Wazuh Agent not Registered with Error SSL error (5). Connection refused by the manager
2,718 views
Skip to first unread message
Agra Dwi Saputra
Jul 26, 2022, 4:51:06 AM7/26/22
to Wazuh mailing list
Hi Team,
I'm installing a wazuh agent on a workstation. There are several
workstations whose agents have been successfully installed but are not
registered to Wazuh Server.
When I checked the agent log there was an ERROR: SSL error (5).
Connection refused by the manager. Maybe the port specified is
incorrect.
I check the agent configuration is correct.
Has anyone here experienced it? And can someone help me with this?
Here the full error log:
2022/07/26 14:19:53 wazuh-agent: INFO: Started (pid: 1500).
2022/07/26 14:19:53 wazuh-agent: INFO: Server hostname resolved:
mgr-wazuh.xyz.net/44.xx.xx.176
2022/07/26 14:19:53 wazuh-agent: INFO: Requesting a key from server:
mgr-wazuh.xyz.net
2022/07/26 14:19:54 wazuh-agent: ERROR: SSL error (5). Connection
refused by the manager. Maybe the port specified is incorrect.
2022/07/26 14:19:54 wazuh-agent: INFO: Requesting a key from server:
mgr-wazuh.xyz.net/44.xx.xx.176
2022/07/26 14:19:54 wazuh-agent: ERROR: SSL error (5). Connection
refused by the manager. Maybe the port specified is incorrect.
Thank you
Best Regards,
Agra Ds
I'm installing a wazuh agent on a workstation. There are several
workstations whose agents have been successfully installed but are not
registered to Wazuh Server.
When I checked the agent log there was an ERROR: SSL error (5).
Connection refused by the manager. Maybe the port specified is
incorrect.
I check the agent configuration is correct.
Has anyone here experienced it? And can someone help me with this?
Here the full error log:
2022/07/26 14:19:53 wazuh-agent: INFO: Started (pid: 1500).
2022/07/26 14:19:53 wazuh-agent: INFO: Server hostname resolved:
mgr-wazuh.xyz.net/44.xx.xx.176
2022/07/26 14:19:53 wazuh-agent: INFO: Requesting a key from server:
mgr-wazuh.xyz.net
2022/07/26 14:19:54 wazuh-agent: ERROR: SSL error (5). Connection
refused by the manager. Maybe the port specified is incorrect.
2022/07/26 14:19:54 wazuh-agent: INFO: Requesting a key from server:
mgr-wazuh.xyz.net/44.xx.xx.176
2022/07/26 14:19:54 wazuh-agent: ERROR: SSL error (5). Connection
refused by the manager. Maybe the port specified is incorrect.
Thank you
Best Regards,
Agra Ds
Matias Ezequiel Moreno
Jul 26, 2022, 9:40:50 AM7/26/22
to Wazuh mailing list
Hi, thank you very much for using Wazuh, I have some questions about your problem, I would need to know if you have any firewalls in your manager system and if your DNS is working fine. I can see that it resolves DNS with an IP address, did you try to add an IP address instead of this DNS?
Is there ping between the manager and the agents when there is no connection?
You can check the connection using netcat.
I think that you have some problem in your firewall.
Also try a complete restart of the manager node.
Let me know how it goes with these steps.
You can check the connection using netcat.
I think that you have some problem in your firewall.
Also try a complete restart of the manager node.
Let me know how it goes with these steps.
Best Regards
Agra Dwi Saputra
Jul 26, 2022, 9:14:21 PM7/26/22
to Wazuh mailing list
Hi Matias,
I've tried using the IP, but the error is still the same.
Here the logs:
I think there are no problems with the connection/firewall, other agents can be registered successfully.
I tested the connection from this workstation and there is no blocking.
I tested the connection from this workstation and there is no blocking.
I've tried using the IP, but the error is still the same.
Here the logs:
2022/07/27 07:24:37 wazuh-agent: INFO: Started (pid: 3704).
2022/07/27 07:24:38 wazuh-agent: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is in
correct.
2022/07/27 07:24:38 wazuh-agent: INFO: Requesting a key from server: 44.xx.xx.176
2022/07/27 07:24:38 wazuh-agent: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is in
correct.
2022/07/27 07:24:43 wazuh-agent: INFO: Requesting a key from server: 44.xx.xx.176
2022/07/27 07:24:44 wazuh-agent: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is in
correct.
2022/07/27 07:24:38 wazuh-agent: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is in
correct.
2022/07/27 07:24:38 wazuh-agent: INFO: Requesting a key from server: 44.xx.xx.176
2022/07/27 07:24:38 wazuh-agent: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is in
correct.
2022/07/27 07:24:43 wazuh-agent: INFO: Requesting a key from server: 44.xx.xx.176
2022/07/27 07:24:44 wazuh-agent: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is in
correct.
Here the part of agent.conf:
<client>
<server>
<address>44.xx.xx.176</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
<config-profile>windows, windows10</config-profile>
<crypto_method>aes</crypto_method>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
<auto_restart>yes</auto_restart>
<enrollment>
<enabled>yes</enabled>
<manager_address>44.xx.xx.176</manager_address>
<groups>xx-windows</groups>
</enrollment>
</client>
I've also tried restarting the cluster manager but still getting the same error.
<server>
<address>44.xx.xx.176</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
<config-profile>windows, windows10</config-profile>
<crypto_method>aes</crypto_method>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
<auto_restart>yes</auto_restart>
<enrollment>
<enabled>yes</enabled>
<manager_address>44.xx.xx.176</manager_address>
<groups>xx-windows</groups>
</enrollment>
</client>
I've also tried restarting the cluster manager but still getting the same error.
