Handshake failed to complete

[bobo13 0]

I'm using ERA 6.4 in my network, have around 40 clients, all are working fine, but one of computer fails to connect to the remote administrator server. I have looked into the log file, and found:

Error: CReplicationManager: Replication (network) connection to 'host: "10.10.2.10" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.

This  computers installed the agent with same settings like others, because they are installed by the same liveinstall batch.

I have tried:

1. reinstall the agent

2. creat new cert and reinstall 

3. Uninstall re-install agent

4. Turn off firewall settings on both server and client

5. Changed host to connect IP rather than FQDN

All of above methods doesn't help, any body here have any suggestions?

Many thanks

trace.log

[MartinK 378]

Seems there is problem during SSL handshake, but not with certificate verification, at least not on client side. I would recommend to check also SERVER trace log, whether there is more relevant error.

Could you specify platform/version of operating system? Is there any proxy or firewall between AGENT and SERVER that could interfere with connection, or AGENT is connecting directly to SERVER? Any chance you have enabled "Advanced security" in SERVER configuration? We have seen similar reports from older systems (Windows 2003 as an example) where solution was to use specific MS update not distributed automatically.

It is also possible to analyze SSL handshake using network capturing tools like Wireshark, which may help to diagnose what is going on, but it requires certain skills. There may be problem not only with certificates, but also with TLS protocol support and also with negotiation of cryptographic algorithms (i.e. finding interleave between algorithms supported by client and server)

[bobo13 0]

I have checked the Server trace log and no errors on there. I am able to deploy agents to new machine without any problem so Its a problem on this one machine.

 

The client is on Windows 7 as well as the Server with is also Windows 7. We dont have any firewall or proxy in use between them. It is a direct connection.

I am not sure what you mean by Advanced Security. Where can I find this?

 

[MartinK 378]

9 hours ago, bobo13 said:

I am not sure what you mean by Advanced Security. Where can I find this?

I meant ERA Server configuration parameter (see documentation) but I guess you are not using it as you were not aware of it.

Regarding your issue, my last recommendation is to test whether updating AGENT to version 6.5 will help. There should be no problem with connection to ERA 6.4 server and upgrade. Upgrade may be performed manually and does not require any special parameters - may be executed silently without parameters.

Last resort would be most probably analysis of network traffic using tools like wireshark. I am confused by fact that there are no errors in your ERA Server's trace log, as it may indicate that connection attempt do not reach ERA and may be blocked on a way.