Hello.

Currently, we are looking to resolve an issue using the TA for Microsoft Cloud Services.  The TA has been installed on our Heavy Forwarder and used to ingest IIS log files from a Storage Blob.  Below are the error messages we receive ...

ERROR TcpInputProc - Message rejected. Received unexpected message of size=369295616 bytes from src=xxx.xxx.xxx.xxx:65138 in streaming mode. Meximum message size allowed=67108864. Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

ERROR ApplicationUpdater - Error checking for update, URL=https://apps.splunk.com/api/apps:resolve/checkforupgrade: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the 'openssl verify' command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.

ERROR X509Verify - X509 certificate (CN=GlobalSign,O=GlobalSign Root CA - R3) failed validation; error=19, reason="self signed certificate in certificate chain"

We have checked the SSL configurations ...

server.conf

[sslConfig]
sslRootCAPath = /opt/splunk/etc/auth/cacert.pem

inputs.conf

[splunktcp-ssl:9997]
disabled = 0

[SSL]
serverCert = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
requireClientCert = false

And they look fine.  Has anyone else faced something similar?  If so, what did you to resolve this issue.  Thanks.

Regards,
Max