The agent has rejected an attempt by the eMake client to authenticate itself.
Security Exposure: If our policy was instead to simply drop the agent connection, then attackers could reasonably infer that a dropped connection means authentication failure, because other explanations (such as network connectivity interruptions) are much less likely.
Thus in order to convincingly hide authentication rejection, we would have to provide a convincing simulation of authentication success. The more convincing a simulation, the more computational resources it would consume, and the more confusing it would be to legitimate users and administrators when authentication fails by accident. At least for now, it seems better to focus on detecting actual vulnerabilities, rather than confusing attackers into wasting effort on secure systems.
Various causes are possible. Check the agent logs for details. For security reasons the agent intentionally withholds the details of the failure.
In particular, if on Linux you see
Security Error: gss_accept_sec_context: GSSAPI Minor Status 0x2: No such file or directory
in the agent log, then you may need to install a keytab or tell the
agent where to find it; see Kerberos Usage in CloudBees Build Acceleration for