Thank you
Best Regards,
Agra Ds
Agra Dwi Saputra
Jul 28, 2022, 10:35:52 PM7/28/22
to Wazuh mailing list, matias...@wazuh.com
Hi Matias,
Is there any update on this?
Thank you
Best Regards,
Agra Ds
Agra Ds
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7b595f98-de81-4c24-9847-3b19c303c9e0n%40googlegroups.com.
Matias Ezequiel Moreno
Aug 3, 2022, 11:53:37 AM8/3/22
to Wazuh mailing list
Hi good afternoon, sorry for the delay in responding, I was attending to other matters.
Were you able to resolve the problem or does it still persist?
Could you check that the server and agent dates match so that the ssl verification can work.
Were you able to resolve the problem or does it still persist?
Could you check that the server and agent dates match so that the ssl verification can work.
Best Regards
Agra Dwi Saputra
Aug 4, 2022, 5:03:43 AM8/4/22
to Wazuh mailing list
Hi Matias,
Yes, the problem is still persist.
For date/time, the agent and server have different time zone.
Server set with UTC and agent is UTC+7.
The other agent have time zone UTC+7 & UTC+8 are successfully registered to Manager.
If I check the log, currently have different log:
2022/08/04 15:56:44 wazuh-agentd: INFO: Requesting a key from server: mgr-wazuh.xyz.net/44.xx.xx.176
2022/08/04 15:56:45 wazuh-agentd: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is incorrect.
2022/08/04 15:56:55 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: 'mgr-wazuh.xyz.net/44.xx.xx.176'.
2022/08/04 15:56:55 wazuh-agentd: WARNING: Unable to connect to any server.
2022/08/04 15:56:55 wazuh-agentd: INFO: Closing connection to server (mgr-wazuh.xyz.net/44.xx.xx.176:1514/tcp).
Thank you
Best Regards,
Server set with UTC and agent is UTC+7.
The other agent have time zone UTC+7 & UTC+8 are successfully registered to Manager.
If I check the log, currently have different log:
2022/08/04 15:56:44 wazuh-agentd: INFO: Requesting a key from server: mgr-wazuh.xyz.net/44.xx.xx.176
2022/08/04 15:56:45 wazuh-agentd: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is incorrect.
2022/08/04 15:56:55 wazuh-agentd: WARNING: (4101): Waiting for server reply (not started). Tried: 'mgr-wazuh.xyz.net/44.xx.xx.176'.
2022/08/04 15:56:55 wazuh-agentd: WARNING: Unable to connect to any server.
2022/08/04 15:56:55 wazuh-agentd: INFO: Closing connection to server (mgr-wazuh.xyz.net/44.xx.xx.176:1514/tcp).
Thank you
Best Regards,
Agra Ds
Matias Ezequiel Moreno
Aug 5, 2022, 10:57:45 AM8/5/22
to Wazuh mailing list
Hi, I am referring your case to other members of the team, so we can give you a solution as soon as possible, thank you very much for your patience, I will try to answer you as soon as possible.
Best Regards
Agra Dwi Saputra
Aug 9, 2022, 11:21:53 PM8/9/22
to Wazuh mailing list
Hi Matias,
Do you have an update from the team?
Thank you
Do you have an update from the team?
Thank you
Best Regards,
Agra Ds
José Raeiro
Sep 5, 2022, 10:32:51 AM9/5/22
to Wazuh mailing list
I'm having exactly the same issue.
Are there any news on this?
Are there any news on this?
VR Reddy
Oct 10, 2022, 8:27:46 PM10/10/22
to Wazuh mailing list
HI Matias,
Am having the same issue with nginx being used as a proxy ... There are multiple firewall in place between Wazuh manager and the wazuh agent.
Error below:
2022/10/10 12:09:08 wazuh-agentd: INFO: Requesting a key from server: XX.XX.XX.XX
2022/10/10 12:09:08 wazuh-agentd: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is incorrect.
I verified the ports are Open to Wazuh manager.
Am having the same issue with nginx being used as a proxy ... There are multiple firewall in place between Wazuh manager and the wazuh agent.
Error below:
2022/10/10 12:09:08 wazuh-agentd: INFO: Requesting a key from server: XX.XX.XX.XX
2022/10/10 12:09:08 wazuh-agentd: ERROR: SSL error (5). Connection refused by the manager. Maybe the port specified is incorrect.
I verified the ports are Open to Wazuh manager.
Sam Heuchert
Jan 17, 2023, 1:55:53 PM1/17/23
to Wazuh mailing list
Is there any update on this yet? I just started to experience this error. I'm running a load balancer with nginx.
Valerio Vinci
Aug 20, 2023, 2:45:48 PM8/20/23
to Wazuh mailing list
Hello,
I'm having the same issue.
If I've an environment with HAProxy loadbalancer.
I've followed the configuration tested in -> https://github.com/wazuh/wazuh/issues/14429
if I try to connect directly to the IP of Wazuh Manager it works fine.
If I try to connect to IP or DNS of LB it don't work and got SSL error (5)
DNS work fine, both agent and server can resolve each other.
The manager receive the packet from the client (seen via tcpdump) on port 1514 and send reply
updated from 4.4.4 to 4.5.0 and error it's the same.
There's any update on this topic?
Reply all
Reply to author
Forward
0 new messages