Error Duplicate agent name (from manager)
4,016 views
Skip to first unread message
Shobhit Saraswat
Jul 3, 2023, 5:37:31 AM7/3/23
to Wazuh mailing list
I would like to inform you that I installed wazuh agent on of the Windows 10 client agent get registered successfully with manager but manager show never connected after checking agent ossec.log I found Error: Duplicate agent name: Test-VM (from manager)
Error Unable to add agent (from manager)
I tried to uninstall agent from manager as well as removed from windows 10 but after re-installation again received the same error.
Help me to fix this issue because in hostname of client computer change frequently.
Rolly Davany Mougoue Kakanou
Jul 3, 2023, 6:43:30 AM7/3/23
to Wazuh mailing list
Hello Shobhit, and thanks for using Wazuh.
The error indicates that you are trying to enroll a new agent having the same hostname as an already enrolled agent.
The error indicates that you are trying to enroll a new agent having the same hostname as an already enrolled agent.
Please provide a different hostname for each agent and restart the agent service systemctl restart wazuh-agent.
Alternatively, you could edit the agent_name field in the /var/ossec/etc/ossec.conf file on the new agent as follows:
<client>
<enrollment>
<enabled>yes</enabled>
<agent_name>windows-agent</agent_name>
<groups>default</groups>
<authorization_pass_path>etc/authd.pass</authorization_pass_path>
</enrollment>
</client>
<enrollment>
<enabled>yes</enabled>
<agent_name>windows-agent</agent_name>
<groups>default</groups>
<authorization_pass_path>etc/authd.pass</authorization_pass_path>
</enrollment>
</client>
Then again restart the agent service systemctl restart wazuh-agent. This should solve the issue.
I will be waiting on your feedback.
Regards,
Shobhit Saraswat
Jul 3, 2023, 9:16:30 AM7/3/23
to wa...@googlegroups.com
---------- Forwarded message ---------
From: Shobhit Saraswat <shobhit...@gmail.com>
Date: Mon, Jul 3, 2023, 5:43 PM
Subject: Re: Error Duplicate agent name (from manager)
To: Rolly Davany Mougoue Kakanou <rolly....@wazuh.com>
From: Shobhit Saraswat <shobhit...@gmail.com>
Date: Mon, Jul 3, 2023, 5:43 PM
Subject: Re: Error Duplicate agent name (from manager)
To: Rolly Davany Mougoue Kakanou <rolly....@wazuh.com>
Dear Rolly,
I did the same thing which you informed me about. The manager now
shows 2 agents, one belongs to the actual hostname and another one is
windows-agent.
When I check logs on Windows client ossec.log it shows error
duplicate agent name: windows-agent (from server)
Unable to add agent (from manager)
Let me explain to you in more detail:-
I am using the latest version of Wazuh installed on ubuntu 22.04,
After that I installed wazuh agent one of the windows client machine
it successfully installed and get authenticate with the wazuh server
as well but when I changed the hostname of windows 10 machine it shows
not connected so I removed the agent from wazuh manager also I
uninstalled wazuh agent from windows machine after that I re-installed
wazuh agent on same windows machine but wazuh dashboard shows not
connected, So I checked the windows machine connection with server is
success so I check windows ossec log file in which it shows below logs
duplicate agent name: windows-agent (from server)
I am using the latest version of Wazuh installed on ubuntu 22.04,
After that I installed wazuh agent one of the windows client machine
it successfully installed and get authenticate with the wazuh server
as well but when I changed the hostname of windows 10 machine it shows
not connected so I removed the agent from wazuh manager also I
uninstalled wazuh agent from windows machine after that I re-installed
wazuh agent on same windows machine but wazuh dashboard shows not
connected, So I checked the windows machine connection with server is
success so I check windows ossec log file in which it shows below logs
duplicate agent name: windows-agent (from server)
Unable to add agent (from manager)
Note: Also I want to know when we removed the agent from wazuh server
did it remove all the logs of that agent because it seems that when we
re-registered the same client it gives an error of duplicate name. As
windows machine IP was the same only the hostname changed so it looks
like wazuh manager saved some information about the client somewhere
else like IP or MAC address.
