Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
3
Replies

What does this IPS message indicate?

Go to solution
saidfrh
Level 1
Level 1

‎12-18-2008 11:53 AM - edited ‎03-10-2019 04:25 AM

evError: eventId=1229364010346777529 vendor=Cisco severity=warning

originator:

hostId: IPS

appName: cidwebserver

appInstanceId: 22081

time: Dec 18, 2008 19:30:56 UTC offset=0 timeZone=-8

errorMessage: received fatal alert: certificate_unknown

Messages, like this one, in the category - receipt of TLS fatal alert message - were logged 1795 times in the last 3601 seconds. name=errWarning

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎12-18-2008 12:49 PM

Soemthing is try to connect to your sensor using an incorrect TLS certificate.

This error is very common in situations where your sensor now has a newer TLS certificate (usually becuase of re-imaging the sensor, or creating a new TLS certificate because the older one expired).

Go to all of your management station boxes and ensure that they have been updated with the sensor's new TLS certificate.

If you are not sure which management boxes may not have been updated, then run the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎12-18-2008 12:49 PM

Soemthing is try to connect to your sensor using an incorrect TLS certificate.

This error is very common in situations where your sensor now has a newer TLS certificate (usually becuase of re-imaging the sensor, or creating a new TLS certificate because the older one expired).

Go to all of your management station boxes and ensure that they have been updated with the sensor's new TLS certificate.

If you are not sure which management boxes may not have been updated, then run the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server.

0 Helpful

Go to solution
saidfrh
Level 1
Level 1
In response to marcabal

‎12-18-2008 12:58 PM

What is the command to run "the packet display command on the sensor's management interface and look to see which IPs are attempting to connect to your sensor's web server."

0 Helpful

Go to solution
Not applicable
In response to saidfrh

‎01-12-2009 12:19 PM

In its simplest form, the command is:

packet display

although there are additional parameters that you can specify. Use ? to see the options.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card