[stork-users] Cannot get state of machine

Slawek Figiel slawek at isc.org
Wed Feb 11 18:25:03 UTC 2026 

Hello!

It looks like a misconfiguration problem to me. The Stork server cannot 
connect to the Stork agent.

 > "transport: authentication handshake failed: tls: first record does 
not look like a TLS handshake

But the Stork agent can connect to the Stork server because it 
successfully registered.

In my opinion, the most likely issue is wrong STORK_AGENT_HOST or 
STORK_AGENT_PORT parameters. The server uses these values to establish a 
connection to the agent. If they are wrong, the server tries to connect 
to an incorrect or nonexistent host.

Please verify these values provided in the Stork agent configuration or 
specified as CLI flags. Check (for example, using ping) that the Stork 
server machine can connect to the Stork agent machine using this 
hostname/IP address.

I will wait for your feedback.

Regards,
Slawek Figiel


On 2/11/26 7:18 PM, bart at ravenslair.nl wrote:
> Recently I followed https://kb.isc.org/docs/stork-quickstart- 
> guide#debian-apt-compatible <https://kb.isc.org/docs/stork-quickstart- 
> guide#debian-apt-compatible> to set up Stork on Debian 13, I ran into 
> two things.
> 
> The first thing I ran into has since been added under “Debian 13 
> differences” after I reported a “command not found” to the customer 
> service.
> 
> The other thing is that I keep running into “The machine state was 
> retrieved from the Stork server, but the server had problems 
> communicating with the Stork agent on the machine: Cannot get state of 
> machine”
> 
> As far as I can tell everything that’s supposed to be running is running 
> and I retried the guide on a(nother) Debian 13 install on a different 
> system, only to run into the exact same thing.
> 
> Since there’s no firewall active (yet) it can’t be that, so that’s one 
> thing excluded. While settings things up I ran into the identical port 
> issue, got Stork and the agent running on the same system. I changed the 
> config as indicated by the guide under “Stork Server and Stork Agent 
> cohabitating” after which I could register (and later re-register) the 
> agent without problems. Journalctl shows this:
> 
> kea-dhcp-ddns[5468]: INFO  COMMAND_RECEIVED Received command 'config-get'
> 
> kea-ctrl-agent[5805]: INFO  CTRL_AGENT_COMMAND_FORWARDED command config- 
> get successfully forwarded to the service d2 from remote address 127.0.0.1
> 
> kea-dhcp4[5370]: INFO  COMMAND_RECEIVED Received command 'config-get'
> 
> kea-ctrl-agent[5805]: INFO  CTRL_AGENT_COMMAND_FORWARDED command config- 
> get successfully forwarded to the service dhcp4 from remote address 
> 127.0.0.1
> 
> kea-dhcp6[5569]: INFO  COMMAND_RECEIVED Received command 'config-get'
> 
> kea-ctrl-agent[5805]: INFO  CTRL_AGENT_COMMAND_FORWARDED command config- 
> get successfully forwarded to the service dhcp6 from remote address 
> 127.0.0.1
> 
> stork-server[10579]: time="2026-02-08 14:11:34" level="info" 
> msg="Completed pulling DHCP status from Kea apps: 0/0 succeeded" 
> file="           status.go:258  "
> 
> stork-server[10579]: time="2026-02-08 14:11:35" level="warning" msg="rpc 
> error: code = Unavailable desc = connection error: desc = \"transport: 
> authentication handshake failed: tls: first record does not look like a 
> TLS handshake\"" file="          manager.go:125  " agent="PlrtzGlrb:8080"
> 
> stork-server[10579]: time="2026-02-08 14:11:35" level="warning" 
> msg="Failed to get state from the Stork agent; the agent is still not 
> responding" file="           grpcli.go:340  " agent="PlrtzGlrb:8080"
> 
> stork-server[10579]: time="2026-02-08 14:11:35" level="warning" 
> msg="failed to get state from agent PlrtzGlrb:8080: grpc manager is 
> unable to make a call to the agent PlrtzGlrb:8080: rpc error: code = 
> Unavailable desc = connection error: desc = \"transport: authentication 
> handshake failed: tls: first record does not look like a TLS 
> handshake\"" file="      statepuller.go:246  "
> 
> stork-server[10579]: time="2026-02-08 14:11:35" level="info" 
> msg="Completed pulling information from machines: 1/1 succeeded" 
> file="      statepuller.go:73   "
> 
> kea-ctrl-agent[5805]: INFO  HTTP_CLIENT_REQUEST_AUTHORIZED received HTTP 
> request authorized for 'kea-api'
> 
> kea-ctrl-agent[5805]: INFO  COMMAND_RECEIVED Received command 'version-get'
> 
> kea-ctrl-agent[5805]: INFO  CTRL_AGENT_COMMAND_RECEIVED command version- 
> get received from remote address 127.0.0.1
> 
> kea-ctrl-agent[5805]: INFO  CTRL_AGENT_COMMAND_FORWARDED command 
> version-get successfully forwarded to the service d2 from remote address 
> 127.0.0.1
> 
> kea-dhcp-ddns[5468]: INFO  COMMAND_RECEIVED Received command 'version-get'
> 
> kea-dhcp4[5370]: INFO  COMMAND_RECEIVED Received command 'version-get'
> 
> kea-ctrl-agent[5805]: INFO  CTRL_AGENT_COMMAND_FORWARDED command 
> version-get successfully forwarded to the service dhcp4 from remote 
> address 127.0.0.1
> 
> kea-dhcp6[5569]: INFO  COMMAND_RECEIVED Received command 'version-get'
> 
> kea-ctrl-agent[5805]: INFO  CTRL_AGENT_COMMAND_FORWARDED command 
> version-get successfully forwarded to the service dhcp6 from remote 
> address 127.0.0.1
> 
> Since I’m new with Kea DHCP Server and Stork (I’m used to ISC DHCP 
> Server combined with Webmin), I wouldn’t be surprised if I missed a 
> setting, though I would’ve expected that to be in the guide.
> 
> Does anyone happen to know why Stork is throwing the error? As for 
> journalctl, Google isn’t giving hits on the TLS handshake error from 
> journalctl in combination with Stork.
> 
>

More information about the Stork-users mailing list