Erro net/http:TLS handshake timeout

  • 7 July 2023
  • 3 replies
  • 87 views

Badge +9

Hello friends,

Someone has already had the problem of adding an application in bypass .. accessing this application in the cloud is via CLI , when accessing I receive this error when the client is active and NPA

without NPA active, only the client passed the err "an unknown error occurred

I noticed some errors without debugging

 

 

NSCom2.cpp:1850 NSCOM2 message INST_CERT_IN_FF sent from server to "nsClientUI_s2" client with count 1


 stAgentSvc p1404 ta9c error registry.cpp:160 registry RegOpenKeyEx failed, err: 2

stAgentSvc p1404 ta9c warn proxy.cpp:155 nsUtil Failed to auto detect proxy or download PAC file, error 12180

stAgentSvc p1404 t3a4c info fileUtil.cpp:83 nsUtils failed to open file for reading: C:ProgramData etskopestagent/data/authtoken.pem, err: 2

 stAgentUI p117c t3374 error NSCom2.cpp:1527 NSCOM2 client socket connect failed 10061

 

Does anyone know what could be going on?

 

The above path has been added to the antivirus exceptions list

 

 


3 replies

Userlevel 6
Badge +16

@bruna do you encounter this on specific sites or just one?  What is the site or application?  The error that you've highlighted indicates a socket code of 10061 which means that something blocked the connection:

https://learn.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2

This can occur if something has caused the Netskope service to go down such as antivirus or other endpoint software.  It can also occur if there is an on device firewall that prevents communication between the UI service and the Netskope client service.   This does not necessarily relate to the TLS error though so it would be good to better understand what the issue is with that app. 

Badge +9

Hi friend

 

It is an application installed via the powershell command line on the machine after installation, the instance is accessed with an .exe service

Userlevel 6
Badge +16

Hello Bruna, 

This likely has to do with an SSL certificate error instead.  Do the client logs show this being steered over NPA or the SWG/CASB tunnel?  My suspicion is that this traffic is being steered to Netskope and SSL inspection is breaking the connection.  

Reply