Client registration errors

I have a Win2016 v9.5.13 client having issues reporting in. Below is the initial registration and there is an error of

Failed automatic client authentication key exchange with server message: SSL protocol not supported.

Then later below shows a winsock error 4294967286, but it says it is still able to register. It does show up in the console and report in but doesn’t always run actions and keeps repeating the 4294967286 error.

Does the SSL protocol not supported have something to do with a cypher issue or something missing on this endpoint to successfully communicate?

Another thread mentioned that the winsock errors come straight from the Windows Winsock API, but 4294967286 isn’t reported by Microsoft as a code they document.

   RegisterOnce: Attempting secure registration with 'https://server1:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.13.130&Body=543112344&SequenceNumber=46&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://xxxxx%3a52311&AdapterInfo=00-50-56-88-59-5c_x.x.x.x%2f24_x.x.x.x_0'
At 15:09:43 +0000 - 
   RegisterOnce: Relay does not support secure registration.
   RegisterOnce: Registration backing off from SSL, attempting in clear text
   Unrestricted mode
   Configuring listener without wake-on-lan
   Registered with url 'http://server1:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.13.130&Body=543112344&SequenceNumber=46&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://xxxxx%3a52311&AdapterInfo=00-50-56-88-59-5c_x.x.x.x%2f24_x.x.x.x_0'
   Registration Server version 9.5.13.130 , Relay version 9.5.13.130
   Relay does not require authentication.
At 15:10:44 +0000 - 
   Failed automatic client authentication key exchange with server message: SSL protocol not supported.
   Relay selected: server1. at: x.x.x.x:52311 on: IPV4 (Using setting IPV4ThenIPV6)
At 15:10:46 +0000 - 
   PollForCommands: Requesting commands
At 15:12:01 +0000 - 
   PollForCommands: GetURL failed
   Entering Service Loop.
   Starting Service Loop.
   A2AServer::Start().
At 15:13:02 +0000 - 
   FAILED to Synchronize - General transport failure. - SOCKET RECEIVE (winsock error 4294967286 - gather url - http://server1m:52311/cgi-bin/bfenterprise/BESGatherMirror.exe?url=http://xxxxx:52311/cgi-bin/bfgather.exe/actionsite&Time=05Aug15:12:01&rand=5a3d3531&ManyVersionSha1=da39a3ee5e6b4b0d3255bfef95601890afd80709

In this example we found we could validate the error by running a wget/curl query on the client against the relay:52311/rd and get an incomplete response. Changing the MTU on the client server from 1500 to 9000 resolved the issue and cleared up the winsock 4294967286 errors in the bigfix client log file.

That’s…not what I’d expect. 9000 is a really huge MTU.

Haven’t really thought about it in context of client registration, but that raises an interesting point…what I’d expect is some benefit to lowering the MTU.if there were a device in the middle (such as a VPN).adding headers to the packet and causing it to be fragmented. We see that with other traffic.over IPSec.