Good day every body!
I am using 4215 IPS-K9-6.0-4a-E1 image. Recently our sensor started to generate a lot of errors like that (when connected by IDM):
evError: eventId=1208572151825393108 severity=error vendor=Cisco
time: 2008/06/03 16:00:26 2008/06/03 16:00:26 UTC
errorMessage: name=errTransport WebSession::sessionTask TLS connection exception: handshake incomplete.
I do understand that there is something wrong with tls certificates. So here are the things that I've tried:
-Regenerate HTTPS certificate and reconnect. Nope, doesn't work.
-Reset sensor to defaults, set IP anew, regenerate certificates. Nope, doesn't work.
-I've also searched this forum, found some topics having the same problem... But there weren't any solution stated.
I do not want to use simple HTTP, so this is not an option.
Could this be a client problem? My client host is MS Windows Server 2003, Sun JRE 1.5, IE 6.
I'd be very thankful if anyone could point me a solution to this issue!
Thanks in advance!
That message is common when something is connecting to the sensor through HTTPS but is using the wrong TLS certificate.
However, this message does not let you know which box is having this connection problem.
If you are able to connect in from IDM and IDM is working fine, then it is likely that it is not IDM that is causing the errors.
More than likely there is another box (or application) on your network that is trying to connect and still has the old SSL certificate of the sensor.
That Other box needs to be updated with the sensor's newest SSL certificate.
To figure out the IP address of the Other box you could try and use the "packet display" command on the sensor's command and control IP Address to look for HTTPS sessions to the sensor that are short lived.
My best guess is that you may have an old installation of IEV or some other monitoring tool that is trying to connect to the sensor using an old SSL certificate, and that application needs to be updated to use the sensor's newest SSL certificate.
If you can't connect in from IDM, and during those attempts you keep getting that error. Then your web browser has the old certificate cached, and you need to get your browser to accept the newest SSL certificate from your sensor. IDM should then start working and the error would go away.