NetXMS Support Forum

Hello,

I have a problem with login in webui, it shows me this error -> Encryption is not supported by peer. The same is in console, but when i disable encrypt session, then i login successfully! And in the nxagent.conf RequireEncryption = no.
I didn't find any solution in the web, so I came here for help!

Thanks in advance,
Nikk

Hi!

Looks like you've compile server without encryption support. I recommend to recompile it with encryption (ensure that you have openssl development package installed and that encryption support set to YES in configure summary).

Best regards,
Victor

Thanks for fast reply!

I had OpenSSL already installed and now i set to YES, but nothing changed. Or I just don't understand how to do that!

Thanks in advance,
Nikk

Can you post your config.log please?

Here, if this is what you meant (I wasn't sure).


#
# Servers
#
# List of management servers which have read access to this agent.
# Both IP addresses and DNS names can be used. Multiple servers can be
# specified in one line, separated by commas. If this parameter used more
# than once, servers listed in all occurences will have access to agent.
#
# Examples:
# Servers = 10.0.0.1
# Servers = 127.0.0.1, srv1.domain.com, srv2.domain.com

#
# ControlServers
#
# List of management servers which can execute actions on agent. Hosts
# listed in this parameter also have read access to the agent. Both
# IP addresses and DNS names can be used. Multiple servers can be specified
# in one line, separated by commas. If this parameter used more than
# once, servers listed in all occurences will have access to agent.
#
# Examples:
# ControlServers = 10.0.0.1
# ControlServers = 127.0.0.1, srv1.domain.com, srv2.domain.com

#
# MasterServers
#
# List of management servers which have full access to agent. Hosts listed
# in this group can change agent's config, upload files to agent and initiate
# agent upgrade, as well as perform any task allowed for hosts listed in
# Servers and ControlServers. Both IP addresses and DNS names can be used.
# Multiple servers can be specified in one line, separated by commas.
# If this parameter used more than once, servers listed in all occurences
# will have access to agent.
#
# Examples:
# MasterServers = 10.0.0.1
# MasterServers = 127.0.0.1, srv1.domain.com, srv2.domain.com
MasterServers = 127.0.0.1, 10.10.82.151
#
# ListenPort
#
# Defines the port number for the agent to listen on incoming connections.
# Default values is 4700
#
# Examples:
# ListenPort = 4700

#
# LogFile
#
# Agent's log file. To write log to syslog (or Event Log on Windows),
# use {syslog} as file name.
#
# Examples:
# LogFile = {syslog}
LogFile = /var/log/nxagentd.log

#
# RequireAuthentication
#
# If set to "yes", host connected to agent have to provide correct shared
# secret before issuing any command. Default value is "no".
#
# Example:
# RequireAuthentication = no

#
# RequireEncryption
#
# If set to "yes", host connected to agent will be forced to use encryption,
# and if encryption is not supported by remote host, connection will be
# dropped. Default value is "no". This parameter has no effect if agent
# was compiled without encryption support.
#
# Example:
RequireEncryption = yes

#
# EnabledCiphers
#
# Control what ciphers agent can use for connection encryption. Value for
# this parameter is a cipher code. To enable more than one cipher, they
# codes should be added. By default, all possible ciphers are enabled.
#
# Possible cipher codes:
#   1  =  AES-256
#   2  =  BLOWFISH
#   4  =  IDEA
#       8  =  Triple DES
#
# Example (enable AES-256 and IDEA):
# EnabledCiphers = 5

#
# SharedSecret
#
# Agent's shared secret. Used only if RequireAuthentication set to "yes".
#
# Example:
# SharedSecret = secret

#
# MaxSessions
#
# Maximum number of simultaneous communication sessions. Possible value can
# be in range from 2 to 1024. Default value is 32.
#
# Example:
# MaxSessions = 32

#
# SessionIdleTimeout
#
# Communication session's idle timeout in seconds. If agent will not receive
# any command from peer within specified timeout, session will be closed.
# Default value is 60 seconds.
#
# Example:
# SessionIdleTimeout = 60

#
# FileStore
#
# Directory to be used for storing files uploaded by installation server(s).
#
# Example:
# FileStore = /var/nxagentd

#
# TimeOut
#
# GET request timeout in seconds. If GET request cannot be completed for
# specified amount of time, agent will return an error to server.
# Default value is 5 seconds.
#
# Example:
# TimeOut = 5

#
# StartupDelay
#
# Number of seconds agent should wait on startup before start servicing
# requests. This parameter can be useful to prevent false reports about
# missing processes or failed services just after monitored system startup.
# Default value is 0, i.e. no startup delay.
#
# Example:
# StartupDelay = 0

