zabbix error: Get value from agent failed: TCP successful, cannot establish TLS to

Question

I git this error at my zabbix server. The client hast the same settings like the other server:

Error on zabbix server (servernames changed ;-)):

Get value from agent failed: TCP successful, cannot establish TLS to [[myclient.com]:10050]: SSL_connect() set result code to SSL_ERROR_SSL: file ../ssl/record/rec_layer_s3.c line 1543: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert number 40: TLS read fatal alert "handshake failure

Client config:

Server=mymonitor.com ServerActive=mymonitor.com Hostname=myclient.com TLSConnect=psk TLSAccept=psk TLSPSKIdentity=Key123 TLSPSKFile=/etc/zabbix/key.psk

Anybody an idea how can analyse/fix the problem? Thank you!

Answer 1

I had the same problem. The error is described in the Zabbix documentation. I assume the linux Zabbix agent is used.

The problem: The server is configured to access the client via PSK TLS, but the agent is configured to only accept unencrypted connections.

Why: Your agent config clearly states TLS for communication. But the agent never received this configuration. So either your config file is never picked up or you did not restart the agent after the config changes.

Solution: For the agent to pick up the config you can either change the main config file in /etc/zabbix/zabbix_agentd.conf. A better solution is to put a config file with your changes into /etc/zabbix/zabbix_agentd.conf.d/yourconfig.conf and then restart the agent. In my case I just named the file like "yourconfig" without .conf. In this case the config is not found by the agent when starting and thus leaving you with the default config that does not accept TLS.

Double check, that your config is really picked up by the agent.