%DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer

As a Systems Administrator, I support a few global locations for the organization that I work for. One of my locations has a Cisco 2500 Series Wireless Controller.

Last night while investigating some power related issues, I had reports from users indicating that wireless network wasn’t working.

The end users reported a red light on the Access Point. I connected to the Wireless Controller and started to look around for any abnormalities and see what the log will show.

I noticed that when I connected to the controller, that I didn’t have any access points being detected.

I decided to see what the logs were showing. I clicked on the Management option at the top, expanded Logs, and clicked on Message Logs.

I noticed that my logs showed a bunch of Handshake Failures. I have removed my IPs and replaced them with x.x.x.x. I had many of these entries.

*spamApTask4: Jan 01 12:47:56.843: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask5: Jan 01 12:47:55.919: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask7: Jan 01 12:47:55.915: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask0: Jan 01 12:47:54.995: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask3: Jan 01 12:47:54.750: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x
*spamApTask1: Jan 01 12:47:53.758: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:860 Failed to complete DTLS handshake with peer x.x.x.x

The first thing that stood out is the date, Jan 01. It was Sept 15th 2023 when I received reports of this issue.

I then decided to go into the Commands option and look at what Set Time has entered.

The time was completely off and this was the cause for the APs to not be able to complete their handshake with the controller.

After setting the local time and timezone, I saved the settings and the configuration so that the next reset, it will boot with the latest changes.

Reviewing the logs again, I now see connectivity entries between the Cisco wireless controller and the Cisco Access Points.

Reviewing the list of Radios being detected, I now see all of my access points listed and functional.

As this wasn’t a complex issue and just required the time to be reconfigured, I wanted to share this solution incase anybody comes across the same problem I have.

HP Ml150 G6 – My first datastore

I don’t spend the amount of time on my home server as I’d like to. After a long day of sitting at my desk at work, dealing with production servers and everything super sensitive, I try to unwind a bit and work at a slow pace. My slow pace this week is my esx datastore.

I’ve spent the past couple of days thinking about how I want to setup the datastore that will contain my virtual machines. Initially I had the HP P410 RAID controller connected to two, WD Green drives in a RAID-o array. I was satisfied with that at first because the drives will run at SATA 2 speeds and hopefully RAID-0 will improve the performance ever so slightly.

Then I got thinking, my goal is to setup a ‘corporate’ environment at home. Multiple domain controllers, WSUS, Sophos Firewall, play with SNMP and PRTG monitoring but that made me realize that I don’t want to build a large environment that will go to waste if one drive was to fail. My ultimate goal is to move onto SSDs and use a more complex raid (RAID 6 or 10) for this server, but that’s down the line when I free up funds and more resources.

Last night, I decided to delete the RAID-0 array, pull out the WD Green drives and install two new-to-me 1TB SAS drives and proper cabling (Mini SAS SFF-8087 to SFF-8482+15P). I briefly talked about the cabling in this previous post.

I purchased a few SAS drives from ebay, not knowing exactly which one would be compatible with the HP P410 raid controller. Most of what I can find on the internet, points to the HP P410 controller not being picky with the brand of drives.

Initially I installed a two Seagate 1TB SAS ST1000NM0045 drives but the RAID utility would not want to see the drives. Thinking it’s the cable, I replaced it with a spare but the outcome was still the same. I did a bit of searching around and found a discussion on serverfault.com, regarding HP Proliant not recognizing EMC SAS drives. One user points out that some drives can be formatted in 520-byte sectors vs 512-byte sectors that you would normally get on normal PC/server class drives.

I haven’t tested that theory but I will. With that said, I decided to install two other drives, which surprisingly worked right away.

The drives that are functioning fine with the HP P410 raid controller are:

  • Dell Enterprise Plus MK1001TRKB
  • Seagate Constellation ES.3 ST1000NM0023

Now that I have two drive’s in a RAID-1 array, I loaded into VMware ESXi and proceeded to add a the new VMFS datastore. Adding the datastore gave me some issues, which I’ve documented here.

I have in my possession two SAMSUNG Data Center Series SV843 2.5″ 960GB drives that I purchased about 2 years ago from newegg for a fantastic price. I’ve toyed with using them in this build, but the SSD drives would only work at SATA 2 speeds. Maybe I’ll use them to house my personal data, but I should purchase a few more to do RAID-6 or RAID 1+0.

Regardless of my direction, I am still working out the kinks in my homelab environment.

Ideally, I’d like to find a cheap or reasonably priced NAS that has iSCSI ports. I then would be able create two datastores on the NAS, one for extended VM storage if required and the other for user data.

Thanks for reading.