Handshake Unauthorized Error

Follow

Agent 1.x series

Symptoms:

Run the cloudsight setup command. Threat Stack Agent services do not start and the following error message displays in the Command Line and is captured in the audit logs:

Error received: handshake unauthorized

The error message means the Agent attempted to connect to the Threat Stack backend, but was unable to successfully authenticate.

Issue(s):

There are three potential reaons behind a "handshake unauthorized" error message:

  • The .secret file is corrupt or invalid

    Note

    You can find the .secret file at: /opt/threatstack/cloudsight/config/.secret.

  • Someone revoked the Agent or the Agent went offline, and you tried to rerun the setup commands on the same host without deleting the .secret file
  • Your Amazon Machine Image (AMI) creation did not follow the procedure recommended in Steps for Deploying the Threat Stack Agent via AMI

Resolution:

  1. Confirm that no Threat Stack Agent processes are running on the host.
  2. Delete the /opt/threatstack/cloudsight/config/.secret file.
  3. Run the cloudsight setup command again.

Agent 2.x series

Symptoms:

Run the tsagent setup command. Threat Stack Agent services do not start and the following error message displays in the Command Line and is captured in the audit logs:

Error received: handshake unauthorized

The error message means the Agent attempted to connect to the Threat Stack backend, but was unable to successfully authenticate.

Issue(s):

There are three potential reaons behind a "handshake unauthorized" error message:

  • The tsagentd.cfg file is corrupt or invalid

    Note

    You can find the tsagentd.cfg file at: /opt/threatstack/etc/tsagentd.cfg.

  • Someone revoked the Agent or the Agent went offline, and you tried to rerun the setup commands on the same host without deleting the tsagentd.cfg file
  • Your Amazon Machine Image (AMI) creation did not follow the procedure recommended in Steps for Deploying the Threat Stack Agent via AMI

Resolution:

  1. Confirm that no Threat Stack Agent processes are running on the host.
  2. Delete the tsagentd.cfg file.
  3. Run the tsagent setup command again.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.