jamal
(Jamal)
April 16, 2024, 6:48am
1
CMK version: 2.1.0p40
OS version:Red Hat Enterprise Linux Server release 7.9
Error message:Host is registered for TLS but not using it CRIT, Got no information from host
Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)
mschlenker
(Mattias Schlenker)
April 16, 2024, 6:50am
2
Please post the output of cmk-agent-ctl status
.
jamal
(Jamal)
April 16, 2024, 8:16am
3
Hello Mattias,
Thanks for the quick replay.
We upgraded check_mk from 2.0.0p34 to 2.1.0p40. We registered two hosts manually.
[root@dinoaccapp22 ~] cmk-agent-ctl register --hostname dinoaccapp22 --server gdnmonitor03:8000 --site pdc1 --user automation --password XXXXXXXXXXXXXX
[root@dinoaccapp22 ~]# cmk-agent-ctl status
Version: 2.1.0p40
Agent socket: operational
IP allowlist: any
Legacy mode: enabled
No connections
mschlenker
(Mattias Schlenker)
April 16, 2024, 8:39am
4
Registration failed, you are running in legacy mode, unencrypted. Please remove the registration server side and register again.
jamal
(Jamal)
April 16, 2024, 9:18am
5
Hello,
How can we remove the registration sever side?
Please see below the “Connection refused” error. What could be the cause of this error?
[root@dinoaccapp22 ~]# curl -v --insecure https://gdnmonitor03/pdc1/check_mk/api/1.0/domain-types/internal/actions/discover-receiver/invoke
* About to connect() to gdnmonitor03 port 443 (#0)
* Trying 10.XX.XXX.XX...
* Connection refused
* Failed connect to gdnmonitor03:443; Connection refused
* Closing connection 0
curl: (7) Failed connect to gdnmonitor03:443; Connection refused
jamal
(Jamal)
April 16, 2024, 10:52am
6
Hello,
I realize now that check_mk web server is running on port 80. I asked the Firewall administrator to open port 80 too. Please stand-by.
Port 80:
[root@dinoaccapp22 ~]# curl -v --insecure http://gdnmonitor03.gdnnet.lan/pdc1/check_mk/api/1.0/domain-types/internal/actions/discover-receiver/invoke
* About to connect() to gdnmonitor03.gdnnet.lan port 80 (#0)
* Trying 10.XX.XXX.XX...
* Connection timed out after 10001 milliseconds
* Closing connection 0
Warning: Transient problem: timeout Will retry in 1 seconds. 6 retries left.
* About to connect() to gdnmonitor03.gdnnet.lan port 80 (#1)
* Trying 10.XX.XXX.XX...
^C
mschlenker
(Mattias Schlenker)
April 16, 2024, 11:34am
7
See here for troubleshooting if 80 or 443 is not reachable from the host (deeplink):
Also, you can do registration by proxy, if the server can reach the host, but not vice versa (deeplink):
jamal
(Jamal)
April 18, 2024, 3:51pm
8
Hello,
We opened port 80 in the firewall and the subscription is now working. Solved.
many thanks for the support.