wazuh-agent issue

46 views
Skip to first unread message

a mohan

unread,
May 13, 2025, 11:09:50 AM5/13/25
to Wazuh | Mailing List
Dear team,
I am add the wazuh agent to wazuh server but the agent goes to never connected state, could you guide me what the reason and what I need to do for windows agent goes to active state.




Regards,
Rammohan. 

Olamilekan Abdullateef Ajani

unread,
May 13, 2025, 11:43:16 AM5/13/25
to Wazuh | Mailing List
Hello Rammohan,

From your query, the agent has enrolled but didnt connect. Can you verify the communication between the agent and wazuh server over port 1514?

On Windows, open a PowerShell terminal and run the following command: 

(new-object Net.Sockets.TcpClient).Connect("<WAZUH_MANAGER_IP_ADDRESS>", 1514)

If there is connectivity, you will not get any output, else an error is shown.

Please verify the port configured on the wazuh server ossec.conf file  /var/ossec/etc/ossec.conf

 <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>

Lastly, please share the logs on the wazuh agent:

C:\Program Files (x86)\ossec-agent\ossec.log - Windows 64-bit
C:\Program Files\ossec-agent\ossec.log - Windows 32-bit

I await feedback from you

a mohan

unread,
May 14, 2025, 8:12:02 AM5/14/25
to Wazuh | Mailing List

2025/05/13 18:23:55 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[98.130.187.67]:1515'
2025/05/13 18:24:05 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: 'wazuh.n'. Ensure that the manager version is 'v4.11.2' or higher.
2025/05/13 18:24:05 wazuh-agent: WARNING: Unable to connect to any server.
2025/05/13 18:24:05 wazuh-agent: INFO: Closing connection to server ( wazuh.n  ]:1514/tcp).
2025/05/13 18:24:05 wazuh-agent: INFO: Trying to connect to server ([  wazuh.n   ]:1514/tcp).
2025/05/13 18:24:15 wazuh-agent: INFO: Closing connection to server ( wazuh.n   ]:1514/tcp).
2025/05/13 18:24:15 wazuh-agent: INFO: Trying to connect to server ([ wazuh.n   ]:1514/tcp).
2025/05/13 18:24:25 wazuh-agent: INFO: Closing connection to server ([ wazuh.n   ]:1514/tcp).
2025/05/13 18:24:25 wazuh-agent: INFO: Trying to connect to server ([ wazuh.n   ]:1514/tcp).
2025/05/13 18:24:35 wazuh-agent: INFO: Closing connection to server ([ wazuh.n   ]:1514/tcp).
2025/05/13 18:24:35 wazuh-agent: INFO: Trying to connect to server ([ wazuh.n   ]:1514/tcp).
2025/05/13 18:24:45 wazuh-agent: INFO: Closing connection to server ([ wazuh.n   ]:1514/tcp).
2025/05/13 18:24:45 wazuh-agent: INFO: Trying to connect to server ([ wazuh.n   ]:1514/tcp).
2025/05/13 18:24:45 wazuh-agent: INFO: Requesting a key from server:  wazuh.n 
2025/05/13 18:24:58 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[ 98.130.187.67  ]:1515'
2025/05/13 18:25:08 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: ' wazuh.n  '. Ensure that the manager version is 'v4.11.2' or higher.
2025/05/13 18:25:08 wazuh-agent: WARNING: Unable to connect to any server.



these are the windows wazuh agent side logs,right now also the agent is in never connected state,could you please guide me to the agent will come to active state



Regards,

Rammohan

Olamilekan Abdullateef Ajani

unread,
May 14, 2025, 10:05:58 AM5/14/25
to Wazuh | Mailing List
Hello Rammohan,

From the logs you shared, it shows your agent cannot reach the wazuh server on 98.130.187.67 on both the enrollment port and the agent connection port (1514 and 1515).

Could you please share more information about your architecture? (Is the wazuh instance hosted in the cloud? are the agents based on-prem or in the cloud too)
What is the version of the wazuh server and the version of the wazuh agent. (from the log I could see the error "Tried: 'wazuh.n'. Ensure that the manager version is 'v4.11.2' or higher.")
Please note that to avoid compatibility issues, the Wazuh server version must be higher or equal to the version of the agent, not the other way around, please verify this and share.
Is this a fresh deployment or you have some other agents installed and connected.

Lastly, please perform the action below as requested earlier:
On Windows, open a PowerShell terminal and run the following command: 

(new-object Net.Sockets.TcpClient).Connect("<WAZUH_MANAGER_IP_ADDRESS>", 1514)
(new-object Net.Sockets.TcpClient).Connect("<WAZUH_MANAGER_IP_ADDRESS>", 1515)

If there is connectivity, you will not get any output, else an error is shown.

If there is an error, kindly ensure you have connectivity from the wazuh agent to the wazuh server on the specified ports (1514 and 1515)

Ref:
Reply all
Reply to author
Forward
0 new messages