Node throwing exception: NotSslRecordException

(Stephen Patten) #1

After installing x-pack and running up the cluster, one node is continually throwing this error whether or not the other nodes in the cluster are up or down.

[2018-02-02T10:19:28,357][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [lidt20elsrch01] caught exception while handling client http traffic, closing connection [id: 0xc85c6079, L: ! R:/]
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: removed this text
at io.netty.handler.codec.ByteToMessageDecoder.callDecode( ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead( ~[netty-codec-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at$HeadContext.channelRead( [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at$ [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at [netty-transport-4.1.13.Final.jar:4.1.13.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$ [netty-common-4.1.13.Final.jar:4.1.13.Final]
at [?:1.8.0_162]
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: removed this text
at io.netty.handler.ssl.SslHandler.decode( ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection( ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode( ~[?:?] elasticsearch-test d:_data\elasticsearch\data
path.logs: d:_logs\elasticsearch\logs lidt20elsrch01
xpack.ssl.key: certs/lidt20elsrch01.key
xpack.ssl.certificate: certs/lidt20elsrch01.crt
xpack.ssl.certificate_authorities: certs/CA.crt true true [ '', '', '']
node.max_local_storage_nodes: 3

The other nodes come up fine and work together and are NOT exhibiting this behaviour.

I've seen other questions about this, but no concrete answers or resolutions, wondering what I should focus on?

(Tim Vernum) #2

Port 9200 is the HTTP port. So something is connecting to that port and trying to make a clear-text http connection rather than a TLS https connection.
I can't tell you what process that is, but it's running on the machine, so that would be the place to start.

(Stephen Patten) #3


Thanks again! I actually had Jared Carey help me with this and we ended up blocking the IP address.

It turns out when our IT dept told me what that IP address/machine was they had old information, it was actually a prior install of Logstash running 5.x, which BTW I hadn't gotten to installing yet. When we blocked the IP address in the node settings the cluster performed correctly.

Next item was to install LS, where I quickly understood the error that had been made. Setting up LS with TLS solved the problem.

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.