Encrypted communications key exchange fails and warning alert is generated. (NETIQKB2005)

  • 7702005
  • 02-Feb-2007
  • 14-Aug-2007

Resolution

fact
Operations Manager 3.30

fact
Security Manager 3.30

fact
Security Manager 3.30 SP1

fact
Security Manager 3.40

symptom
The Consolidator generates error messages like the one below:

Event Type: Warning
Event Source: OnePoint Operations
Event Category: None
Event ID: 9205
Date: <Date>
Time: <Time>
User: NT AUTHORITY\SYSTEM
Computer: <machinename>
Description:
Encrypted communications key exchange with failed.

Details: An internal error occurred.

Internal Key state number: 2



fix
Currently, there are two workarounds for this problem until a more permanent fix is available.
  1. In the OnePoint MMC go to Configuration|Global Settings and select Agents. On the Communications tab, change the communication type to Use unencrypted communications port.
  2. Perform a managed computer scan.
  3. After the managed computer scan completes, delete all queue files from the consolidators (*.pqf and *.wkf).
  4. Check if the agents are back online as some may still be in an 'unknown' state.
  5. For any agents not back online, restart the OnePoint service on the agent computers.

The second workaround is to configure only the agents that are experiencing the problem to use unencrypted communications. This can be done by modifying the registry of the effected agents.

NOTE: Modifying this setting will cause the agents to only use unencrypted communications.

Drill down to the following registry value to change the agents encryption setting.

HKLM|SOFTWARE|Mission Critical Software|OnePoint|Configurations|<Configuration Group Name>|Operations|Agent|Consolidators|Security Level

This is the value that specifies whether or not the agent is using encrypted or unencrypted communication. It appears as follows:

  • SecurityLevel = 1 (Encrypted)
  • SecurityLevel = 0 (Unencrypted)
  • SecurityLevel = 2 (Only use secure communications)


note
NetIQ is aware of this issue and will update this article with any new information as it becomes available.

Additional Information

Formerly known as NETIQKB2005

Feedback service temporarily unavailable. For content questions or problems, please contact Support.