Control Compliance Suite (CCS)
When running a data collection or CER job on a CCS agent, you could receive the following error message (with possible variations):
Handshake error occured while authenticating the agent <agent_name>. The authentication error is -1.
CCS 12.5.x
The first error is the following:
“Handshake error occured while authenticating the agent <agent_name>. The authentication error is -1.”
Short answer: this is the error you get when the secret for the agent in the agent.agent table does not match the secret in the C:\Program Files (x86)\Symantec\Enterprise Security Manager\ESM\system\<hostname>\db\agtcert.dat file on the agent.
When an CCS agent is registered to a manager for RBC, the agtcert.dat file is updated with the secret key which is also passed to the .xml file on the manager for when the Fetch agent job is performed. When the xml is fetched from the manager, then the secret is updated in the agent.agent table with the rest of the agent information in the xml.
If that secret in the agent.agent field does not match the secret in the agtcert.dat file, then you will get the following error in the Communication log tab on the agent:
“Handshake error occured while authenticating the agent <agent_name>. The authentication error is -1”
If the agtcert.dat file on the agent does not exist, or has a new secret but not yet registered back with the manager with the new secret, then you will get the following error:
“Handshake error occured while authenticating the agent <agent_name>. The authentication error is -6”
If the secret hash in the agtcert.dat file is corrupt and HAS been registered to the manager, the .xml file on the manager will have the secret field as blank (empty), and when the Fetch agent job is run, then that xml will update the agent info in the agent.agent table, but the secret will be empty. If that happens and you try to run a DC on the agent, you will get the following:
“Handshake error occured while authenticating the agent <agent_name>. The authentication error is -3”
The fix for all of these errors is to reregister the agent with the manager. After registering the agent, you will then need to run the "Fetch Registered Agents" job.