Windows Agent error "server gave HTTP response to HTTPS client"

pretty simple setup:

Vault Server:
listener “tcp” {
address = “vault-server.com:8200”
tls_disable = 1
}

Vault Agent:
listener “tcp” {
address = “vault-server.com:8100”
tls_disable = true
tls_disable_client_certs = true
}

when starting the Windows Agent Service, I got the following error:
] agent.auth.handler: error authenticating: error=“Put "https://vault-server.com:8200/v1/auth/approle/login\”: http: server gave HTTP response to HTTPS client"

any advises would be very much appreciated.

Hi @jedi

If I am reading this correctly, you have set the Vault Server to have TLS disabled but looks like maybe your Vault agent config has the address set to https?

thanks Jon, as you see from my post, the agent listener is tcp with tls_disable = true

Hi Jason,

I do see that the listener has TLS disabled. Apologies for not being more clear, I would expect somewhere in the agent config there should be a vault stanza that the agent uses to connect to the Vault server similar to

vault {
  address = "https://vault-server.com:8200"
}

An example configuration is in this tutorial, in the configure vault agent section (step 5) Vault Agent Windows service | Vault | HashiCorp Developer

thanks Joh for the folowing up.
agent connecting server via $env:VAULT_ADDR=“http://vault-server:8200”.

step 5 in the link shows same config with mine:

listener “tcp” {
address = “127.0.0.1:8100”
tls_disable = true
}

The actual error you are getting though has httpS:// in the Vault address?

found the issue, creating windows service with wrong -address (should be http)

New-Service xxxx -address=“https://vault-server8200”’

thanks so much Jon. your feedback triggers me look back this cli.

@jedi - great to hear and happy to help!