Securemote Site Creation fails

peter_schumache — Thu, 26 Mar 2020 13:47:26 GMT

I have 2 Check Point 1550 appliances running the latest R80.20.02. Both are configured identically to provide Remote Access VPN for Site1 and Site 2.

On my Windows 10 machine, I have installed Enpoint VPN Client E82.30.

For site 1, the VPN Site can be created without any problems.

For Site 2, the VPN Site creation fails with "Site is not responding".

The trac.log file show the following error sequence: (What is "AuthError_t==3 " below?)

[ 3140 3804][26 Mar 12:06:44][cpwssl] cpWinSSL_fwasync_NegotiateHandler: state_read.
[ 3140 3804][26 Mar 12:06:44][] fwasync_conn_get: get max buffer size (1048576) .
[ 3140 3804][26 Mar 12:06:44][fwasync] fwasync_do_mux_out: 988: rc=1, next: 41b0cf with 1, req: 65536r, 0w
[ 3140 3804][26 Mar 12:06:44][] fwasync_connbuf_realloc: reallocating 0 from 0 to 66560
[ 3140 3804][26 Mar 12:06:44][fwasync] fwasync_do_mux_in: 988: got 0 of 65536 bytes == 65536 bytes required
[ 3140 3804][26 Mar 12:06:44][fwasync] fwasync_do_mux_in: 988: peer closed connection
[ 3140 3804][26 Mar 12:06:44][fwasync] fwasync_end_conn: scheduling the end of connection 988
[ 3140 3804][26 Mar 12:06:44][tevent] T_event_do_del: marking for deletion socket/type: 988/0
[ 3140 3804][26 Mar 12:06:44][tevent] T_event_do_del: marking for deletion socket/type: 988/1
[ 3140 3804][26 Mar 12:06:44][tevent] T_event_do_del: marking for deletion socket/type: 988/0
[ 3140 3804][26 Mar 12:06:44][] T_event_do_del: failed to remove WSAsocket event
[ 3140 3804][26 Mar 12:06:44][tevent] T_event_do_del: marking for deletion socket/type: 988/2
[ 3140 3804][26 Mar 12:06:44][fwasync] fwasync_do_end_conn: closing connection 988 (conn=2fc34f8)
[ 3140 3804][26 Mar 12:06:44][fwasync] fwasync_do_end_conn: Removing connection 988 from proxy's connection store(conn=2fc34f8)
[ 3140 3804][26 Mar 12:06:44][proxy_wrapper] ProxyWrapper::NotifyEndConnection (3): Starting ...
[ 3140 3804][26 Mar 12:06:44][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (1): entering... my_addr:0, my_port:14791, peer_addr:0, peer_port:0
[ 3140 3804][26 Mar 12:06:44][] CFirewallWrapper::RemoveSingleProxyRule (1): ntohl(my_addr),ntohs(my_port),ntohl(peer_addr),ntohs(peer_port) : <0,51001> -> <0,0>
[ 3140 3804][26 Mar 12:06:44][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (2): entering, src_ip_str=0.0.0.0, src_port=51001, dest_ip_str=0.0.0.0, dest_port=0
[ 3140 3804][26 Mar 12:06:44][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (2): Firewall Driver Not Initialized
[ 3140 3804][26 Mar 12:06:44][cpwssl] cpWinSSL_fwasync_end_handler: 0x2FC34F8 ended
[ 3140 3804][26 Mar 12:06:44][cpwssl] cpWinSSL_fwasync_connected: SSL failure: not initialized.
[ 3140 3804][26 Mar 12:06:44][cpwssl] cpWinSSL_fwasync_close: closing - conn - 0x2fc34f8
[ 3140 3804][26 Mar 12:06:44][] fwasync_close: close(988): Unknown Winsock error (10038)
[ 3140 3804][26 Mar 12:06:44][talkssl] talkssl::end_handler: ending connection
[ 3140 3804][26 Mar 12:06:44][talkhttps] ATalkHttps::ssl_failure_cb: SSL ended. err=1
[ 3140 3804][26 Mar 12:06:44][talkhttps] ResetRcvBuffer: data 00000000 size 0 free_buffer=1.
[ 3140 3804][26 Mar 12:06:44][TalkCCC] talkccc::EndEv: got disconnected with AuthError_t==3.
[ 3140 3804][26 Mar 12:06:44][TalkCCC] talkccc::EndEv: connection status 1
[ 3140 3804][26 Mar 12:06:44][TalkCCC] talkccc::EndEv: Failed to connect - AuthError_t==3
[ 3140 3804][26 Mar 12:06:44][TalkCCC] talkccc::EndEv: event callback is registered. Notifying it
[ 3140 3804][26 Mar 12:06:44][TR_FLOW_STEP] TR_FLOW_STEP::TrSiteCreationStep::AuthFailureEv: entering...
[ 3140 3804][26 Mar 12:06:44][TR_CONN_MANAGER] TrConnManager::GetSCUIAPIMode: mbSCUIAPIMode is 0
[ 3140 3804][26 Mar 12:06:44][String] String::String::Translate: String with id 28 has been translated to string: Site is not responding
[ 3140 3804][26 Mar 12:06:44][TR_FLOW_STEP] TR_FLOW_STEP::TrSiteCreationStep::Notify: Failed to receive hello reply
[ 3140 3804][26 Mar 12:06:44][auth_server] AAuthServer::Stop Stopping Authentication
[ 3140 3804][26 Mar 12:06:44][talkhttps] ATalkHttps::CloseConn: Close SSL conn: 0 State 0x6 Reason: Termination.
[ 3140 3804][26 Mar 12:06:44][talkssl] talkssl::disconnect: called
[ 3140 3804][26 Mar 12:06:44][talkssl] talkssl::disconnect: Cancel proxy wrapper connect

Re: Securemote Site Creation fails

PhoneBoy — Fri, 27 Mar 2020 03:44:02 GMT

A packet trace might provide some clue.
But it might also be worth getting the TAC involved.

Re: Securemote Site Creation fails

peter_schumache — Fri, 27 Mar 2020 08:26:25 GMT

The problem is solved. For reasons we can't find yet, the 1550 gateway had a wrong SIC certificate (wrong name).

After creating a new cert for the gateway, Site creation runs smoothly.

Lesson learned: AuthError_t==3 means (or can mean) wrong gateway certificate

topic Securemote Site Creation fails in SASE and Remote Access

Securemote Site Creation fails

Re: Securemote Site Creation fails

Re: Securemote Site Creation fails