TLS Handshake failed - Operation canceled

dominikjantos · August 17, 2021, 9:39am

Hello,
I’ve tried to connect a new agent to my icinga2 master. The connection is not working and failing with error “Client TLS handshake failed (from [x.x.x.x]:39474): Operation canceled”. On the Master side the same error apperas.
Someone having an idea?
best regards, Dominik

Al2Klimov · August 17, 2021, 10:34am

Hello @dominikjantos and thank you for reporting!

Please share the logs.

Best,
AK

dominikjantos · August 17, 2021, 2:00pm

Hello,
Here the logs:
Master:
[2021-08-17 15:59:13 +0200] critical/ApiListener: Client TLS handshake failed (to [x.x.x.x]:5665): Operation canceled
[2021-08-17 15:59:13 +0200] information/ApiListener: Finished reconnecting to endpoint ‘dataexchange.projekt.private’ via host ‘x.x.x.x’ and port ‘5665’

Client:
[2021-08-17 13:51:34 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52660): Operation canceled
[2021-08-17 13:51:54 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52676): Operation canceled
[2021-08-17 13:52:14 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52684): Operation canceled
[2021-08-17 13:52:34 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52692): Operation canceled
[2021-08-17 13:52:54 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52698): Operation canceled
[2021-08-17 13:53:14 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52714): Operation canceled
[2021-08-17 13:55:42 +0000] information/ConfigObject: Dumping program state to file ‘/var/lib/icinga2/icinga2.state’
[2021-08-17 13:55:54 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52850): Operation canceled
[2021-08-17 13:56:14 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52862): Operation canceled
[2021-08-17 13:56:22 +0000] information/WorkQueue: #6 (ApiListener, SyncQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-08-17 13:56:22 +0000] information/WorkQueue: #5 (ApiListener, RelayQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-08-17 13:56:34 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52886): Operation canceled

Best regards, Dominik

Al2Klimov · August 17, 2021, 3:41pm

And your Icinga version?

steaksauce · August 17, 2021, 7:10pm

https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#agentsatellite-setup

A few things, did you specify to connect to the parent during the node setup, and can you verify that the certificates are present?

Can probably be done with openssl x509 -noout -fingerprint -sha256 -in \ "/var/lib/icinga2/certs/$(hostname --fqdn).crt" from the above docs.

dominikjantos · August 18, 2021, 6:04am

Version 2.13.0-1 on both sides.

dominikjantos · August 18, 2021, 6:06am

I’ve connected the server via the kickstart-script from the “Icinga Director” and manually created the certs on the master and copied them to the remote server.
Running the command line returns me an fingerprint.

rsx · August 18, 2021, 7:01am

Have you checked date and time on both machines?

dominikjantos · August 18, 2021, 12:41pm

ahh awesome Time wasn’t correct.