Security

last person joined: 6 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

  • 1.  Problem to connect the Gui Server

    Posted 07-20-2009 06:13

    Hi All,

     

    I have a big problem here, today my NSM can´t work.

     

    Im trying to connect the Gui but is not possible.

     

    In the guiDaemon.o file I saw the following logs:

    [root@ABR-MNG-SAONEA01 errorLog]# tail -f guiDaemon.0
    [07/20/2009 09:52:28.697] [Notice] [6429072-connectionMgr.c:2588] connMgrIncomingGuiTlsPlugHandler: exit
    [07/20/2009 09:52:28.697] [Notice] [6429072-guiTlsPlug.c:2401] guiTlsPlugIncomingHandler: finished
    [07/20/2009 09:52:28.980] [Notice] [6429072-guiTlsPlug.c:1984] GUITLSPLUG: Received HANDSHAKE state = 4
    [07/20/2009 09:52:28.980] [Notice] [6429072-guiTlsPlug.c:858] guiTlsPlugSSLConnect entry plug state = 4
    [07/20/2009 09:52:28.980] [Notice] [6429072-guiTlsPlug.c:893] GUITLSPLUG:       SSL_ERROR_WANT_READ
    [07/20/2009 09:52:28.980] [Notice] [6429072-guiTlsPlug.c:937] GUITLSPLUG: guiTlsPlugSSLConnect success
    [07/20/2009 09:53:58.591] [Error] [6429072-connectionMgr.c:3334] Sombody forgot to stop the reconnect timer
    [07/20/2009 09:55:28.591] [Error] [6429072-guiTlsPlug.c:1568] GUITLSPLUG: timeout handshake4 state
    [07/20/2009 09:55:28.591] [Notice] [6429072-guiTlsPlug.c:1452] GUITLSPLUG: Destroying guiTlsPlug, cause=10
    [07/20/2009 09:55:28.591] [Notice] [6429072-guiTlsPlug.c:1496] guiTlsPlugDestruct: destruct channel

     

    Can you help me ?

     

    thank you.



  • 2.  RE: Problem to connect the Gui Server
    Best Answer

    Posted 07-20-2009 07:55
      |   view attached

    Below is the procedure to address this issue

     

    1. Patch the GUI Server

    (a) Copy server.pem and root.pem to /usr/netscreen/GuiSvr/var/certDB/TrustedCA. Ensure that the file ownership is nsm.
    (b) Restore these 2 files to the secondary GuiSvr also if installed in HA.
    (c) Restart the GuiSvr and DevSvr processes after this. Restart HaSvr process in a HA setup to restart these 2 servers.

     

    2. Copy keystore.ks and truststore.ts to “NSM_GUI_INSTALLATION/security directory

     

    Thanks,
    Chandra

    Attachment(s)

    zip
    NSM-UI.zip   3 KB 1 version


  • 3.  RE: Problem to connect the Gui Server

    Posted 07-20-2009 17:49

    Here is the KB article:

     

    http://kb.juniper.net/KB14842

     

    There is also a technical bulletin that has been released.  If you are subscribed to the email notifications you will receive them in your email.

     



  • 4.  RE: Problem to connect the Gui Server

    Posted 08-13-2009 07:11

    This issue is resolved in 2008.2r2a which is available for download at http://www.juniper.net/customers/support/

     

    Kind regards

    Colin