Forum Discussion

ecce_297791's avatar
ecce_297791
Icon for Altocumulus rankAltocumulus
Dec 26, 2017

APM gives error code 19 - always

I have a BIGIP VE on my laptop and recently provisioned the APM module. I made a super simple policy displaying a message box and a fallback branch to an allow ending. That's it. However I cannot access the HTTP service, F5 shows an error message (error code 19):

 

"BIG-IP can not find session information in the request. This can happen because your browser restarted after an add-on was installed. If this occurred, click the link below to continue. This can also happen because cookies are disabled in your browser. If so, enable cookies in your browser and start a new session."

 

I'm not sure how to t-shoot this. Here is what I have checked:

 

  • I can see sessions listed in the GUI.
  • I get the same error in all web browsers (FF, Chrome, Safari).
  • Cookies are not disabled
  • Terminating sessions in the GUI does not help. Also tried restarting the BIGIP VE completely.
  • The HTTP page shows up fine if a remove the Access Policy from the VS.

This is what I find in the /var/log/apm:

 

Dec 26 21:37:29 bigipa notice tmm[11468]: 01490506:5: /Common/test-aaa.ap:Common:f047ac21: Received User-Agent header: Mozilla%2f5.0%20(Macintosh%3b%20Intel%20Mac%20OS%20X%2010.12%3b%20rv%3a57.0)%20Gecko%2f20100101%20Firefox%2f57.0.
Dec 26 21:37:29 bigipa notice tmm[11468]: 01490500:5: /Common/test-aaa.ap:Common:f047ac21: New session from client IP 10.1.10.1 (ST=/CC=/C=) at VIP 10.1.10.20 Listener /Common/p80_std.vs (Reputation=)

Here is the VS config:

 

ltm virtual /Common/p80_std.vs {
    description "Test Virtual Server"
    destination /Common/10.1.10.20:80         
    fw-enforced-policy /Common/allow_all.fwp
    ip-protocol tcp
    mask 255.255.255.255
    pool /Common/p80.pool
    profiles {                 
        /Common/http { }    
        /Common/rba { }
        /Common/tcp-lan-optimized { }
        /Common/test-aaa.ap { }
        /Common/websso { }
    }                  
    source 0.0.0.0/0    
    translate-address enabled
    translate-port enabled              
}

FYI: AFM is provisioned with default DROP for virtual servers, but that should not interfere with APM? (There is also a allow-all-rule for this VS)

 

Suggestions?

 

application delivery
BIG-IP Access Policy Manager (APM)
  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Dec 27, 2017

    Did you enable the cookie secure option in your access policy (under the SSO/Auth menu option (top bar). And does it work when you change the virtual server destination port to 443 (and add a client ssl profile (insecure compatible)?

     

    Cheers,

     

    Kees