Client operating system: Windows 10 Pro 21H1 Build 19043.1348
Client hardware: Lenovo X1 Carbon and Lenovo ThinkBook 13S G2 ITL
Server: Zabbix Server 5.0.16 on Ubuntu 18.04 LTS
Sprint 85 (Feb 2022)
We use the Zabbix agent with over 300 clients secured by TLS with pre-shared key. With approx. 30 new devices we get the following error.
active check configuration update from [monitoring.example.com:10051] started to fail (SSL_write() timed out)
failed to accept an incoming connection: from 22.214.171.124: TLS handshake set result code to 1: file ../ssl/t1_lib.c line 2589: error:14201076:SSL routines:tls_choose_sigalg:no suitable signature algorithm: TLS write fatal alert "handshake failure"
The configuration is identical to devices on which the same configuration works.
The problem exists with Zabbix Agent 5.0.14 installed via Chocolatey, 5.0.17 manually installed (MSI with OpenSSL) as well as with 5.4.7 manually installed (MSI with OpenSSL).
We also tested it with Zabbix Server 5.4.7 and Zabbix Agent 5.4.7, with the same result.
It only works with Zabbix Agent 2 on these clients with identical configuration.
We are happy to provide further information that will help to identify the problem or to give access to one of the devices for debugging purposes, e.g. via TeamViewer.
In the forum someone has the same problem: https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/424646-how-to-solve-problem-active-check-update-from-started-to-fail-ssl_write-timed-out
Zabbix Agent logs with DebugLevel=5 and configuration files attached.
ZBX-17310 configuration update started to fail (SSL_read() timed out)