.5.1\modules\WEBServer\WEBServer.cpp:761: Failed to start server: Failed to set ssl_certificate: Cannot load PEM
OK
Then your nsclient is not running properly
Be sure the service is running
Please check nsclient.log in the nsclient folder
sorry I missed the message but you can see above what comes out of the nsclient log file
Ok, so now you have a real cause and an explanation on why the service is not working. it doesn’t find the certificate.pem et doesn’t start the web server
I have no idea how you got there, it was working before given you got some message saying it work. (if was working before I asked if the plugin was up to date from the last exe on github)
you should have a folder called “security”
with the PEM file
this comes with the setup.exe of nsclient you get from centreon here Download Centreon | Open Source IT Infrastructure Monitoring Tool or here https://github.com/centreon/centreon-nsclient-build/releases/tag/20211104134145
I would suggest to uninstall everything nsclient related, if there are files remaining after uninstall, remove them manually, in program files), then make a clean install and put your “.ini” with the right configuration
(and you will need to update the centreon_plugins.exe in the script/centreon folder)
Ok, so now you have a real cause and an explanation on why the service is not working. it doesn’t find the certificate.pem et doesn’t start the web server
I have no idea how you got there, it was working before given you got some message saying it work. (if was working before I asked if the plugin was up to date from the last exe on github)
you should have a folder called “security”
with the PEM file
this comes with the setup.exe of nsclient you get from centreon here Download Centreon | Open Source IT Infrastructure Monitoring Tool or here https://github.com/centreon/centreon-nsclient-build/releases/tag/20211104134145
I would suggest to uninstall everything nsclient related, if there are files remaining after uninstall, remove them manually, in program files), then make a clean install and put your “.ini” with the right configuration
(and you will need to update the centreon_plugins.exe in the script/centreon folder)
its already there
mmmh, you got 2 different modified date between the ca.pem and certificate.pem,
again, I have no idea if this is linked, but all the server I got have the same date for the 2 files (they seems to be generated at first run ever, then no idea how to regenerate/fix that, if they don’t match, the ssl will not work)
have you tried a full uninstall/delete all file in program files/reinstall of nsclient ?
mmmh, you got 2 different modified date between the ca.pem and certificate.pem,
again, I have no idea if this is linked, but all the server I got have the same date for the 2 files (they seems to be generated at first run ever, then no idea how to regenerate/fix that, if they don’t match, the ssl will not work)
have you tried a full uninstall/delete all file in program files/reinstall of nsclient ?
i installed this :
Centreon-NSClient-0.5.2.41-20211102-x64.exe
and now :
files are the same size now so now i got the “good message”. >>> Unknown: 403 Forbidden
ok,
and does your local browser with “https://localhost:8443” work?
what does the nsclient.log says ?
i got it working thank you all and specially
so to get it working properly :
i downloaded the last nsclient from github
i downloaded also the last centreon-plugins.exe
installed all on the host
nscp web install
nscp web -- password --set XXXXXX
net stop nscp
net start nscp
add in NSCPRESTAPIEXTRAOPTIONS : --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"
modify the password in centreon
after this i had a 500 read timeout
i added in NSCPRESTAPIEXTRAOPTIONS : --timeout=30
and working!
nice to know it works
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.