TommyB Super Contributor.
Super Contributor.
666 views

Debug Log messages

Jump to solution

Hello all, We recently discovered in our debug log, the following messages:

2018-09-17 13:29:13.173 INET.11528.0 ["/inet/inet_util.c $Rev: 62619 $ $Date:: 2018-05-10 10:00:31 ":2589] A.10.03 b182
[RxGetThumbprint] Encryption status unknown for host 111.197.142.221

2018-09-17 14:47:59.754 INET.12805.0 ["/inet/inet_util.c $Rev: 62619 $ $Date:: 2018-05-10 10:00:31 ":2589] A.10.03 b182
[RxGetThumbprint] Encryption status unknown for host 50.red-5-205-113.dynamicip.rima-tde.net

They are occuring randomly and from different IP's and domains. anyone have ideas? We have searched our firewall and IDS logs and do not see these addresses at all. The server is internal and has a 10.n.n.n address and not accessable from internet

I forgot to add This is an HPUX 11.31 server running DP1.04.

Thanks,

Tommy

0 Likes
1 Solution

Accepted Solutions
TommyB Super Contributor.
Super Contributor.

Re: Debug Log messages

Jump to solution

Thanks for the comments and suggestion . We decided to change the INET port from 5555 to 5565. We could not identify where the "hole" was that allowed the foreign addresses in. It appears that 5555 exploit is an older weakness that is still being attempted. Since I changed to the 5565 port, I have had NO attempts. Previously would have had 20 or more in a day.

I do not have a real solution to this, but I am marking it solved by changing ports.

I still feel insecure in my network, but at least there are fewer attempts at my Cell manager.

0 Likes
9 Replies
Micro Focus Expert
Micro Focus Expert

Re: Debug Log messages

Jump to solution

Try to reconfigure secure comm between both servers: 

  • On CM: 

omnicc -secure_comm -reconfigure_peer clientname

  • On client:

omnicc -secure_comm -reconfigure_peer CMname

Also, try to add the information for each server on hosts file, like this: 

IP       FQDN       ShortName

Regards,

Andres Fallas Salazar
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a LIKE by clicking on the bottom at the left of the post and show your appreciation.
0 Likes
TommyB Super Contributor.
Super Contributor.

Re: Debug Log messages

Jump to solution

Thank you Andres, I have done that. I have been working wth support about losing the secure comm between certain clients. These showed up during the investigation process.

Tommy

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Debug Log messages

Jump to solution

This is excellent. Please mark this question as solved. 

Regards, 

Andres Fallas Salazar
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a LIKE by clicking on the bottom at the left of the post and show your appreciation.
0 Likes
TommyB Super Contributor.
Super Contributor.

Re: Debug Log messages

Jump to solution

Thank you Andres, The problem is not solved, I affirmed that I was doing what you suggested, but the log entries are still occuring.

I am still wanting to know how or why I am getting these messages..

Tommy

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Debug Log messages

Jump to solution

I understand and sorry for the confusion. 

If you try to reach these addresses, do you receive an answer?

Andres Fallas Salazar
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a LIKE by clicking on the bottom at the left of the post and show your appreciation.
0 Likes
TommyB Super Contributor.
Super Contributor.

Re: Debug Log messages

Jump to solution

Hello Andres, I have not attempted to connect with any of the addresse. Some of the domain names resolve as suspicious and from obscure locations. In my opinion, I should not be seeing any addresses outside of my environment.

Tmmy

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Debug Log messages

Jump to solution

I could think that this is a problem with the resolution or even, telemetry. 

I will suggest continuing in the support ticket and we could check more. 

If you want, you can send me via private message the case ID and also, could be useful the hosts file. 

Andres Fallas Salazar
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a LIKE by clicking on the bottom at the left of the post and show your appreciation.
0 Likes
Roland Wilder Regular Contributor.
Regular Contributor.

Re: Debug Log messages

Jump to solution

I have a customer with the same issue, a lot of IP Addresses from around the world are in his debug.log. I looked them up and they are largely from Telecom Companies.  DP 10.04

This IP is from Israel

[RxGetThumbprint] Encryption status unknown for host 84.95.210.71.forward.012.net.il

Please post if you find anything or have a revelation.

Thanks!!

Roland Wilder

 

0 Likes
TommyB Super Contributor.
Super Contributor.

Re: Debug Log messages

Jump to solution

Thanks for the comments and suggestion . We decided to change the INET port from 5555 to 5565. We could not identify where the "hole" was that allowed the foreign addresses in. It appears that 5555 exploit is an older weakness that is still being attempted. Since I changed to the 5565 port, I have had NO attempts. Previously would have had 20 or more in a day.

I do not have a real solution to this, but I am marking it solved by changing ports.

I still feel insecure in my network, but at least there are fewer attempts at my Cell manager.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.