"Unrecognized SSL message, plaintext connection?" when trying to connect Symantec Security Information Manager (SSIM) Event Agent to a manager

book

Article ID: 155778

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You are trying to bootstrap a SSIM Agent to its manager you get an error message about "Unrecognized SSL message, plaintext connection?"

Exact error is in sesa-agent.log:

 

2012-01-19 08:44:31,468 INFO  [Logging] Symantec Event Agent Symc_ConfigProvider: bootstrapping to 'https://atr-ses-9650.emea.ts:443/sesa/servlet/bootstrap'
2012-01-19 08:44:45,812 INFO  [Logging] Exception during bootstrap proxy: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
2012-01-19 08:44:45,812 ERROR [Logging] javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
    at com.symantec.management.util.SSL_Socket.createSocket(SSL_Socket.java:245)
    at com.symantec.management.util.SESAHttpConnection.connect(SESAHttpConnection.java:210)
    at com.symantec.management.util.SESAHttpConnection.connect(SESAHttpConnection.java:143)
    at com.symantec.management.util.SESAHttpConnection.getOutputStream(SESAHttpConnection.java:381)
    at com.symantec.management.dirutil.BootstrapProxy.bootstrap(BootstrapProxy.java:188)
    at com.symantec.management.dirutil.CreateLocalMachine.doCommonBootstrapProcessing(CreateLocalMachine.java:146)
    at com.symantec.management.dirutil.CreateLocalMachine.bootstrapClient(CreateLocalMachine.java:98)
    at com.symantec.management.providers.config.ConfigProvider.bootstrap(ConfigProvider.java:1044)
    at com.symantec.management.providers.config.ConfigProvider.initialize(ConfigProvider.java:214)
    at com.symantec.management.providers.SymcProviders.initializeSesaProvider(SymcProviders.java:930)
    at com.symantec.management.providers.SymcProviders.initialize(SymcProviders.java:864)
    at org.snia.wbemcmd.cimom.ProviderMapper.addInstance(ProviderMapper.java:127)
    at org.snia.wbemcmd.cimom.ProviderMapper.getProvider(ProviderMapper.java:146)
    at org.snia.wbemcmd.cimom.ServerNameSpace.getInstanceProvider(ServerNameSpace.java:427)
    at org.snia.wbemcmd.cimom.ServerNameSpace.getInstanceProvider(ServerNameSpace.java:404)
    at org.snia.wbemcmd.cimom.ServerNameSpace.getInstance(ServerNameSpace.java:614)
    at org.snia.wbemcmd.cimom.CIMServer.getInstance(CIMServer.java:548)
    at org.snia.wbemcmd.cimom.CIMOMHandleGeneric.getInstance(CIMOMHandleGeneric.java:240)
    at org.snia.wbem.client.CIMClient.getInstance(CIMClient.java:516)
    at org.snia.wbemcmd.cimom.CIMServer.preloadProviders(CIMServer.java:996)
    at org.snia.wbemcmd.cimom.CIMServer.mainNoSystemExit(CIMServer.java:1185)
    at org.snia.wbemcmd.cimom.CIMServer.main(CIMServer.java:1281)


2012-01-19 08:44:45,827 INFO  [Logging] **ERROR: SSLException encountered - Unrecognized SSL message, plaintext connection?
2012-01-19 08:44:45,827 INFO  [Logging] This error indicates the agent could not connect to the server because of failing to establish a secure session.
2012-01-19 08:44:45,827 INFO  [Logging] One possible cause for this error is the validity of the server certificate, including date range (valid from/valid to).
 

Cause

The communication between the Manager and the Agent is inpected by proxy with configuration to do HTTPS inspection.

Resolution

You need to disable the Proxy scanning of HTTPS connection between Agent and the SSIM Server.

One of the feature of ForeFront TMG is to be able to do HTTPS Inspection. As in most setup the SSIM certificate is self signed, this means that it can't be validated against an external CA. This option can be found in Web Access Policy -> HTTPS Inspection.


Applies To

Using ForeFront Threat Management Gateway (TMG) 2010