Duplicate name, rejecting enrollment and agent key already exists on the manager
1,215 views
Skip to first unread message
Parvaj Sarker
Jan 20, 2023, 3:20:42 AM1/20/23
to Wazuh mailing list
Hi,
We have installed wazuh cluster service in our system with load balancer without agent authentication password and agent server communication with TCP port 1515 which is working fine. But our new requirements are agent authentication with password and agent server communication with TCP port 443.
Configurations below :
<!-- Configuration for wazuh-authd -->
<auth>
<disabled>no</disabled>
<remote_enrollment>yes</remote_enrollment>
<port>443</port>
<use_source_ip>no</use_source_ip>
<purge>yes</purge>
<use_password>yes</use_password>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
<force>
<enabled>yes</enabled>
<disconnected_time enabled="yes">1h</disconnected_time>
<after_registration_time>1h</after_registration_time>
<key_mismatch>yes</key_mismatch>
</force>
</auth>
<auth>
<disabled>no</disabled>
<remote_enrollment>yes</remote_enrollment>
<port>443</port>
<use_source_ip>no</use_source_ip>
<purge>yes</purge>
<use_password>yes</use_password>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
<force>
<enabled>yes</enabled>
<disconnected_time enabled="yes">1h</disconnected_time>
<after_registration_time>1h</after_registration_time>
<key_mismatch>yes</key_mismatch>
</force>
</auth>
We have received the warning from the manager side below:-
INFO New connection from 10.10.10.71
Jan 20, 2023 @ 12:55:30.000 wazuh-authd INFO Received request for a new agent (wazuh-agent-node-3) from: 10.10.10.71
Jan 20, 2023 @ 12:55:30.000 wazuh-authd WARNING Duplicate name 'wazuh-agent-node-3', rejecting enrollment. Agent '008' key already exists on the manager.
Jan 20, 2023 @ 12:56:04.000 wazuh-authd INFO New connection from 10.10.10.73
Jan 20, 2023 @ 12:56:04.000 wazuh-authd INFO Received request for a new agent (wazuh-agent-node-2) from: 10.10.10.73
Jan 20, 2023 @ 12:56:04.000 wazuh-authd WARNING Duplicate name 'wazuh-agent-node-2', rejecting enrollment. Agent '007' key already exists on the manager.
Jan 20, 2023 @ 12:55:30.000 wazuh-authd INFO Received request for a new agent (wazuh-agent-node-3) from: 10.10.10.71
Jan 20, 2023 @ 12:55:30.000 wazuh-authd WARNING Duplicate name 'wazuh-agent-node-3', rejecting enrollment. Agent '008' key already exists on the manager.
Jan 20, 2023 @ 12:56:04.000 wazuh-authd INFO New connection from 10.10.10.73
Jan 20, 2023 @ 12:56:04.000 wazuh-authd INFO Received request for a new agent (wazuh-agent-node-2) from: 10.10.10.73
Jan 20, 2023 @ 12:56:04.000 wazuh-authd WARNING Duplicate name 'wazuh-agent-node-2', rejecting enrollment. Agent '007' key already exists on the manager.
Logs from the agent side:
2023/01/20 08:13:35 wazuh-agentd: INFO: Using agent name as: wazuh-agent-node-2
2023/01/20 08:13:35 wazuh-agentd: INFO: Waiting for server reply
2023/01/20 08:13:35 wazuh-agentd: ERROR: Duplicate agent name: wazuh-agent-node-2 (from manager)
2023/01/20 08:13:35 wazuh-agentd: ERROR: Unable to add agent (from manager)
2023/01/20 08:13:35 wazuh-agentd: INFO: Waiting for server reply
2023/01/20 08:13:35 wazuh-agentd: ERROR: Duplicate agent name: wazuh-agent-node-2 (from manager)
2023/01/20 08:13:35 wazuh-agentd: ERROR: Unable to add agent (from manager)
So we have removed the agent from the manager by command line. But the agent was not registered successfully.
Always agent status with Never connected.
Would you please help us on this issue and await your prompt reply.
Thanks,
Parvaj Alam
Aditya Sharma
Jan 20, 2023, 4:56:30 AM1/20/23
to Wazuh mailing list
Hi parvaj,
Thanks for using Wazuh! I will help you with this issue.
The agent seems that be able to register (port 1515 TCP) but somehow is not able to establish a connection with the Manager (port 1514).
More information about the ports here: Required ports
Let's make sure that the port is reachable from your agent's host. If possible from your agent host run telnet WazuhManagerIPAddress 1514.
If the port is open you should get a Connected to WazuhManagerIPAddress, If you do not get this message now we know what is necessary to troubleshoot.
Bear in mind you might need to install telnet in your system.
Also, from Wazuh Manager run this command /var/ossec/bin/agent_control -l and print the output here, it will let us know if the agent is listed there.
More info: agent_control
To understand more about your environment:
- What Wazuh Manager version are you running? What is the Operating system of the host?
- What Wazuh Agent version are you running? What is the Operating system of the host?
Let me know your findings.
Regards
Aditya Sharma
Regards
Aditya Sharma
Parvaj Sarker
Jan 20, 2023, 8:35:50 AM1/20/23
to Aditya Sharma, Wazuh mailing list
Hi Aditya,
Thanks for your quick response. Here we have found telnet connectivity.
Another information is:
Wazuh server version 4.3.10 and OS version Ubuntu 20.04
Wazuh agent version 4.3.10 and OS version 20.04 another is 22.04
As I mentioned earlier we need TCP port 443 to communicate with both agents and servers.
Right now I have changed the port to 1515 default but still getting the same error message.
Would you please help me?
Thanks,
Parvaj Alam
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/19b9d099-d487-4d4d-b7f2-e1ace9e273fdn%40googlegroups.com.
Parvaj Sarker
Jan 22, 2023, 11:59:02 AM1/22/23
to Aditya Sharma, Wazuh mailing list
Hi Aditya,
Any update ?
Aditya Sharma
Mar 24, 2023, 2:49:08 AM3/24/23
to Wazuh mailing list
Hi Parvaj, Sorry for the late response!
Are you able to resolve this issue?
As you want to register the agent with password authentication so can you please try to follow this documentation once: https://documentation.wazuh.com/current/user-manual/agent-enrollment/security-options/using-password-authentication.html
Regards
Aditya Sharma
Are you able to resolve this issue?
As you want to register the agent with password authentication so can you please try to follow this documentation once: https://documentation.wazuh.com/current/user-manual/agent-enrollment/security-options/using-password-authentication.html
Regards
Aditya Sharma
Reply all
Reply to author
Forward
0 new messages