Hello,
I’ve tried to connect a new agent to my icinga2 master. The connection is not working and failing with error “Client TLS handshake failed (from [x.x.x.x]:39474): Operation canceled”. On the Master side the same error apperas.
Someone having an idea?
best regards, Dominik
Hello,
Here the logs:
Master:
[2021-08-17 15:59:13 +0200] critical/ApiListener: Client TLS handshake failed (to [x.x.x.x]:5665): Operation canceled
[2021-08-17 15:59:13 +0200] information/ApiListener: Finished reconnecting to endpoint ‘dataexchange.projekt.private’ via host ‘x.x.x.x’ and port ‘5665’
Client:
[2021-08-17 13:51:34 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52660): Operation canceled
[2021-08-17 13:51:54 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52676): Operation canceled
[2021-08-17 13:52:14 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52684): Operation canceled
[2021-08-17 13:52:34 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52692): Operation canceled
[2021-08-17 13:52:54 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52698): Operation canceled
[2021-08-17 13:53:14 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52714): Operation canceled
[2021-08-17 13:55:42 +0000] information/ConfigObject: Dumping program state to file ‘/var/lib/icinga2/icinga2.state’
[2021-08-17 13:55:54 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52850): Operation canceled
[2021-08-17 13:56:14 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52862): Operation canceled
[2021-08-17 13:56:22 +0000] information/WorkQueue: #6 (ApiListener, SyncQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-08-17 13:56:22 +0000] information/WorkQueue: #5 (ApiListener, RelayQueue) items: 0, rate: 0/s (0/min 0/5min 0/15min);
[2021-08-17 13:56:34 +0000] critical/ApiListener: Client TLS handshake failed (from [x.x.x.x]:52886): Operation canceled
Best regards, Dominik
And your Icinga version?
https://icinga.com/docs/icinga-2/latest/doc/06-distributed-monitoring/#agentsatellite-setup
A few things, did you specify to connect to the parent during the node setup, and can you verify that the certificates are present?
Can probably be done with openssl x509 -noout -fingerprint -sha256 -in \ "/var/lib/icinga2/certs/$(hostname --fqdn).crt"
from the above docs.
Version 2.13.0-1 on both sides.
I’ve connected the server via the kickstart-script from the “Icinga Director” and manually created the certs on the master and copied them to the remote server.
Running the command line returns me an fingerprint.
Have you checked date and time on both machines?
ahh awesome Time wasn’t correct.