Employee
•
547 Messages
SSL negotiation failed (error 243)
by fischest » Tue Mar 15, 2011 1:54 pm
Hello, I am at a client site where I have to connect through a proxy. This proxy as observed seems to terminate SSL connections and I have to manually install a trusted authority certificate in my browser. For the Global Network Client I need a solution how to connect through this proxy. Is it possible to install a trusted authority anywhere?
Kind regards,
Steffen
Kind regards,
Steffen
*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Accepted Solution
DBear11
Employee
•
587 Messages
11 years ago
We see the following error in the log:
NetClient +I 01/22 21:44:32.456 0DB8: Progress: Login to VPN server 213.236.92.144 (error !Error 243 SSL protocol negotiation failed. (243))
NetClient +I 01/22 21:44:32.456 0DB8: 'LogonToIPSecTunnelServer' failed.
NetClient +I 01/22 21:44:32.456 0DB8: An unexpected error occurred in state 'AuthenticatingTunnel'. Please try again. If the problem persists contact customer support.
NetClient +I 01/22 21:44:32.456 0DB8: Disconnect because of FSM error.
NetClient +I 01/22 21:44:32.456 0DB8: !Error 243 SSL protocol negotiation failed.
You are trying to connect SSL to 213.236.92.144. This endpoint does not have sSL enabled so you will fail with error 243.
The log shows that you attempt to connect using IPSec first but fail with error 229 then it attempts SSL.
NetClient +I 01/22 21:44:27.246 0DB8: Progress: Login to VPN server 213.236.92.144 (error The connection timed out waiting for the VPN server to respond. This can occur if your c
omputer is behind a firewall that does not permit UDP or IPSec traffic. Contact your local network administrator for assistance. (229) (229))
NetClient +I 01/22 21:44:27.246 0DB8: Do 'HandleLoginError' (no result required)...
NetClient +I 01/22 21:44:27.246 0DB8: Login error 229 was returned 'The connection timed out waiting for the VPN server to respond. This can occur if your computer is behind a fi
rewall that does not permit UDP or IPSec traffic. Contact your local network administrator for assistance. (229)'.
Where are you connecting from when you receive error 229? Does this location block IPSEc connections? If you are connecting from a location that does not allow IPSec connections and you need to connect SSL, please contact the CPOC (Customer Point of Contact) for your account and request SSL to be enabled.
Here are some things you can try to troubleshoot error 229:
1. Open the AT&T Global Network Client, select Settings and then Login Properties. Then select Preferences and check Override Defaults. Scroll down to VPN Details and check
Use ephemeral Source Ports for IPSEC and test the connection again.
2. Review Appendix C: Third-Party Firewall Support from the Admin guide
http://www.corp.att.com/agnc/windows/documentation/adminguide.pdf
0
NancyKnows
Employee
•
547 Messages
13 years ago
by PeterD » Tue Mar 29, 2011 5:27 am
There are two prequisites to get a SSL connection up and running.
A valid and trusted root certificate in your Windows Certificate Storage.
Port 443 can be used through a firewall or a proxy.
Also, there is an option named "Use SSL Tunneling when a proxy is detected" which should be activated, similar to the option "Use SSL Tunneling when an IPSec Tunnel cannot be established".
But this should be an unusual scenario creating a VPN connection through a http/https-Proxy.
0
0
gersonjohan
Contributor
•
1 Message
12 years ago
Hi
I'm getting the saeme error.
I use the AT&T Global Network Client to connect to a VPN "Managed VPN - SSL DualAccess." When I connect in a network without proxy, everything works fine, but when I connect through a proxy, I get the errror "SSL negotiation failed (error 243)".
I'll be very grateful if you have the solution to this problem.
Thanks,
Gerson Samaniego
0
0
sriram_chary
Contributor
•
3 Messages
11 years ago
Hello,
I have the same issue.
I was in Windows XP and I was able to connect through AT&T and through my client proxy.
But, now I have moved to Windows 7 and I only get 'ERROR 243 SSL protocol negotiation failed'.
And, if I connect through Data card, it works fine.
Kindly help me.
Thanks in advance,
Sriram
0
0
DBear11
Employee
•
587 Messages
11 years ago
Please recreate the error and then click Help and create support log. Please attach the full zip file to this post for review.
Thank you.
0
0
dwljansen
Contributor
•
1 Message
11 years ago
Hello,
I also receive the same message related tot the SSL Error when i try to connect to the network at my office when I'm at home. Previously i was able to connect to the network when I was working on an XP machine. Nowadays I'm using an Windows 7 computer.
1 Attachment
AgnLog Jan 22 214512 2013.zip
0
0
DBear11
Employee
•
587 Messages
11 years ago
We have received your update and we are investigating.
AT&T ticket 164498157 is tracking this issue.
Thank you.
0
0
manisati
Tutor
•
5 Messages
11 years ago
Hi,
I am also facing the same problem. Was an answer/workaround identified for the issue? If required, I can share the logs for my error.
Thanks,
0
0
DBear11
Employee
•
587 Messages
11 years ago
Please attach the support logs to this post.
Open the AT&T Global Network Client, click on Help and Create Support Log. Please attach the full zip file.
Thank you.
0
0
manisati
Tutor
•
5 Messages
11 years ago
Hi
As suggested, please find attached the log.
Thanks,
1 Attachment
Support.zip
0
0
Anonymous
New Member
•
98 Messages
11 years ago
Hi
I am also getting similar error message .. it used work fine when I was in XP .. recently moved to Win 7 and not able to connect over Wifi.
Appreciate your help.
Attached is the support log
Thanks
Jay
1 Attachment
Support.zip
0
0
manisati
Tutor
•
5 Messages
11 years ago
Hi,
Providing updated log with some changes to settings. Same error.
Thanks,
1 Attachment
Support.zip
0
0
manisati
Tutor
•
5 Messages
11 years ago
DBear wrote:
Please attach the support logs to this post.
Open the AT&T Global Network Client, click on Help and Create Support Log. Please attach the full zip file.
Thank you.
0
0
DBear11
Employee
•
587 Messages
11 years ago
Manisati,
The logs shows you are connecting through a proxy:
existing Internet connection (through proxy)
I see the following error in the logs:
Error 247 SSL negotiation failed because of invalid proxy credentials
Are you able to connect SSL from a different location? Can you test SSL from home and confirm that it is working?
Has this ever worked at this location? through this proxy?
Does the proxy allow SSL connections?
You may need to contact he Proxy owner and ask them to check your session.
0
0
manisati
Tutor
•
5 Messages
11 years ago
Hi
To answer your queries,
Yes, it works at this location, through this proxy. on my collegue's machine.. Only difference is, his is winxp and mine is win 7 OS.
So Problem is Win 7 specific.
I am not sure if you are even going through the context.. Everyone is complaining that problem being faced is on Win 7. Please respond ASAP.
Thanks.
0
0