Handshake Unauthorized Error

Agent 1.x series

Symptoms:

Run the cloudsight setup command. App Infrastructure Protection (AIP) Agent services do not start and the following error message displays in the Command Line and is captured in the audit logs:

Error received: handshake unauthorized

The error message means the Agent attempted to connect to the AIP backend, but was unable to successfully authenticate.

Issue(s):

There are three potential reaons behind a "handshake unauthorized" error message:

  • The .secret file is corrupt or invalid

    Note

    You can find the .secret file at: /opt/threatstack/cloudsight/config/.secret.

  • Someone revoked the Agent or the Agent went offline, and you tried to rerun the setup commands on the same host without deleting the .secret file
  • Your Amazon Machine Image (AMI) creation did not follow the procedure recommended in Steps for Deploying the AIP Agent via AMI

Resolution:

  1. Confirm that no AIP Agent processes are running on the host.
  2. Delete the /opt/threatstack/cloudsight/config/.secret file.
  3. Run the cloudsight setup command again.

Agent 2.x+ series

Symptoms:

Run the tsagent setup command. AIP Agent services do not start and the following error message displays in the Command Line and is captured in the audit logs:

Error received: handshake unauthorized

The error message means the Agent attempted to connect to the AIP backend, but was unable to successfully authenticate.

Issue(s):

There are three potential reasons behind a "handshake unauthorized" error message:

  • The tsagentd.cfg file is corrupt or invalid

    Note

    You can find the tsagentd.cfg file at: /opt/threatstack/etc/tsagentd.cfg.

  • Someone revoked the Agent or the Agent went offline, and you tried to rerun the setup commands on the same host without deleting the tsagentd.cfg file
  • Your Amazon Machine Image (AMI) creation did not follow the procedure recommended in Steps for Deploying the AIP Agent via AMI

Resolution:

  1. Confirm that no AIP Agent processes are running on the host.
  2. Delete the tsagentd.cfg file.
  3. Run the tsagent setup command again.
Was this article helpful?
0 out of 0 found this helpful