NetXMS Support Forum

How server side log looks like for that tunnel? Also, please try this agent version: https://netxms.org/download/releases/3.3/nxagent-3.3.350-x64.exe - it fixes incorrect error code display in "SSL read error" message so we could see actual socket error code that could provide some clue.
Another thought - could it be that you have some kind of DPI device between agent and server that detects SSL handshake and blocks connection for some reason?

Best regards,
Victor

Yes, this should solve the issue. Duplicate records are definitely a bug, but keeping them will not help in debugging it anyway.

Best regards,
Victor

Hi,

it looks like duplicate records in source table, although it is quite strange because PostgreSQL schema should have timestamp as part of primary key as well. Please try to run query

SELECT * FROM idata_164 WHERE item_id=1227 AND idata_timestamp=1589846471;

on original database - how many records it will produce?

Best regards,
Victor

Please check that your server certificate has CA constraint set to TRUE. You can do that by printing certificate in text form with command like this:

openssl x509 -text -noout -in server.crt

and look for "X509v3 Basic Constraints" section. For example, my test server's certificate looks like this (only relevant part of the output):

        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:TRUE


Best regards,
Victor

Hi,

I did some testing on my system, and I can get this error if TCP/IP is disabled in native client configuration. Check "Client Protocols" section under "SQL Native Client 11.0 Configuration" in "SQL Server Configuration Manager".

Best regards,
Victor

Hi,

all seems going well until this point:

2020.06.02 06:04:06.788 *D* [tunnel             ] 192.168.10.6: SSL_write error (bytes=-1 ssl_err=5 errno=2)

SSL error 5 means underlying socket error, which is strange because SSL negotiation seems to be completed successfully. Are you using server version 3.3.x as well? Can you check what was logged in server log during that attempt?

Best regards,
Victor

Hi,

currently no.

Best regards,
Victor

Do you have SYS_DCI_ACTIVE events in event log for that node?

Hi,

configuration looks good. Is hybrid authentication enabled? Also, could it be that password contains some characters that could be misinterpreted (like: ; # ' ")?

Best regards,
Victor

Hi,

server should generate event SYS_DCI_ACTIVE when DCI state changes from "unsupported" to "active". Make sure that you are processing this event in EPP and use correct key to terminate alarms generated with SYS_DCI_UNSUPPORTED.

Best regards,
Victor

Actually we already decided that we have to move from libvirt to direct interaction with VMWare API (as we already did for XEN) - it's just question of available time and resources.

Best regards,
Victor

Попробуйте поставить уровень дебага 9 для тэга ncd.telegram, создать канал, попробовать послать сообщение, и пришлите лог сервера.

Hi,

probably the only way is to create script table DCI. Inside script you can use executeSSHCommand method to get your output as lines and split them into table columns.

Best regards,
Victor

Hi,

on what OS and what agent version?

Best regards,
Victor

Yes, it looks like message is too big (or rather supplied buffer is too small). I've registered an issue in our bug tracker: https://track.radensolutions.com/issue/NX-1863

Best regards,
Victor