I am already using active agents on other servers and everything works really nice. I've performed installation of Zabbix agent on new server and I've set the same config as in other active agents. The problem is my agent can't connect to the server.
Logs:
End of zbx_tls_connect():FAIL error:'SSL_connect() I/O error: [0x00002746] An existing connection was forcibly closed by the remote host.'
active check configuration update from [hidden_address:10051] started to fail (TCP successful, cannot establish TLS to [[hidden_address]:10051]: SSL_connect() I/O error: [0x00002746] An existing connection was forcibly closed by the remote host.)
End of refresh_active_checks():FAIL
I am sure that PSK key and ID is set correctly in both agent and server. My config (works on other agents):
LogFile=C:\Zabbix\zabbix_agentd.log
DebugLevel=5
Server=hidden_address
ListenPort=10051
Hostname=hidden_name
ServerActive=hidden_address
EnableRemoteCommands=1
TLSConnect=psk
TLSAccept=psk
TLSPSKFile=C:\Zabbix\conf\client.txt
TLSPSKIdentity=hidden_id
Port is opened on both sides and I have checked with Test-NetConnection in Powershell that I can connect from agent to server on specifed port (10051).
Any idea what else I can check or try to do to fix the problem?
This is usually caused by using zabbix agent with bug in TLS / PSK implementation . I advise to check up on known issue section of your zabbix version https://www.zabbix.com/documentation/4.0/manual/installation/known_issues and to use LTS zabbix version if possible.
I myself had an issue with 4.0.0 zabbix agent for windows (I think) that had not been compiled with TLS support correctly.
Please make also sure that PSK string in C:\Zabbix\conf\client.txt
matches the one in zabbix front-end.
If however you're using zabbix agent that is verified to work here are some other pointers:
I advise you to check your traffic using wireshark
as it's probably your network or the server that is causing the connection resets.
On the side note - if you're using active only setup - you can specify StartAgents = 0
and omit Server=
and ListenPort=10051
configuration directives.
User contributions licensed under CC BY-SA 3.0