IBM Support

WinCollect : Troubleshooting "Cannot connect to server -- The certificate verification failed, errNo=XXXXXXXXX"

Troubleshooting


Problem

This error message is displayed in the Wincollect.log. These messages are benign and can usually be ignored. This article helps you remove this error.

Symptom

A user might see the following error in Wincollect.log even though the connection is fine on the Windows® host side. The errNo value might differ from the example:
Cannot connect to server -- The certificate verification failed, errNo=336134278

Cause

A common cause is that there might be a mismatch in the time between the QRadar console (or the event collector) and the Windows host where WinCollect is installed.

Diagnosing The Problem

Verify whether the time is synced between the Configuration Server (QRadar Console or Event Collector) and the Windows Host (WinCollect).
  1. Open PowerShell on the Windows host.
  2. You can run a connectivity test. The test will show whether you can connect to the Configuration Server to retrieve the certificate or not. 
    PS C:\> tnc -computername xx.xx.144.22 -Port 8413

ComputerName     : xx.xx.144.22
RemoteAddress    : xx.xx.144.22
RemotePort       : 8413
InterfaceAlias   : Ethernet0
SourceAddress    : xx.xx.138.166
TcpTestSucceeded : True
  3. Log in to the QRadar Console CLI.
  4. Run the date command and verify the time. 
    [root@qradar_console ~]# date
Tue Mar 21 10:29:07 UTC 2023
  5. Verify the same on the target event collector: 
    [root@qradar_ec~]# date
Tue Mar 21 10:29:21 UTC 2023
  6. Verify the time on the WinCollect host (PowerShell): 
    PS C:\Users\user> date
Tuesday, March 21, 2023 11:32:35 AM

PS C:\Users\user> Get-TimeZone
Id : Romance Standard Time
DisplayName : (UTC+01:00) Brussels, Copenhagen, Madrid, Paris
StandardName : Romance Standard Time
DaylightName : Romance Daylight Time
BaseUtcOffset : 01:00:00
SupportsDaylightSavingTime : True

Resolving The Problem

To resolve the issue, we need to ensure that the time is synced between Configuration Server (QRadar Console or Event Collector) and the Windows Host (WinCollect).
If you have a corporate NTP server, or can use an external NTP service, administrators can use these for synchronizing the time. 

QRadar: Configuring NTP settings for a QRadar appliance

Result

The certificate verification failed error will not be present on the environment and logs.

If the messages are still visible and causing an issue, the administrators are advised to raise a support case with IBM® QRadar® Support.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
16 August 2024

UID

ibm17160407

Page Feedback