I can't get the agent to communicate with the dashboard.

[mindness]

Hello all !

i got trooble today, i would like to try wazuh but I can't get my agent to communicate with my dashboard.

i got the manager on a docker on my server.

hjere is the rules on my manager worker

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.11:36547        0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:1515            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:1514            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:55000           0.0.0.0:*               LISTEN      -

i have open port 1514 and 1515 on my internet router  and created a firewall rule on my server hosting my docker instance in doubt for port 1515.

but my computeur still can't reach my instance : 

Connection to 172.25.112.1...Unable to open connection to host, on port 1515: Connection failed

i run the last version v4.7.4

both pc and server are on the same network

ip computer is 192.168.1.47

ip server is 172.25.112.1

if anyone can help me :)

thanks in advance

[Ariel Maximiliano Martin]

Hello! 

Can you provide some more information on your setup? 

Os versions and ossec.conf file?

Where / when do you get this error message?

[mindness]

Hello :)

os where i got my agent :  Microsoft Windows 10 Home System version: 10.0.19045 N/A build 19045

os where i got my docker instance :  Microsoft Windows 11 Professional System version: 10.0.22621 N/A build 22621

 you can find the attached file.

thanks in advance for your help !

[Ariel Maximiliano Martin]

All looks ok, you should check your network and firewall configuration. You can also check your agent's log file to verify there is no other error than "unable to connect".

Have you tried to ping the server from the agent?

[mindness]

Hello,

yes i can't ping it i got this : 

Connection to 172.25.112.1...Unable to open connection to host, on port 1515: Connection failed

but i don't understand what block it ..

the only error on the file is unable to connect 

2024/05/11 23:51:45 wazuh-agent: ERROR: (1208): Unable to connect to enrollment service at '[172.25.112.1]:1515'
2024/05/11 23:52:45 wazuh-agent: INFO: Requesting a key from server: 172.25.112.1

[Ariel Maximiliano Martin]

Hello,

It seems this falls outside the Wazuh expertise. My bet is on the firewall (on either side). As much as we want to help, we do recommend using official resources for this matter. Check Windows firewall documentation. Once you get the two systems connected your agent should be able to enroll with no problems.

[Ariel Maximiliano Martin]

Hi,

So I ran this test:

I set up two VirtualBox VMs, both running Windows 10 pro and bridged adapters.

In both VMs I opened port 1514 by setting up Inbound and Outbound rules in Windows firewall.

I also set an Inbound rule to allow ICMP v4 messages (so that I could ping the server VM).

On the would-be server I used Hercules utility to listen for TCP on port 1514.

On the would-be agent VM I used Test-NetConnection  cmdlet to test for TCP connection:

> Test-NetConnection -ComputerName <YOUR_IP_HERE> -Port 1514

This allowed me to successfully test the TCP connection between the two VMs. 

See if you can establish a connection with your setup and get back to us if you need assistance.