Ad Widget

Collapse

failed to accept an incoming connection: : unencrypted connections are not allowed

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Raz_mataz_019
    Junior Member
    • Jan 2019
    • 3
    #1

    failed to accept an incoming connection: : unencrypted connections are not allowed

    I am getting this error in the host agent log. I don't know why I am getting this error, the host and server are configured to use PSK:


    Code:
    ### Option: TLSCertFile

#       Full pathname of a file containing the agent certificate or certificate chain.

#

# Mandatory: no

# Default:

# TLSCertFile=




### Option: TLSKeyFile

#       Full pathname of a file containing the agent private key.

#

# Mandatory: no

# Default:

# TLSKeyFile=




### Option: TLSPSKIdentity

#       Unique, case sensitive string used to identify the pre-shared key.

#

# Mandatory: no

# Default:

TLSPSKIdentity=PSK 002




### Option: TLSPSKFile

#       Full pathname of a file containing the pre-shared key.

#

# Mandatory: no

# Default:

TLSPSKFile=/etc/zabbix/zabbix_agentd.psk

    I have restarted my agent and this still shows in log file:

    Code:
     16757:20190127:141743.779 using configuration file: /etc/zabbix/zabbix_agentd.conf

 16757:20190127:141743.781 agent #0 started [main process]

 16758:20190127:141743.782 agent #1 started [collector]

 16760:20190127:141743.783 agent #3 started[listener #2]

 16761:20190127:141743.784 agent #4 started[listener #3]

 16762:20190127:141743.788 agent #5 started [active checks #1]

 16759:20190127:141743.791 agent #2 started[listener #1]

 16760:20190127:142351.342 failed to accept an incoming connection: from ip address: unencrypted connections are not allowed

    How do I resolve this message?






    Last edited by Raz_mataz_019; 28-01-2019, 15:28.
    Tags: agent, error
    • Atsushi
      Senior Member
      • Aug 2013
      • 2028
      #2
      In the Web interface, please check whether you set the PSK on the encryption tab in the setting of the target host.

        Comment

        • Raz_mataz_019
          Junior Member
          • Jan 2019
          • 3
          #3
          I did. I set the psk indentity AND the key on the encryption tab of the host config to match that of the host.

            Comment

            • andris
              Zabbix developer
              • Feb 2012
              • 228
              #4
              Setting PSK in frontend has not instant effect. You may need to wait until server configuration cache is updated (and also proxy configuration cache is updated if the agent is monitored via proxy).

                Comment

                • Raz_mataz_019
                  Junior Member
                  • Jan 2019
                  • 3
                  #5
                  It's been about 30 hours since configuration. How long is reasonable to wait? I am still getting error spanning 1/26 - 1/28 (today). I would hope cache is updated more frequently than that.

                    Comment

                    • andris
                      Zabbix developer
                      • Feb 2012
                      • 228
                      #6
                      Definitely 30 hours seems enough. If Server and TLSAccept parameters are correct in zabbix_agentd.conf... you can try DebugLevel=4 in zabbix_agentd.conf. If it does not help, tcpdump or Wireshark can help to see actual traffic.

                        Comment

                        Previous template Next
                        Working...