On 2011-11-09 12:51 , Andrew Ring wrote: > Greetings, > > While using puppet 2.7.6-266 on a very old Windows XP system (I know > WinXP is not supported by puppet), I have run into an error when running > Puppet Agent: > "err: Could not request certificate: SSL_connect SYSCALL returned=5 > errno=0 state=SSLv2/v3 read server hello A" > > My install procedure is that from the Puppet Labs site: > http://projects.puppetlabs.com/projects/1/wiki/Puppet_Windows > > Watching the transaction via wireshark, communication is and is killed > very shortly after it starts, just over 0.1 seconds between the first > Syn and the last Rst. > > The Puppet Master receives the client's certificate. I am also able to > sign the certificate, which does not alter the behavior of puppet on the > client. I can not confirm it, but it took several times running the > Puppet Agent for the system's SSL certificate to reach the point where > "puppetca --list" would display it. The Puppet Master is running Puppet > version 2.6.2-5. > > I have a second, new Windows 7 system, using the same software versions, > has no issue connecting to the Puppet Master. > > In a thread titled "SSH port forwarding" from 28 March 2011(?) > (http://comments.gmane.org/gmane.comp.sysutils.puppet.user/29632) it was > mentioned that the Puppet Master has a TLS timeout of 0.1 seconds. > > Is this a general issue with Puppet and Windows XP? > Is there a way to increase the TLS timeout on the Puppet Master? > Alternatively, is there a method to confirm that the TLS timeout is my > problem? > > Thank you, > Andrew >
Upgrade your master. It sounds like you're running into #4762[0], which was fixed in 2.7.3. Also, you should be running a version of the master that is >= the version of your newest agent. [0] http://projects.puppetlabs.com/issues/4762 -- Jacob Helwig http://about.me/jhelwig
signature.asc
Description: OpenPGP digital signature
