Starting with Unitrends release 10.6.6, Secure Agent Pairing features are enabled for Windows which result in secure TLS communication between agent and appliance and prevent unauthorized systems from all communication to the Unitrends Agent.
Error:- SSL Handshake Failed For: Client
In various circumstances, a client may lose it's keyfiles and require re-pairing with an appliance. This typically happens when manually removing the C:\PCBP directory or it;s files in the keystore subfolder.
If an appliance has prior record of an agent based asset being paired, re-pairing cannot be automatically done. To resolve this condition requires removing the existing keys from the appliance as well, and then ensuring the client is in pairing mode.
Removing keys from the appliance requires knowing the client's node ID number. The easiest way to locate this value is to go to Configure > Protected Assets in the UI. From the hamburger icon at the right, enable the "ID" column if not already seen.
The ID # seen in the ID column for an agent based asset would be required as input to the command below. This command is run in the appliance command line by first logging into your appliance via SSH as the IOS Root user, or via physical or virtual console access.
To find existing by ID (node_no):
cli_key_manager json_whitelist --action find --tag key_id --value node_no
To remove existing by ID (node_no):
cli_key_manager json_whitelist --action remove --tag key_id --value node_no
To re-enable agent for pairing:
Once this is done, you may attempt to pair by selecting the asset in the UI and selecting "Inventory Sync" from the gear icon menu at the top right.
If this process fails, it may also be necessary to force the agent into pairing mode. See our KB Unitrends Agent Pairing - Force Pairing Mode ON to resolve that condition as well.