cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 5

ENS 10.7, ATP Module, GTI, ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019, gti_error.log

* Windows 10 1709/1909 ENT, German

* ENS 10.7, ATP Module, NO TIE Server just GTI.

customers has Webgateway in Place, Laptops, All needed GTI, Cert URL FDQN to WAN from client open. All IP-ranges and VLAN from Mcafee Services open to WAN. (DNS working for GTI lookup). All related KB for GTI also new ones integrated.

Question: All clients show these GTI Logs. What do they mean?

Please in details state the error:  ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019. You mention other error but we do not find any information about the specific:

"ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019"

Failed to send HTTP request. Error=12029 (Data Channel tasks fail) (mcafee.com)

https://kc.mcafee.com/corporate/index?page=content&id=KB91513&locale=en_US

 

Keep in mind that those are laptop in different VLAN segments, in docking, WIFI, Home Office, customer site WIFI etc.

03/25/21 12:48:04 [E] [0x1c4] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019

03/24/21 9:34:21 [E] [0x34a0] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/24/21 9:34:21 [E] [0x34a0] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/24/21 9:34:21 [E] [0x34a0] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/24/21 9:34:21 [E] [0x3e84] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/24/21 9:34:21 [E] [0x3e84] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/24/21 9:34:21 [E] [0x3e84] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/24/21 9:34:21 [E] [0x1c4] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/24/21 9:34:21 [E] [0x1c4] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/24/21 9:34:21 [E] [0x1c4] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/25/21 7:31:02 [E] [0x1c4] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/25/21 7:31:02 [E] [0x1c4] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/25/21 7:31:02 [E] [0x1c4] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/25/21 7:31:02 [E] [0x34a0] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/25/21 7:31:02 [E] [0x34a0] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/25/21 7:31:02 [E] [0x34a0] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/25/21 7:31:02 [E] [0x3e84] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/25/21 7:31:02 [E] [0x3e84] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/25/21 7:31:02 [E] [0x3e84] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/25/21 12:48:04 [E] [0x1c4] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/25/21 12:48:04 [E] [0x1c4] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/25/21 12:48:04 [E] [0x1c4] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/25/21 12:48:04 [E] [0x34a0] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/25/21 12:48:04 [E] [0x34a0] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/25/21 12:48:04 [E] [0x34a0] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/25/21 12:48:04 [E] [0x3e84] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007
03/25/21 12:48:04 [E] [0x3e84] HttpRequest::ValidateServerCert: Unable to get certificate context from request. Error: ERROR_WINHTTP_INCORRECT_HANDLE_STATE
03/25/21 12:48:04 [E] [0x3e84] HttpRequest::AcceptResponse: HttpRequest::AcceptResponse WinHttpReceiveResponse result ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019
03/26/21 7:31:32 [E] [0x1c4] HttpRequest::Send: HttpRequest::Send WinHttpSendRequest result ERROR_WINHTTP_NAME_NOT_RESOLVED 12007

 

4 Replies
sbluemel
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: ENS 10.7, ATP Module, GTI, ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019, gti_error.log

Hello Bretzeli,

Please start with a general test based on

https://kc.mcafee.com/corporate/index?page=content&id=KB53733

Most of the GTI services are based on port 443 and can be proxied. In environments where connections are proxied, lookups via port 53 (for file reputation) might fail because the proxy server can't correctly impersonate this DNS-like traffic (Artemis protocol):

https://kb.mcafee.com/corporate/index?page=content&id=KB93324

Make sure the clients are able to reach these destinations as well.

The logs indicate a proxy certificate issue. Make sure you have configured the MWG using the McAfee maintained lists allowing access to the GTI/Real Protect destinations from KB prior SSL Scanning:

https://kb.mcafee.com/corporate/index?page=content&id=KB93324

https://kc.mcafee.com/corporate/index?page=content&id=KB79640

 

SSL Scanner will intercept the traffic and cause a connection error. If this doesn't work please submit a Service Request.

 

Thank you!

Stefan

 

bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: ENS 10.7, ATP Module, GTI, ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019, gti_error.log

 

Hello,

Thank you for the answers and taking to do so. What we don't understand. Customer has:

To keep it simply we choose a Desktop modell not laptop with different VLAN and Home office:

* Endppoint have USERTRUST Cert on it

* DESKTOP CLIENT > ENS > POLICY "NO PROXY" (So we asume nothing goes to Webgateway)

* DNS all setup correct > GTI test well and DNS cache show querys

* Webgateway in PLACE but as mentioned all traffic "system account" from OS goes direct to Firewall Fortigates where we a) Block all b) have all important FDQN, Service Per Fortiguard, Certificates, Cert Revocation open. And we monitor that traffic for DENY related to Mcafee Services or IP.

Question:

When the options as shown below is activated WHY does any of the Mcafee Products would send traffic to the Webgateway. And in Webgateway side we don't need it open (Because no Proxy) but is it not in such a way that ALL Mcafee related/IP are automatic not SSL-Broken out of the box (Would be smart not?) Since Mcafee does know its' like that and has the Ranges why would they brake it a Webgateway? (I don't want to guess [because the two departments don't talk to each other?])

Ayn help welcome without openining a ticket because we see such errors also at other customers which have direct WAN access (Small Business) with 5 ENS licences.

 

I am sure all can proft if we solve this here. Since everybody will have go to ENS and a lot of people will ask (ESP from Server TEams where ENS will be installed.)

Greetings from Switzerland

 

 

 

 

 

FORUM ADMIN:

Anyone ABLE to post a screenshot | IMAGE?

We even posted a PNG/JPG on our Server and in the preview of the posting it was there but afterwards not. Does the forum software copy the image from a source?

 

 

sbluemel
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: ENS 10.7, ATP Module, GTI, ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019, gti_error.log

Hello Bretzeli,

The message indicates the traffic is intercepted. Please check your firewall for content inspection/SSL inspection. This is not supported for GTI since this traffic proprietary, embedded in HTTPS, and will break if intercepted. 

Web Gateway was a suggestion based on the initial post. The Web Gateway offers rules and lists for implementation containing these IPs and URLs. The KB was just for your notes or additional products. 

We need a service request since log files (MER) and tcpdumps should not been shared on this platform for further research.

 

Thanks!

 

bretzeli
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: ENS 10.7, ATP Module, GTI, ERROR_WINHTTP_INCORRECT_HANDLE_STATE 12019, gti_error.log

Hello,

 

I think we will wait a few days UNTIL we on our side investigate this further right? Could be also on Mcafee WAN side that something was in timeout?

SNS Alert:

Users of Endpoint Security Adaptive Threat Protection may have noticed an increase in the number of monitored processes and an increase in network traffic handling those queries following the throttled release of V3 DAT 4433 content changes on May 11, 2021.

To normalize that volume for our customers and ensure stability of our cloud backend, McAfee will be restoring the previous field versions of the ATP Rule Content, Secure Container, and Real Protect Engine.

Current In Field Re-Releasing today
Secure Container 2066/3003 2065/3002
ATP Rule Content 1508 1496
Real Protect Engine 1.1.0.8370 1.1.0.8209

An SNS email will be sent when newly updated ATP Rule, Secure Container, and Real Protect engine versions are ready to re-release.

 

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community