Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS - TLS handshake incomplete

Hello guys,

i'm system administrator for a small company and i'm experiencing a strange behaviour on 1 of my 4 IDS 4235 sensor running 4.1.(5)S252 .Two of them are on the external (toward internet) and 2 of them are on the internal network. They are all managed by IDSMC 2.1 and CiscoWorks 2.1. At the moment the one on the inside cannot be reached with IEV with the following errors:

evError: eventId=1089392073211120283 severity=error

originator:

hostId: sensor-1-int

appName: cidwebserver

appInstanceId: 1634

time: 2007/05/31 15:27:23 2007/05/31 17:27:23 cet

errorMessage: name=errUnclassified srvcReq protoErr: unexpected_message [10,0]

evError: eventId=1089392073211120284 severity=error

originator:

hostId: sensor-1-int

appName: cidwebserver

appInstanceId: 1331

time: 2007/05/31 15:27:23 2007/05/31 17:27:23 cet

errorMessage: name=errTransport WebSession::sessionTask(3) TLS connection exception: handshake incomplete.

Googling around i noticed similar behaviour under SSL DOS attack but my logs are a little bit different, so i think and HOPE that is not a dos.

In the mean time i thank you and give my best regards waiting for some feedback

simone

4 REPLIES
Gold

Re: IDS - TLS handshake incomplete

Assuming you have connectivity between your VMS and sensor, try deleteing and re-adding the sensor in VMS. This has fixed this problem for me.

Silver

Re: IDS - TLS handshake incomplete

You may want to upgrade to at least 5.1(x) as there is no longer signature support for 4.x sensors.

That aside, a cert expiration on the sensor can result in a failed TLS handshake. Re-importing as the previous poster noted will give you a much better perspective of what the problem may be

Hope this helps

New Member

Re: IDS - TLS handshake incomplete

Yeah,

and in fact i did this opearation and it brings to the same behaviour. Thank you all guys for the support.

I'll probably need to upgrade my sensor to the new IPS version, but this is dependant to my old VMS version 2.2 and OS machine with windows 2000. So as far as i know i should upgrade windows 2000 to 2003 and then update VMS to the lastest version and then upgrade sensors to be imported with 5.x version to the new VMS version(2.3?)Is that correct?

thank you all

simone

Gold

Re: IDS - TLS handshake incomplete

I'm running VMS 2.3 with the latest patches on several Windows 2000 server boxes with 5.x sensors.

324
Views
7
Helpful
4
Replies