I am already using active agents on other servers and everything works really nice. I've performed installation of Zabbix agent on new server and I've set the same config as in other active agents. The problem is my agent can't connect to the server.
End of zbx_tls_connect():FAIL error:'SSL_connect() I/O error: [0x00002746] An existing connection was forcibly closed by the remote host.' active check configuration update from [hidden_address:10051] started to fail (TCP successful, cannot establish TLS to [[hidden_address]:10051]: SSL_connect() I/O error: [0x00002746] An existing connection was forcibly closed by the remote host.) End of refresh_active_checks():FAIL
I am sure that PSK key and ID is set correctly in both agent and server. My config (works on other agents):
LogFile=C:\Zabbix\zabbix_agentd.log DebugLevel=5 Server=hidden_address ListenPort=10051 Hostname=hidden_name ServerActive=hidden_address EnableRemoteCommands=1 TLSConnect=psk TLSAccept=psk TLSPSKFile=C:\Zabbix\conf\client.txt TLSPSKIdentity=hidden_id
Port is opened on both sides and I have checked with Test-NetConnection in Powershell that I can connect from agent to server on specifed port (10051).
Any idea what else I can check or try to do to fix the problem?
This is usually caused by using zabbix agent with bug in TLS / PSK implementation . I advise to check up on known issue section of your zabbix version https://www.zabbix.com/documentation/4.0/manual/installation/known_issues and to use LTS zabbix version if possible.
I myself had an issue with 4.0.0 zabbix agent for windows (I think) that had not been compiled with TLS support correctly.
Please make also sure that PSK string in
C:\Zabbix\conf\client.txt matches the one in zabbix front-end.
If however you're using zabbix agent that is verified to work here are some other pointers:
I advise you to check your traffic using
wireshark as it's probably your network or the server that is causing the connection resets.
On the side note - if you're using active only setup - you can specify
StartAgents = 0 and omit
ListenPort=10051 configuration directives.
User contributions licensed under CC BY-SA 3.0