Because changing the HOSTNAME of the machine is a normal scenario So
once the machine gets registered with wazuh manager and if hostname
changed then wazuh manager should change the hostname automatically in
wazuh manager.
did it remove all the logs of that agent because it seems that when we
re-registered the same client it gives an error of duplicate name. As
windows machine IP was the same only the hostname changed so it looks
like wazuh manager saved some information about the client somewhere
else like IP or MAC address.
Because changing the HOSTNAME of the machine is a normal scenario So
once the machine gets registered with wazuh manager and if hostname
changed then wazuh manager should change the hostname automatically in
wazuh manager.
> --
> You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/sDNGOzXuQJ8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/934b76f8-e511-4053-b4f9-92c9a687c6f4n%40googlegroups.com.
> You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/sDNGOzXuQJ8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/934b76f8-e511-4053-b4f9-92c9a687c6f4n%40googlegroups.com.
Rolly Davany Mougoue Kakanou
Jul 3, 2023, 11:19:56 AM7/3/23
to Wazuh mailing list
Could you please share the full logs you observe on your different nodes(agent and manager) during agent enrollment ?
Also the output of the following command:
Also the output of the following command:
/var/ossec/bin/agent_control -l
Make sure to hide any sensitive data please.
To answer your question, yes the manager stores locally the logs collected on different enrolled agents. But if you uninstall and reinstall agent, it creates a new entry. Now this operation can not lead to a Duplicate Agent Name Error cause as I mentioned earlier, it is caused only when there is an existing and enrolled agent with the same name.
To answer your question, yes the manager stores locally the logs collected on different enrolled agents. But if you uninstall and reinstall agent, it creates a new entry. Now this operation can not lead to a Duplicate Agent Name Error cause as I mentioned earlier, it is caused only when there is an existing and enrolled agent with the same name.
Shobhit Saraswat
Jul 4, 2023, 12:27:50 AM7/4/23
to Rolly Davany Mougoue Kakanou, Wazuh mailing list
Dear Team,
I would like to inform you that I installed wazuh agent on a fresh
machine, wazuh manager successfully registered the machine but still
shows never connected agent attached logs and screen-shot with this
email for your reference.
On Mon, Jul 3, 2023 at 8:50 PM 'Rolly Davany Mougoue Kakanou' via
> To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/a1b737ef-f670-4833-8a58-960ffae2cc2bn%40googlegroups.com.
I would like to inform you that I installed wazuh agent on a fresh
machine, wazuh manager successfully registered the machine but still
shows never connected agent attached logs and screen-shot with this
email for your reference.
On Mon, Jul 3, 2023 at 8:50 PM 'Rolly Davany Mougoue Kakanou' via
Rolly Davany Mougoue Kakanou
Jul 4, 2023, 4:51:10 AM7/4/23
to Wazuh mailing list
Hello Shobhit,
Above you shared logs only on agent side. I'll also need logs on manager side. They're at /var/ossec/logs/ossec.log. Also the output of the following command ran on your agent
Above you shared logs only on agent side. I'll also need logs on manager side. They're at /var/ossec/logs/ossec.log. Also the output of the following command ran on your agent
Get-NetTCPConnection -RemotePort 1514
Regards,
Shobhit Saraswat
Jul 5, 2023, 9:14:35 PM7/5/23
to Rolly Davany Mougoue Kakanou, Wazuh mailing list
Dear Team,
Sorry for the late reply, I would like to inform you that issue has been resolved after changing agent setting from UDP to TCP protocol.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/d02921da-0169-4802-9b21-652ea04fdb85n%40googlegroups.com.
Shobhit Saraswat
Jul 6, 2023, 1:08:54 AM7/6/23
to Rolly Davany Mougoue Kakanou, Wazuh mailing list
Dear Team and Rolly,
Now the Wazuh manager detects the Windows client successfully after
changing the udp port to a tcp port.
But for testing purposes of Wazuh Manager, I have changed the Windows
client hostname. For example, the previous host name was VM-100, and I
changed its hostname to VM-101. After that, I checked Wazuh Manager
Dashboard, but Wazuh Manager Dashboard did not change the hostname
from VM-100 to VM-101. As changing the client hostname is normal,
Wazuh Manager Dashboard should change the client hostname once it
establishes a connection with the client, but it was unable to do so.
Should I unregister the Wazuh agent from the Wazuh manager and
re-install the agent on the machine again?
--
Thanks with Regards
Shobhit Saraswat
Now the Wazuh manager detects the Windows client successfully after
changing the udp port to a tcp port.
