Interval set to 30 (Good connection to ds)Īfter all that I went through and started verifying the cipherSuites and sslVersions between the client and ds for web.conf and nf which both are using splunks default values. Interval set to 300 (Bad connection to the ds)ĭs Server Hello, Certificate, Server Hello DoneĬlient TLSv1.2 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Messageĭs TLSv1.2 New Session Ticket, Change Cipher Spec, Encrypted Handshake Message I did a tcpdump and made two different pcaps to look at in wireshark and I kinda wanna say this looks like the client is sending resets before the TLS connection could be finished? Is that what is happening here? HTTPPubSubConnection - Unable to parse message from PubSubSvr:Ĭould no obtain connection, will retry after=xxx.xxx seconds. channel=tenantService/handshake Will retry handshake message to DS err=not_connectedĪlso I saw some messages that look related. channel=deploymentServer/phoneHome/default Will retry sending phonehome to DS err=not_connected Phonehome thread start, intervals: handshakeRetry=60 phonehome=300.0 Will try to re-subscribe to handshake reply I still double checked though and see no blocks and the port is also added in firewalld.įor the deployment server side I didn't get any messages from that that search.įor the client side I saw the following messages I don't think it would be the firewall, because if I change the interval to 30 it can eventually connect to the DS and shows up in the Forwarder Management. I took a look at some of those searches to look for additional messages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |