NetWorker: SSL_ERROR_SYSCALL after updating sslEnabledProtocols to TLS 1.3
Summary:
NetWorker Management Console (NMC) authentication fails with OpenSSL SSL_connect:SSL_ERROR_SYSCALL in connection to :9090 after updating sslEnabledProtocols in
server.xml to TLS 1.3.
...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
- The NetWorker authentication server was modified to harden its SSL protocols to only TLSv1.3.
- After this change, authentication attempts in the NMC fail:
.
- The following errors can be observed in the NMC server's gstd.raw log file.
- Linux: /opt/lgtonmc/logs/gstd.raw
- Windows: C:\Program Files\EMC NetWorker\Management\GST\logs\gstd.raw
- NetWorker: How to use nsr_render_log to render .raw log files
gstd Unable to fetch authentication server information [SSL connection timeout] gstd Unable to bootstrap external role attribute of Console Security Administrator role. gstd Unable to get token for service account of NMC server from authentication service. Authentication service account name or password not specified gstd Unable to login, verify that the authentication service on <NetWorker server> is running: [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to <NetWorker server>:9090 Server Message : Make sure that server is running]
- Error from the NetWorker authentication server's localhost_access_log:
- Linux: /nsr/authc/logs/localhost_access_log
- Windows:
< IP address >- - < timestamp> "-" 400 - < IP address >- - < timestamp> "-" 400 - < IP address >- - < timestamp> "-" 400 -
Cause
The NetWorker authentication server's server.xml file has sslEnabledProtocols="TLSv1.3"
-
- Windows: C:\Program Files\EMC NetWorker\nsr\authc-server \tomcat\conf\server.xml
- Linux: /nsr/authc/conf/server.xml
TLS version 1.3 is not yet qualified on NetWorker.
Resolution
The default TLS version supported on NetWorker is TLS 1.2. It is recommended to continue using TLS 1.2.
- On the NetWorker server, stop the NetWorker server services.
-
- Linux:
nsr_shutdown
- Windows:
net stop nsrd
- Linux:
- Edit the server.xml file with a text editor. The location of the file differs on Windows and Linux
-
- Windows: C:\Program Files\EMC NetWorker\nsr\authc-server \tomcat\conf\server.xml
- Linux: /nsr/authc/conf/server.xml
- Search for the string sslEnabledProtocols under Connector port = 9090.
- Set the sslEnableProtocols value to TLSv1.2
sslEnabledProtocols="TLSv1.2,"
- Save the file.
- Start NetWorker server services.
-
- Linux:
systemctl start networker
- Windows:
net start nsrd
- Linux:
Article Properties
Article Number: 000284795
Article Type: Solution
Last Modified: 14 Feb 2025
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.