• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

Source IP address

ivandem

ADSM.ORG Member
#1
Hi Folks,

I've got an SSL error coming through my TSM server...

ANR8583E An SSL socket-initialization error occurred on session 209186. The GSKit return code is 420. (SESSION: 209186)

This error occurs every 20 minutes; all day, every day. All clients are connecting with no issues. I think it's the firewall (Fortigate) just doing a check on the SSL port to ensure it's up (btw, all clients are external) but my firewall guys can't confirm this. Can turning on verbose logging in TSM tell me the source IP address even tough there is no node associated? And is so, what is the line to insert in dsm.opt. At least then I'd know if it's internal or external.

Thanks

John
 

ivandem

ADSM.ORG Member
#3
Thanks for the reply, but it's not an SSL error, at least not directly.

Every client is successfully connected VIA SSL with 0 issues.

Under normal circumstances there would be an IP address listed, and for the client connections there is. However, I think because the connection is never really established, it's not noting the address in the actlog; Hence the need for more verbose logging.
 

marclant

ADSM.ORG Moderator
#4
The instructions for tracing are here:
http://www-01.ibm.com/support/knowl...ot.doc/t_pdg_enbltrcsrvrstgagent.html?lang=en

The list of trace classes you can use are here:
http://www-01.ibm.com/support/knowl...ot.doc/t_pdg_enbltrcsrvrstgagent.html?lang=en

Probably need TCP and SSLINFO. Don't use too many trace classes, the output will get large quick.

You may still need IP tracing outside of TSM, if like you say, the connection is not establish, so it's possible the OS never pass the IP to the application.
 

moon-buddy

ADSM.ORG Moderator
#6
For "ANR8583E An SSL socket-initialization error occurred on session 209186. The GSKit return code is 420. (SESSION: 209186)" does the SESSION number change every time the error pops up?
 

moon-buddy

ADSM.ORG Moderator
#8
Is the session number identified (or, can be identified) to a certain node?

If not, then it seems that somehow another device that is not SSL complaint with TSM is trying to access the TSM server.

I doubt if the firewall is doing this.
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 9 20.5%
  • Keep using TSM for Spectrum Protect.

    Votes: 23 52.3%
  • Let's be formal and just say Spectrum Protect

    Votes: 8 18.2%
  • Other (please comement)

    Votes: 4 9.1%

Forum statistics

Threads
31,055
Messages
132,235
Members
21,274
Latest member
ctauber
Top