Welcome to the SRP Forum! Please refer to the SRP Forum FAQ post if you have any questions regarding how the forum works.

Does Open Insight use TLS for anything

joshjosh
edited January 2020 in OpenInsight
Hi, in the event log of the computer on which our LH is running, I can see many errors relating to TLS. These errors have never appeared in the event log until today, the very day that our LH stopped working.


E.G:

An TLS 1.1 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

------------------------------------------------

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
------------------------------------------------
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 0.

Comments

  • DonBakkeDonBakke
    I'm not personally aware of TLS being used for anything other than email.
  • BarryStevensBarryStevens
    Maybe a server issue with 'port' communication.
  • JaredBratuJaredBratu
    I believe the UD 5 uses TLS for client authentication and or connection encryption (if those features are used).

    OpenInsight may indirectly use TLS for SMB (File Sharing and NTLM authentication) but I would expect your file shares to stop working if this occurred.

    As Don mentioned, out-bound email often uses TLS as well as HTTPS connections (though these errors would originate on the computer where the HTTPS connection originated from and not the server - unless the server was running a task that acted as the HTTPS client.)
  • joshjosh
    edited January 2020
    Hi, what is SMB and why does OI use it? I don't really understand it. When I look in wireshark when OI is running, I can see a lot of SMB requests and responses. During the outage I also saw a few "SMB" errors like bcrypt.dll and imhost.dll could not be found.
  • joshjosh
    I found a free online book about "CIFS" and "SMB". I will give this a read:
    http://ubiqx.org/cifs/
  • JaredBratuJaredBratu
    SMB is the protocol that Windows uses for accessing shared files and printers over a mapped network driver or UNC. This is probably a little better overview https://searchnetworking.techtarget.com/definition/Server-Message-Block-Protocol

    Is there something that isn't working which is why you're investigating the event logs or are you just tracking down the messages to make sure there isn't a problem.

    Wireshark might be able to tell you as it should be able to sniff some of the TLS handshakes and determine which IP address tried to initiate an unsupported connection.
  • joshjosh
    edited January 2020
    Hi, the reason I am asking all these questions is that our LH program didn't work for 6 hours. We emailed Revelation and received a response from them. Unfortunately, we still don't know what the issue was.

    And yes, that book I linked goes into too much detail. Anyway, I know what SMB and CIFS are now. Thanks.

    It's too late to look at Wireshark logs, as the problem occurred last week. I was just saying that I remember looking at the Wireshark logs (on my pc) during the crash, and I saw a couple of SMB errors. But that honestly may not have had anything to do with the issue. I should look at the Wireshark logs now, when everything is running correctly, and see if those SMB errors are still occurring.

    But just out of interest, even though I know what SMB is , I still don't know why OI uses it. Is it simply because the OI program and all of the files it needs in order to run are stored on a remote computer (relative to my computer)? So if all of the OI programs and data were on my computer, SMB would not be used?

Sign In or Register to comment.