BigIP - LTM: Blackboard Oct 2014 release/load balancer redirect error

Hi,

I think you may be in http<->https redirect loop. When you go direct to 8010 check if you are being redirected to https e.g. It's possible you are coming in client-side on the LB to and passed to the non-https server port on 8010 (ssl offload), which may redirect all traffic back to again.

If this is the case here are a few options, 1) change the backend F5 pool port to the SSL port the server is listening and change the F5 VS config to add a serverssl profile to re-encrypt the session, 2) check your vendor documentation to see how to config your web server to accept http connections e.g. insert a X-forwarded header on the F5 to signal http only.

If this is not the case do a trace on the client and see where the redirect loop is..

cheers

Thanks for the help, so I did option 1, and now it hangs there with "establishing secure connection" and eventually times out. Adding both a client and server profile, I get "no data received/ERR_EMPTY_RESPONSE" from the browser.

OK,

1. is the webserver port listening for ssl or non-ssl connections. When you go direct to the server on 8010 are you typing in http or https, if http do you get redirected to https automatically?

2. what was the original working configuration before the changes? was it client--->F5:443---->IIS:80 and what have you changed on the F5, (e.g. pool members, rules, VS)

3. can you post sanitised virtual server config, if you have existing and new VS then post both, if you have access to cli and TMSH;

list ltm virtual VS_NAME

So when I go to it redirects me to which are the ports in the webserver config that are setup for:

              Tomcat direct connector port numbers               
  These ports should be used when directly connecting to Tomcat  
  either as a standalone host, or when directly accessing a host 
bbconfig.appserver.http.portnumber=8080
bbconfig.appserver.https.portnumber=8443

               Tomcat proxy connector port numbers               
  These ports should be used when load balancing or using a web  
                     server to proxy requests                    
bbconfig.appserver.http-proxy.portnumber=8010
bbconfig.appserver.https-proxy.portnumber=8444

However, if I go to it redirects me to and it works fine. Blackboard support says that its setup so that if you go to it should point in the loadbalancer to blackboardserverx:8010, then it should load the page. If I go to it redirects to and get an attempt for a ssl connection, then goes to "Connection closed" (obviously because 443 is not listed in the config).

For the heck of it, i changed 8444 to 443, and tried it, and 8010 redirects to 443 and works, but still thru the load balancer VS address, I get "no data received".

[root@bigip-mgt:Active:Changes Pending] config  tmsh list ltm virtual blackboard_http
ltm virtual blackboard_http {
    destination 164.104.x.xx:https
    ip-protocol tcp
    mask 255.255.255.255
    persist {
        blackboard {
            default yes
        }
    }
    pool blackboard_pool_http
    profiles {
        bbstream { }
        blackboard_http_new { }
        psd_ssl {
            context clientside
        }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-port disabled
    vs-index 48
}

a bit confused, some of your statements seem to be conflicting..

"when I go to it redirects me to "

" If I go to it redirects to "

I think your core issue is that you have a https VS doing SSL-offload to a http web server listener on 8010, which is configured to do an automatic redirect back https again.

I think you will need to configure your app for SSL offload to have the http 8010 listener behind the https VS or put the https listener behind the https VS and SSL reencrypt on the F5 (clientssl and serverssl)