8 Replies Latest reply: Dec 14, 2014 2:28 AM by mhdshahidkt RSS

    NSM 7.5.5.10 - Error loading Real Threat Analyzer

    lubomir.cerny

      Hello.

      We upgraded NSM from 7.5.5.7 to 7.5.5.10 and now I can not load anyThreat Analyzer java module (realitime nor historical)

      Java Network loader displays:

       

      javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name

          at sun.security.ssl.ClientHandshaker.handshakeAlert(Unknown Source)

          at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)

          at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

          at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

          at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

          at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

          at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)

          at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)

          at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

          at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)

          at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)

          at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)

          at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)

          at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source)

          at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)

          at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)

          at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)

          at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)

          at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)

          at java.util.concurrent.FutureTask.run(Unknown Source)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

          at java.lang.Thread.run(Unknown Source)

       

      Anyone also have same troubles ? Any idea to solve this ?

      Java version 1.7 67 on Windows 7 32 bit.

        • 1. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
          MrE

          I experienced the same issue after our upgrade.  We access our manager software through the web portal on our workstations, connecting to our manager by FQDN.  One thing I noticed is that the certificate delivered by the NSM web server identifies only the <machine name>, not a FQDN like I would expect.  I attempted to connect using IP address, not FQDN, and all broken modules worked for me.

           

          I currently have a ticket open with McAfee attempting to resolve this.  I am in the process of installing Java runtime on my server to help verify that Java does not trust the certificate and thus breaks the modules.  I would be interested if using IP vs. FQDN has the same effect for anyone else.

           

          Java 1.7 67 Windows 7 64 bit.

          • 2. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
            lubomir.cerny

            Hi MrE.

            Thanks. I can confirm, that using only IP address is workarround and all Treat analysers are OK.

             

            But I also used our internal https certificate with FQDN for long time and Treat analysers worked ok before upgrading to 7.5.5.10.

            After upgrade, the SSL certificate is still on place and works OK, only Java Treat analysers can not be downloaded to admin workostation.

            • 3. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
              hirenbhakta

              Hello MrE,

               

              Can you inform your ticket number so i can follow up on resolution. I have another customer that is having same issue.

               

              Regards,

              HB

              • 4. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
                forbin

                I'm having the same issue.  Any resolution on this one?

                • 5. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
                  lubomir.cerny

                  Hi forbin.

                  One NSM management via IP address URL. This works.

                   

                  I tried the same with NSM 8.1.7.12 and with Java1.8.25 on Win7 32 bit and the issue is still there:

                   

                  So seems we need to use IP address URL as https://<IP address>:443/intrvert/webstart

                   

                  <jnlp spec="1.0+" codebase="https://ips-mgmt.ug.cz:443/intruvert/webStart/">

                    <information>

                      <title>Threat Analyzer</title>

                      <vendor>McAfee, Inc.</vendor>

                      <homepage href="www.mcafee.com"/>

                      <description>Network Security Manager Threat Analyzer</description>

                    </information>

                    <security>

                      <all-permissions/>

                    </security>

                    <resources>

                      <j2se version="1.4.2+" href="http://java.sun.com/products/autodl/j2se" initial-heap-size="64m" max-heap-size="1024m"/>

                      <jar href="Common/guic-av.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="AlertViewer/acm-structure.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184 "/>

                      <jar href="AlertViewer/acm.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="AlertViewer/acmConfig.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/guic-common.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/ivepo.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/ivfoundstone.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/ivnba.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/iText-2.1.4.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/iTextAsian.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/log4j-1.2.16.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/ivutilappsigned.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/kcServlet.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/jfreechart-1.0.13.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184" />

                      <jar href="Common/jcommon-1.0.16.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/swing-layout-1.0.2.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184 "/>

                      <jar href="Common/acm-nio.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/acm-protocolmgmt.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/ >

                      <jar href="Common/jgraph.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A184"/>

                      <jar href="Common/uiAppletCommonSigned.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A1 84"/>

                      <jar href="Common/virtualization-common.jar;jsessionid=9F40AAF6505250E790FFBC72ABA2A 184"/>

                    </resources>

                    <application-desc main-class="com.intruvert.acm.ui.test.AlertViewer">

                      <argument>ips-mgmt.ug.cz</argument>

                      <argument>8555</argument>

                      <argument>b2980a625df72ad321cec9d31a77124aa83de9f7aab13842a1d068349acde6</argum ent>

                      <argument>443</argument>

                      <argument>false</argument>

                      <argument>realtime</argument>

                      <argument>Lubomir Cerny</argument>

                      <argument>/intruvert/8.1.7.12/WebHelp/en</argument>

                      <argument>101</argument>

                      <argument>9F40AAF6505250E790FFBC72ABA2A184</argument>

                      <argument>1,4,</argument>

                      <argument>false</argument>

                      <argument>true</argument>

                      <argument>5.1.10.8</argument>

                      <argument>20</argument>

                      <argument>0,</argument>

                      <argument>801071200</argument>

                      <argument>false</argument>

                      <argument>true</argument>

                      <argument>0</argument>

                      <argument>en_US</argument>

                      <argument>true</argument>

                      <argument>null</argument>

                      <argument>false</argument>

                      <argument>true</argument>

                      <argument>1000</argument>

                    </application-desc>

                  </jnlp>

                  • 6. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
                    forbin

                    Yeah, I followed the workaround by using ip and the error message doesn't exist anymore, however, now threat analyzer doesn't even start.  I'm able to enter my constrains, but after hitting "OK" the analyzer doesn't load at all.  I did some research and apparently there is a hotfix for this released as 7.5.5.10.6, but you need to contact support to obtain the fix.  I'm in the process of receiving it so I'll post the results after it's applied.

                    • 7. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
                      forbin

                      Just to clarify, 7.5.5.10.7 is the hotfix I received by tier3.  However, this only addresses java not loading after you enter your constraints, which you still have to use the ip address to get it to load in the first place.  Support stated the issue with the certificate mismatch/java requiring you to use the ip address will be addressed in the next maintenance release. 

                      • 8. Re: NSM 7.5.5.10 - Error loading Real Threat Analyzer
                        mhdshahidkt

                        Yes i solved this issue. This was due to the Java SSL issue.  Select Java in Control panel --> Advanced --> select Use SSL 2.0 compatible client hello format

                        fix java issue.png