%DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer

As a Systems Administrator, I support a few global locations for the organization that I work for. One of my locations has a Cisco 2500 Series Wireless Controller.

Last night while investigating some power related issues, I had reports from users indicating that wireless network wasn’t working.

The end users reported a red light on the Access Point. I connected to the Wireless Controller and started to look around for any abnormalities and see what the log will show.

I noticed that when I connected to the controller, that I didn’t have any access points being detected.

I decided to see what the logs were showing. I clicked on the Management option at the top, expanded Logs, and clicked on Message Logs.

I noticed that my logs showed a bunch of Handshake Failures. I have removed my IPs and replaced them with x.x.x.x. I had many of these entries.

*spamApTask4: Jan 01 12:47:56.843: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask5: Jan 01 12:47:55.919: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask7: Jan 01 12:47:55.915: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask0: Jan 01 12:47:54.995: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask3: Jan 01 12:47:54.750: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask1: Jan 01 12:47:53.758: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x

The first thing that stood out is the date, Jan 01. It was Sept 15th 2023 when I received reports of this issue.

I then decided to go into the Commands option and look at what Set Time has entered.

The time was completely off and this was the cause for the APs to not be able to complete their handshake with the controller.

After setting the local time and timezone, I saved the settings and the configuration so that the next reset, it will boot with the latest changes.

Reviewing the logs again, I now see connectivity entries between the Cisco wireless controller and the Cisco Access Points.

Reviewing the list of Radios being detected, I now see all of my access points listed and functional.

As this wasn’t a complex issue and just required the time to be reconfigured, I wanted to share this solution incase anybody comes across the same problem I have.

QNAP Release Notes

MERRY CHRISTMAS!

I ran into this while logging into my QNAP. The GUI notified me of a new available firmware update.

Often, it’s just a firmware update and there are no selections. This is what I have available.

Right, this is new to me. This is my first time seeing an option for Security Update or Feature Update. Both seem to show the same version and build ID.

Lets see what the security update contains so that I can understand what changes it will perform.

The Realease Notes link points to the following URL:

https://www.qnap.com/en-us/release-notes/qts/5.0.1.2248/20221215?ref=nas_product

This is what we have under security updates:

Jackie Chan Meme by FireFox2014 on DeviantArt

Is that not just too vague? I found it strange and odd. Why even add anything in there if you aren’t going to shed light on what is being changed.

For anybody wondering about the Feature Update, it is listed as:

Not terrible, at least some details.

Anyways, Merry Christmas and Happy New Year!

The trouble with hacks

/rant

I want to rant. I’ve been working as an IT/Sysadmin for about 2 years now and there are two things that I am haunted by.

  1. DNS
  2. Group Policies

Now, I am always learning and I am by no means an expert at windows systems administration. I took on more and more responsibilities that removed me from the ‘IT Support’ role and let me grow into Systems Administration and I continue to learn daily.

Now, not get into specifics, but taking over a AD infrastructure that was neglected by hacks is terrifying. I refer to hacks, as in people that neglect the network, that don’t have a proper vision for documentation and structure and that don’t understand how AD and GPOs work.

Within the IT SysAdmin community “It’s always DNS” is a common phrase and a joke at times. Well god dam, I can’t believe how accurate it is or how powerful DNS is in a network.

You know what irks me? People that use crafty stupid hostnames for critical servers or any server at that. Stupid names such as “Sugar Baby” “Super Man” “Bat Man”, etc… you get the gist.

When you take over a network and have critical servers with stupid naming conventions like that, it can get very easy to shut down the wrong server or make changes because all of the names are so irrelevant. Especially when nothing is documented and you are left to your own to research and investigate carefully.

Not that I’ve had that happen, but I have had a mishap with a DNS record that was named something ridiculous. The server wasn’t even around anymore but a critical server was using that DNS record for a link to an IP in it’s hostfile. Something I never thought to check nor look into.

The other thing that annoys me is the ignorance of not knowing how to properly setup GPO’s and push them out to AD. You do NOT need to enforce everything. Stop doing that. After spending time looking around and cleaning up GPO’s, you wonder what would drive a person to just enforce everything.

Sure, if it’s a critical policy that you want in every OU regardless if it has Inheritance blocking or not but don’t enforce everything just because you are trying to push the policy out faster or believe that it will guarantee that the policy will get to the clients.

I cannot believe that a novice admin is correcting domain wide issue that a senior IT director of many years had made.

I can spend the rest of my afternoon ranting about stuff that I’ve come across but that’s not the point of this post. I wanted to get DNS and GPO’s off my chest only.

I suppose you will find this in any job/career. People that want to take initiative, drive, pride in their work and do the best with what they can. Others will just let things fall into disarray and not bother.

/rant