#
# PlatformSuffix
#
# String to be added as suffix to value of System.PlatformName parameter.
#
# Example:
# PlatformSuffix = dbg

#
# EnableSubagentAutoload
#
# Enable or disable autoloading of platform subagent(s).
# Default value is "yes".
#
# Example:
# EnableSubagentAutoload = yes

#
# EnableProxy
#
# Allow requests forwarding
# Default value is "no"
#
# Example:
# EnableProxy = no

#
# EnableSNMPProxy
#
# Allow SNMP requests forwarding
# Default value is "no"
#
# Example:
# EnableSNMPProxy = no

#
# SubAgent
#
# Subagent to load. To load multiple subagents, you should use multiple
# SubAgent parameters. Subagents will be loaded in the same order as they
# appears in configuration file.
#
# UNIX example:
# SubAgent = [path_to_netxms_install_dir]/lib/libnsm_linux.so
#
# Windows example:
# SubAgent = winperf.nsm

#
# ExternalParameter
#
# Add parameter handled by external command. To add multiple parameters, you
# should use multiple ExternalParameter entries. Please note that on Windows
# agent uses system process execution API for execution of specified
# command, so you cannot use pipes or shell commands. If you need to
# execute command via shell, use ExternalParameterShellExec instead.
#
# Syntax:
# ExternalParameter = <parameter_name>:<command_line>
# If you specify parameter name as "name(*)", then you can use $1 .. $9 in
# command line to substitute actual arguments passed from server.
#
# Examples:
# ExternalParameter = Test:echo test
# ExternalParameter = LineCount(*):cat $1 | wc -l
# ExternalParameter = Test2(*):myprog $1 $2

#
# ExternalParameterShellExec
#
# Add parameter handled by external command. To add multiple parameters, you
# should use multiple ExternalParameterShellExec entries. This is similar
# to ExternalParameter with exception that agent will use shell to execute
# specified command instead of system process exeution API. This difference
# presented only on Windows system, on other systems ExternalParameter and
# ExternalParameterShellExec behaves identically.
#
# Syntax:
# ExternalParameterShellExec = <parameter_name>:<command_line>
# If you specify parameter name as "name(*)", then you can use $1 .. $9 in
# command line to substitute actual arguments passed from server.
#
# Examples:
# ExternalParameterShellExec = Test:dir c:\ | wc -l

No I meant file named config.log, which is created after you run configure when building server from sources.

Best regards,
Victor

Ou, sorry, i'm just a beginner in this world. But i'm not able to find this file, i even ran search, but the results were 0.
Where should I look for it on Ubuntu?

Thanks,
Nikk

Just to be sure - did you install server from sources or from deb package?

Best regards,
Victor

I did everything what was told in Installation guide, so installed from source, but I might have installed deb package afterwards (because I thought it was some kind of additional libraries to source code)

Thanks in advance,
Nikk

You should install either from source code or from deb packages. You can check what you are using by path - deb packages installs all binaries under /usr/bin, while building from source by default will use /usr/local/bin. If you have both binaries and linraries, I recommend to remove either deb packages or binaries built from source code.

Best regards,
Victor

Ok, I just did a clean install from source, but i'm getting the same error!

And here is my config.log
https://www.dropbox.com/s/joqzra21l5sa30v/config.log (https://www.dropbox.com/s/joqzra21l5sa30v/config.log)

Thanks in advance,
Nikk

Please post your config.log (it should be in the root of source directory).

Posted it in previous reply :)

Important part is this:


configure:17311: checking for RSA_new in -lcrypto
configure:17336: gcc -o conftest -g -O2  -D_THREAD_SAFE -DTRE_WCHAR=1 -I/usr/local/mysql/include -I/usr/include/mysql -I/usr/mysql/include -I/usr/local/include/mysql -I/usr/local/mysql/include/mysql -I/usr/mysql/include/mysql -D_GNU_SOURCE -I/usr/local/include  -L/usr/local/mysql/lib -L/usr/lib64/mysql -L/usr/lib/mysql -L/usr/mysql/lib -L/usr/local/lib/mysql -L/usr/local/mysql/lib/mysql -L/usr/mysql/lib/mysql -L/usr/local/lib conftest.c -lcrypto   -lpthread >&5
/usr/bin/ld: cannot find -lcrypto


which means that configure cannot find libcrypto, and so server was built without encryption support. You have to install libssl-dev package and re-run configure and make.