But for testing purposes of Wazuh Manager, I have changed the Windows
client hostname. For example, the previous host name was VM-100, and I
changed its hostname to VM-101. After that, I checked Wazuh Manager
Dashboard, but Wazuh Manager Dashboard did not change the hostname
from VM-100 to VM-101. As changing the client hostname is normal,
Wazuh Manager Dashboard should change the client hostname once it
establishes a connection with the client, but it was unable to do so.
Should I unregister the Wazuh agent from the Wazuh manager and
re-install the agent on the machine again?
Thanks with Regards
Shobhit Saraswat
Rolly Davany Mougoue Kakanou
Jul 6, 2023, 6:50:23 AM7/6/23
to Wazuh mailing list
Dear Shobhit,
I am glad to hear you could figure it out and that its working now. To answer your question, the agent_name and hostname are independent of each other. On a new agent enrollment you are required to specify an agent name, and if not provided then the hostname is taken. Then changing the agent name could be done by editing the client keys file as follows:
On the server node
I am glad to hear you could figure it out and that its working now. To answer your question, the agent_name and hostname are independent of each other. On a new agent enrollment you are required to specify an agent name, and if not provided then the hostname is taken. Then changing the agent name could be done by editing the client keys file as follows:
On the server node
- Stop the wazuh-manager: systemctl stop wazuh-manager
- Edit the client keys file to specify the new agent name: nano /var/ossec/etc/client.keys
On the agent node
- Stop the wazuh agent service: systemctl stop wazuh-agent
- Edit the client keys file to specify the new agent name: nano /var/ossec/etc/client.keys
Then restart the services
- systemctl start wazuh-manager
- systemctl start wazuh-agent
Hope this answers your question,
Regards,
Shobhit Saraswat
Jul 7, 2023, 4:18:30 AM7/7/23
to Rolly Davany Mougoue Kakanou, Wazuh mailing list
Dear Rolly and Team members,
As you informed me that if I changed the hostname of the client
machine, we need to edit the client.key file, and along with that, we
need to edit the client.key file on Wazuh Manager, but after doing
that, Wazuh Manager dashboard did not change the hostname on its
dashboard. For your reference, I attached a screen shot of the file.
Note: Our Windows 10 client machine hostname is DC-TEST-VM-1 after
changing the hostname from DC-TEST-VM-1 to DC-TEST-VM and following
your email commands on how to change the hostname in the client. key
in Wazuh-manager and client I followed the same, but Wazuh's dashboard
still shows the old name DC-TEST-VM-1 instead of DC-TEST-VM.
Screen-shot attached.
On Thu, Jul 6, 2023 at 4:20 PM 'Rolly Davany Mougoue Kakanou' via
> To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/d32ff225-cf35-455f-aae5-d229bbb9ae48n%40googlegroups.com.
As you informed me that if I changed the hostname of the client
machine, we need to edit the client.key file, and along with that, we
need to edit the client.key file on Wazuh Manager, but after doing
that, Wazuh Manager dashboard did not change the hostname on its
dashboard. For your reference, I attached a screen shot of the file.
Note: Our Windows 10 client machine hostname is DC-TEST-VM-1 after
changing the hostname from DC-TEST-VM-1 to DC-TEST-VM and following
your email commands on how to change the hostname in the client. key
in Wazuh-manager and client I followed the same, but Wazuh's dashboard
still shows the old name DC-TEST-VM-1 instead of DC-TEST-VM.
Screen-shot attached.
On Thu, Jul 6, 2023 at 4:20 PM 'Rolly Davany Mougoue Kakanou' via
Rolly Davany Mougoue Kakanou
Jul 11, 2023, 6:09:26 AM7/11/23
to Wazuh mailing list
Hello Shobhit and sorry for the late response.
I'll like to apologize for my previous answer which seemed inaccurate but I did some verifications and unfortunately once an agent is enrolled it then becomes impossible to change the agent name. This could be seen in the attached image.
I'll like to apologize for my previous answer which seemed inaccurate but I did some verifications and unfortunately once an agent is enrolled it then becomes impossible to change the agent name. This could be seen in the attached image.
The alternative as from then will be to unenroll the agent and re-enroll back as you suggested.
Regards,
Reply all
Reply to author
Forward
0 new messages