DPI error 19006: googleapis.com - Failure to pass SafetyNet validation.

How to turn on additional(large size) logging.

(Edited by Michael Dunn to remove steps.  Turning on additional logging fills up the harddrive and slows down the system, and we don't want inexperienced people pouring over detailed log files.)

Anyone can download the log below.

https://ds.netspheres.org:5001/d/f/536397891256760693

And exclusion feature does not work in this error.

I am under the impression that Error 19006 is a known bug within the TLS engine.

I have posted in another thread about this error and not seen any results.

Ian

Michael Dunn I have the same issue, but I just noticed it after reviewing this post. I sent you a PM earlier on something else. Let me know in that message if you want logs from me too on this, if it will help.

FoW thanks for your find.

Public Service Announcement, I would advise that no one turn on logging via those steps, unless your are working with a Sophos engineer. You could cause issues if you do not turn off logging. That is why you do not see those instructions posted in any forum. Sophos engineers only PM those steps and there is a reason.

Mike

For the SafetyNet issues I believe we have determined the cause, thanks to log files that have been provided.  We do not yet have an ETA on the solution.

I am under the impression that Error 19006 is a known bug within the TLS engine.

 

19006 is a catch all for many different underlying problems.  Some of those underlying problems have been solved, some are changing to more specific errors, some are remaining as 19006.

Right now in order to have it working you must be using the web proxy, not DPI mode, for this traffic.

Right now in order to have it working you must be using the web proxy, not DPI mode, for this traffic.