Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISA570 system log error message http_pipelined_request_thread nonblocking_ssl_write SSL_ERROR_TIMEOUT

Good Evening

Recently I got some error messages on my ISA570 in the system log that start to increase during night. On a first view it looks like somebody trying to access the firewall with SSL, but then the information in the log does not help any further.

All errors look same as follows:

2014-01-11 00:01:02 - Err - System: sdsd: http_pipelined_request_thread: Error: nonblocking_ssl_write returned -1, err = 100 = SSL_ERROR_TIMEOUT
2014-01-11 00:01:05 - Err - System: sdsd: http_pipelined_request_thread: Error: nonblocking_ssl_write returned -1, err = 100 = SSL_ERROR_TIMEOUT
2014-01-11 00:01:08 - Err - System: sdsd: http_pipelined_request_thread: Error: nonblocking_ssl_write returned -1, err = 100 = SSL_ERROR_TIMEOUT

Any idea what they mean and how I can trace them back to the origin?

I use the latest firmware.

Thanks and best regards,

Rolly

6 REPLIES
New Member

No responses on this? I'm

No responses on this? I'm having exactly the same problem. Tried googling the exact same issue but nothing found.

Else Rolly, did you find a reason / fix?

 

Many regards

Cisco Employee

Hi,These are messages that

Hi,

These are messages that indicate the communication between Security Services (sdsd) and the servers timed out.  When this happens, it will attempt to retry.  Which firmware version are you running?  Are you seeing issues with Security Services not working or showing offline?

Thanks,

Brandon

New Member

Hi Brandon,Thanks for the

Hi Brandon,

Thanks for the response. I totally forgot about this until I noticed them happening again and googled it and found my own question!

Did you ever get an official statement? it's happening on firmware 1.2.20 (was 1.2.19 at the time)

 

Many thanks!

New Member

Hi JohnAs for me, I have not

Hi John

As for me, I have not got any further Response from Cisco. But I moved the ISA570 out of the production environment to a small test environment, and there I have never encountered the issue. So, still no definite answer, but only rumors.

 

Beat regards,

Rolly

Cisco Employee

Hi John,As I mentioned in my

Hi John,

As I mentioned in my earlier reply, those messages indicate the communication between Security Services (sdsd) and the servers timed out.  It's ok to see them periodically in the logs as sdsd will retry.  If you notice Security Services showing offline, then we will look at those logs to see what's going on. 

The logs are not related to Heartbleed.  I see a comment regarding that earlier in the thread and wanted to clear that up.

Let me know if you have any questions regarding this.

Thanks,

Brandon

New Member

Dear Pixel ProjectAbout a

Dear Pixel Project

About a week after the release of the heartbleed bug, a Cisco employee said that this error is related to the heartbleed issue, when somebody tries to access. This made sense to me as we had this issue just coming up recently and on two different firmwares. However, officially Cisco stated that the ISA500 is still under investigation.

So I am not sure, but we removed all productive ISA500 firewalls in the company as the risk is definitely too high!! The good thing, now I have one at home and as I don't use any VPN or other external access at home it should be fine for AntiVirus filtering and basic firewall function.

As soon as I get an official statement, I'll report it here.

Best regards,

Rolly

520
Views
0
Helpful
6
Replies
CreatePlease login to create content