cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

SSL decryption session

irahn
Contributor

Hi!

A large percentage of SSL packets failed decryption session  because: 
"Session not seen from the beginning"
What does it mean?.
rcmd-show-ssldecr-status.jpg
3 REPLIES 3

david_n
Inactive

Hello Ingrid,

This could be an issue with monitoring persistent TCP connections. If you utilize these in your environment then some of the packets will not have the connection details as DCRUM would expect. You can make changes to your configuration to resolve this issue. Here is a link to a troubleshooting page where this scenario is mentioned:

https://community.dynatrace.com/community/display/DCRUM124/Troubleshooting+SSL+monitoring+issues

Thanks,

David Nicholls

harshal_pujari
Dynatrace Pro
Dynatrace Pro

Hi Ingrid,

Also please ensure with your networking team that you are seeing data from the beginning of the SSL session; i.e. when the SSL session is first established.

Regards,

Harshal.

chris_v
Dynatrace Pro
Dynatrace Pro

Check your data quality on the AMD, from the screen shot, it appears you're missing packets rather frequently, there's counts against all the metrics that imply packet loss.

- sessions not seen from the beginning
- incomplete SSL handshake
- packet loss during handshake
- reused sessions with no primary session seen before
- corrupted handshake

Get the traffic quality 100% and your SSL problems will largely resolve themselves.