Best regards,
Victor

Thank you a lot, it worked :)

Hi, I have the same problem !
I always receive "Encryption is not supported by peer"
I post my config.log file hoping to be helped :)
Thank you !

Hi!

Quite strange, according to config.log you've build server with encryption support. Can you please show me output of

ldd /usr/bin/netxmsd

Also, try to connect with desktop console with "Encrypt session" option turned on.

Best regards,
Victor

This is the ouput of ldd /usr/local/bin/netxmsd (with local directory)

root@netxms:~# ldd /usr/local/bin/netxmsd
        linux-vdso.so.1 =>  (0x00007fffc1b27000)
        libnxcore.so.1 => /usr/local/lib/libnxcore.so.1 (0x00007f1a377ea000)
        libnxsrv.so.1 => /usr/local/lib/libnxsrv.so.1 (0x00007f1a375d5000)
        libnxsnmp.so.1 => /usr/local/lib/libnxsnmp.so.1 (0x00007f1a373c5000)
        libnxsl.so.1 => /usr/local/lib/libnxsl.so.1 (0x00007f1a37184000)
        libnxmap.so.1 => /usr/local/lib/libnxmap.so.1 (0x00007f1a36f7f000)
        libnxlp.so.1 => /usr/local/lib/libnxlp.so.1 (0x00007f1a36d77000)
        libnxdb.so.1 => /usr/local/lib/libnxdb.so.1 (0x00007f1a36b6d000)
        libnetxms.so.1 => /usr/local/lib/libnetxms.so.1 (0x00007f1a3693d000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1a36725000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1a36521000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1a36305000)
        libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f1a35ffd000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1a35d7b000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f1a35b65000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1a357da000)
        libnxtre.so.5 => /usr/local/lib/libnxtre.so.5 (0x00007f1a355cb000)
        libnxexpat.so.1 => /usr/local/lib/libnxexpat.so.1 (0x00007f1a353a7000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f1a37b17000)

This is my Debian version:
root@netxms:~# uname -a
Linux netxms 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux


I tried desktop management console: with "Encrypt connection" turned on I receive the error "Encryption is not supported by peer".
With "Encrypt connection" turned off...I get in :)))

Should I compile with --disable-encryption ?

Thank you

I tried to compile again with --disable-encryption but nothing has changed.

From ldd output it seems that encryption was disabled. Please run configure again and send me summary printed by configure script when it finishes.

Best regards,
Victor

Here it is:

Command was:
sh ./configure --with-server --with-mysql --with-agent


And this is summary:


---------------------------------------------------------------------
                         Configure results
---------------------------------------------------------------------

Prefix                  : /usr/local
Build Server            : YES
Server libs             :  -lssl
Encryption enabled      : YES
Build DB-Drivers        : mysql
Build Clients           : NO
Build Agent             : YES
Subagents list          : linux
Build Static Agent      : NO
UNICODE build           : NO
Use internal libexpat   : YES
Use internal libtre     : YES
Use internal zlib       : NO
Force 32bit build       : NO
C compiler              : gcc
C++ compiler            : g++
CPPFLAGS                :  -D_THREAD_SAFE -DTRE_WCHAR=1 -I/usr/local/mysql/include -I/usr/include/mysql -I/usr/mysql/include -I/usr/local/include/mysql -I/usr/local/mysql/include/mysql -I/usr/mysql/include/mysql -D_GNU_SOURCE -I/usr/local/include -DPREFIX=\"${prefix}\" -DDATADIR=\"${pkgdatadir}\" -DBINDIR=\"${bindir}\" -DLIBDIR=\"${libdir}\" -DPKGLIBDIR=\"${pkglibdir}\"
CXXFLAGS                : -g -O2 -fno-rtti -fno-exceptions
CFLAGS                  : -g -O2
LDFLAGS                 :   -L/usr/local/mysql/lib -L/usr/lib64/mysql -L/usr/lib/mysql -L/usr/mysql/lib -L/usr/local/lib/mysql -L/usr/local/mysql/lib/mysql -L/usr/mysql/lib/mysql -L/usr/local/lib
LIBS                    : -lz -ldl -lcrypto -lcrypto -lcrypto  -lpthread
MySQL libs              : -lmysqlclient

Strange. Should work. Try to do

make clean
make
make install

just in case and try again. After that, try to start server with debug level 6 and check log for possible errors related to encryption.

Best regards,
Victor

Great !
It's now active and I can use it by client and by web.
Solved just  by "make clean"....sometimes a very few is enough...

Thank you again, Viktor !