Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
message string data: Function: CNetEnvironment::TestAccessToSG
Invoked Function: CCertHelper::VerifyServerCertificate
Return Code: -31326190 (0xFE220012)
server name: 220.127.116.11
|English: Request a translation of the event description in plain English.|
This type of message is recorded by the Cisco VPN client. In the event description it will record they error codes that it has encountered at that specific time. There are many potential errors with the same event id (event id 2) so the troubleshooting should concentrate on the error description recorded in the event. For example, in the example above, the error description is: CERTIFICATE_ERROR_VERIFY_CHAIN_POLICY_FAILED_ASKUSER.
Searching for this error code, we found this information in a Cisco support forum:
"The default rekey lifetime is 30 minutes so if you are seeing it happen every 5 minutes, you may want to double check the "svc rekey time" configuration under the respective group policy. I did run into a similar issue with another customer which wound up being related to DNS. In that case, the CN and subject names of the certificate were configured to use FQDN which was only resolvable via public DNS servers. AnyConnect, however, was configured to send all DNS requests over the SSL tunnel. The resolution requests were being sent to a DNS server that could not resolve so the rekey process hung. Once the active tunnel was torn down, the FQDN in the certification could now be resolved by the DNS server on the physical interface allowing the new connection to establish. Configuring Split DNS resolved the issue for this particular customer. You may look into your configuration to see if this applies."
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated