Articles in this section

Self help
FAQ
["FAQ"]

Geneos - What are the common error codes when monitoring HTTPS websites with Web-Mon plugin?

Avatar
ITRS Support
  • Updated
Follow

 

The Netprobe version may need an upgrade to cope with evolving web technologies and standards. The Web-Mon plugin makes use of the CURL library (libcurl), which is bundled with the Netprobe installation. This article has collected common error codes that users may encounter.

Common Errors

error:140770FC:SSL routines:func(119):reason(252)

This error may be returned from older Netprobe versions from GA3.0.x to GA3.2.x. It is suggested that users upgrade their Netprobe version as appropriate. This code is usually translated as  "unknown protocol".

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

The error may appear if Web-Mon plugin is unable to connect to the target website due to mismatch of protocol version or cipher. One other possibility is that the target website actually returned an  HTTP rather than HTTPS response.

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

The Web-Mon plugin is unable to negotiate with the target website using the TLS protocol. It is possible that the website uses the deprecated SSL v2 or v3 protocols, which are no longer supported since Geneos version GA3.6.

error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

The above error may appear when the monitored website requires TLS version 1.2 but the Netprobe is older than version GA3.6.

error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small

The target website is probably using certain weak ciphers. In particular, the OpenSSL library bundled with Geneos has been upgraded from version GA3.8.1 (NPX-903) to address various known vulnerabilities. As a result, the Web-Mon plugin may refuse to connect to some older websites.

error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

The target website may be expecting to receive a client certificate for authentication. Please check with the administrator responsible for the remote website. If that is the case, you can review the article: How do I use client certificate to connect websites in the Web-Mon plugin?

schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326)

This error likely occurs on Windows Netprobe trying to connect newer SSL web sites. Please make sure the Netprobe version is GA5.6 (COL-8265) or above.

Diagnosis

Users may try the "openssl" command on Linux to connect to the target website. The example below should provide more detailed messages for troubleshooting.

openssl s_client -connect [hostname:port]

Further Reading

Users may check out Wikipedia's article on Transport Layer Security for background of the TLS and the now-deprecated SSL protocols.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.