Docker Compose Comple Errors on boot - local error: tls: bad record MAC

1

HI there....Ive pulled down the docker compose complex network again today and these errors keep scrolling after it has booted up - what do they mean ? .... Ive created a service like ive done previously but it will not connect using latest window edge client - im not sure if below errors are related to that ?

[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  79.626]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:41270] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  79.648]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:41286] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  84.617]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:41294] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  84.704]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {error=[local error: tls: bad record MAC] remote=[192.168.116.1:41302]} handshake failed
ziti-controller-1                 | [  84.719]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:41312] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  89.628]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:33182] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  89.722]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:33184] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  89.740]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:33194] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  94.653]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {error=[local error: tls: bad record MAC] remote=[192.168.116.1:33202]} handshake failed
ziti-controller-1                 | [  94.748]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:33216] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  94.765]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {error=[local error: tls: bad record MAC] remote=[192.168.116.1:33224]} handshake failed
ziti-controller-1                 | [  99.720]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {error=[local error: tls: bad record MAC] remote=[192.168.116.1:38652]} handshake failed
ziti-controller-1                 | [  99.776]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:38668] error=[local error: tls: bad record MAC]} handshake failed
ziti-controller-1                 | [  99.807]   ERROR transport/v2/tls.(*sharedListener).processConn [tls:0.0.0.0:1280]: {remote=[192.168.116.1:38672] error=[local error: tls: bad record MAC]} handshake failed
2

Those errors look to me to be a client trying to connect to the same address, but with a different PKI. I would suspect that you have the old identity in the ZDEW and the complex docker env has regenerated its PKI because it was down'ed -v or because it's in a new location (and thus it gets a new docker compose name).

The easiest solution in that case is to just "forget" the identity from the ZDEW and make a new identity and enroll that.

3

That was it, thank you - i had old identites in the local linux folder I have that I had forgotten about

1 Like