cp_system_log problem

[acejavelin]

So I have a system that I was scouring logs trying to figure out who set a remote forward on a phantom number, and in digging through the cp_system_log_(date).txt files, they are all full of the same message just repeated over and over, but no other data:

[2016-09-13 13:53:49 SSL]    SSL Error: (null)
[2016-09-13 13:53:49 CP Master SSL Socket] SSL negotiation failed
[2016-09-13 13:54:24 SSL] SSL_accept() failed - returned -1, error code 1
[2016-09-13 13:54:24 SSL]    SSL Error: (null)
[2016-09-13 13:54:24 CP Master SSL Socket] SSL negotiation failed
[2016-09-13 13:54:59 SSL] SSL_accept() failed - returned -1, error code 1
[2016-09-13 13:54:59 SSL]    SSL Error: (null)
[2016-09-13 13:54:59 CP Master SSL Socket] SSL negotiation failed
[2016-09-13 13:55:34 SSL] SSL_accept() failed - returned -1, error code 1

The SSL cert is not expired and seems to contain the correct data. Do I need to regenerate it or

Rel 6.0SP2

[DND ON]

Any reason to not generate a new certificate? I've never seen this message.

[acejavelin]

Any reason to not generate a new certificate? I've never seen this message.

No... I did already and restarted the webserver, no change.

[Tech Electronics]

Acejavelin,

This might be more of a socket error than an actual SSL certification error from what I am reading.

Can you do a default of the phone system in question and see if it does it with a default DB and then reload the database back in if it is no longer doing it? Basically take the whole thing back to day 1 and see if the problem still exists. I wonder if the system was compromised from an external threat?

Just to let you know I have never seen that error before so my solution may be way off, but it is how I would try and start to solve it.

Thanks,

TE

[acejavelin]

Acejavelin,

This might be more of a socket error than an actual SSL certification error from what I am reading.

Can you do a default of the phone system in question and see if it does it with a default DB and then reload the database back in if it is no longer doing it? Basically take the whole thing back to day 1 and see if the problem still exists. I wonder if the system was compromised from an external threat?

Just to let you know I have never seen that error before so my solution may be way off, but it is how I would try and start to solve it.

Thanks,

TE

Unfortunately I don't think that will be possible... this customer is 2 hours away, has let their software assurance go, and since they don't see a problem in day to day usage won't pay to troubleshoot it further. I did a backup and tested it and it was pretty much clean (a bunch of name issues with / in the name that the new DB test is throwing fits over, otherwise clean) and I can't open a ticket with Mitel so I guess it's just hang on to the database and see what happens for now. Maybe if one of the techs gets down there for a service call or something they can look at it.

And I don't think an external (public) threat is the issue, this system has no port forwarding from the outside world, the only way to get to it is locally or via a VPN connection to the customers network.