Handshake Unauthorized Error


Run the tsagent setup command. Distributed Cloud AIP Agent services do not start and the following error message displays in the Command Line and is captured in the audit logs:

Error received: handshake unauthorized

The error message means the Agent attempted to connect to the Distributed Cloud AIP backend, but was unable to successfully authenticate.


There are three potential reasons behind a "handshake unauthorized" error message:

  • The tsagentd.cfg file is corrupt or invalid


    You can find the tsagentd.cfg file at: /opt/threatstack/etc/tsagentd.cfg.

  • Someone revoked the Agent or the Agent went offline, and you tried to rerun the setup commands on the same host without deleting the tsagentd.cfg file
  • Your Amazon Machine Image (AMI) creation did not follow the procedure recommended in Steps for Deploying the Distributed Cloud AIP Agent via AMI


  1. Confirm that no Distributed Cloud AIP Agent processes are running on the host.
  2. Delete the tsagentd.cfg file.
  3. Run the tsagent setup command again.
Was this article helpful?
0 out of 0 found this helpful