Our CCS installation (12.5.2) has issues fetching the secure key from agents.
This has been found to be caused by a firewall, such as a local firewall on a Unix asset.
For example, iptables or nftables running on a Linux server.
Create a rule on the firewall(s) to allow the communication with the agent to go through.
Ports used by the Agents
5601 - Windows Agents
5600 - Unix Agents
5599 - Used for APU/ACU jobs to update the Agents.
Here is an article to assist with troubleshooting connectivity.
For Agent based troubleshooting take note of what will get logged in the Agent log file, when an incoming connection is made outside of CCS.