Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
7
Helpful
4
Replies

IDS - TLS handshake incomplete

simonecarbonara
Level 1
Level 1

‎05-31-2007 08:23 AM - edited ‎03-10-2019 03:38 AM

Hello guys,

i'm system administrator for a small company and i'm experiencing a strange behaviour on 1 of my 4 IDS 4235 sensor running 4.1.(5)S252 .Two of them are on the external (toward internet) and 2 of them are on the internal network. They are all managed by IDSMC 2.1 and CiscoWorks 2.1. At the moment the one on the inside cannot be reached with IEV with the following errors:

evError: eventId=1089392073211120283 severity=error

originator:

hostId: sensor-1-int

appName: cidwebserver

appInstanceId: 1634

time: 2007/05/31 15:27:23 2007/05/31 17:27:23 cet

errorMessage: name=errUnclassified srvcReq protoErr: unexpected_message [10,0]

evError: eventId=1089392073211120284 severity=error

originator:

hostId: sensor-1-int

appName: cidwebserver

appInstanceId: 1331

time: 2007/05/31 15:27:23 2007/05/31 17:27:23 cet

errorMessage: name=errTransport WebSession::sessionTask(3) TLS connection exception: handshake incomplete.

Googling around i noticed similar behaviour under SSL DOS attack but my logs are a little bit different, so i think and HOPE that is not a dos.

In the mean time i thank you and give my best regards waiting for some feedback

simone

Labels:
0 Helpful
4 Replies 4

rhermes
Level 7
Level 7

‎05-31-2007 11:06 AM

Assuming you have connectivity between your VMS and sensor, try deleteing and re-adding the sensor in VMS. This has fixed this problem for me.

0 Helpful

attmidsteam
Level 1
Level 1

‎06-01-2007 01:12 PM

You may want to upgrade to at least 5.1(x) as there is no longer signature support for 4.x sensors.

That aside, a cert expiration on the sensor can result in a failed TLS handshake. Re-importing as the previous poster noted will give you a much better perspective of what the problem may be

Hope this helps

simonecarbonara
Level 1
Level 1
In response to attmidsteam

‎06-06-2007 01:22 AM

Yeah,

and in fact i did this opearation and it brings to the same behaviour. Thank you all guys for the support.

I'll probably need to upgrade my sensor to the new IPS version, but this is dependant to my old VMS version 2.2 and OS machine with windows 2000. So as far as i know i should upgrade windows 2000 to 2003 and then update VMS to the lastest version and then upgrade sensors to be imported with 5.x version to the new VMS version(2.3?)Is that correct?

thank you all

simone

0 Helpful

rhermes
Level 7
Level 7
In response to simonecarbonara

‎06-06-2007 11:50 AM

I'm running VMS 2.3 with the latest patches on several Windows 2000 server boxes with 5.x sensors.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card