wazuh-authd: ERROR: Too many connections. Rejecting.

[alankrit shrivastava]

Hello Team,

I opened my wazuh manager console and observed that 70% of wazuh agents got disconnected, and when I see the ossec.log I saw below message. I restarted the agent service on the disconnected agents, so it started reporting, after that again today I saw it went to the same state with same error message.

wazuh-authd: ERROR: Too many connections. Rejecting.

Wanted to know how to resolve this issue permanently as this is happening quite frequently.

Checked on the network side ports are opened and agent is able to communicate to the manager over telnet on port 1514 and 1515

[Bony V John]

Hi Alankrit,

As far as I can see, this seems to be a connectivity issue. Agents should not need to be restarted frequently. When agents are unable to connect to the manager for an extended period, you may see messages like:  

"Server unavailable. Setting lock."

By default, when this happens, the agent will attempt to get a new key in case it isn’t registered (due to the auto-enrollment feature). If there are many agents requesting keys at the same time, Wazuh's authentication service (wazuh-authd) may not be able to handle all of the requests, leading to the error:  

"Too many connections. Rejecting."

To troubleshoot this issue, please follow these steps,

1. Check the network connectivity when the agents get disconnected:  nc -zv <MANAGER_IP> 1515 1514 , run this command from disconnected agent side.

1. Provide the full ossec.conf and ossec.log files from both the manager and agent.

2. Share details about your environment and network configuration: Are the agents behind a proxy, firewall, etc.?

Please follow the steps and share the output with us so that we can work effectively on this.

Best regards,

[Bony V John]

Hi Alankrit,

I hope your issue is resolved. Please let me know if you are still facing this issue.

  

Regards