Update failed (0)

CMK version: 1.6.0p11
OS version: Centos 7

Error message: Update failed (0)

Hello everyone, the issue that brings me here is the following, currently I have a monitoring infrastructure distributed in two servers, one of them, the main server receives the checks from the secondary server. the checks and alerts are received and displayed well, but when it comes to display the graphics and preview, it prints the error Update failed (0) and does not allow to click on that button, if it opens in another tab redirects to the secondary server where I have to log in to see the graphics, which is quite annoying.

Opening the code inspector of the browser I have seen that it seems to be a bug in the CORS policy because of the following message:
Content Security Policy: The settings for this page have blocked the loading of a resource at http://10.20.30.41/second_server/pnp4nagios/index.php/popup?host=myserver (connect-src).

When I reviewed how I had structured the apache configuration of the first server I saw that in principle nothing should be blocking the second server, I leave an extract of the policy in case I’m not seeing it:

Header always set Access-Control-Allow-Origin: "*"
Header always set Content-Security-Policy: "default-src 'self' 'unsafe-inline' 'unsafe-eval' ssh: rdp:; img-src 'self' data: https://*.tile.openstreetmap.org/ ; connect-src 'self' http://10.20.30.41/ https://crash.checkmk.com/ ; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' javascript: 'unsafe-inline'; object-src 'self'; frame-src http://10.20.30.41/ 'self'"
<FilesMatch "\.(js|css|png|ico|wav|jpg)$">
Header always unset Content-Security-Policy
</FilesMatch>

As for the configuration between the two servers I haven’t reported any errors, and in the main logs (~site/var/log/) I don’t see any failure logs.

Let’s see if with this information, someone can see where the failure comes from.

Thank you very much in advance

Note that there are two Apache HTTP servers involved:

  • the frontend Apache server listening on port 80 and/or 443, which is the plain Apache coming from the CentOS httpd package, with a litte configuration extension per Checkmk site; and
  • a backend Apache server for each Checkmk site, typically running on a port beginning from 5000; this server is fully controlled by the Checkmk site.

Both of them could set CORS or other security policy headers, they might disturb each other.

Have you tried to upgrade to Checkmk 2.0? Checkmk 2.0 Raw Edition comes with the graphing system from the Enterprise Edition, pnp4nagios is not used any more.

I haven’t tried to update it to version 2.0, I would like to try to make it work on version 1.6 since I have everything mounted on it and avoid having to migrate all the hosts I have, but I’m going to take it into account as a possible solution.