Forum Discussion
NimbostratusCould not establish trust relationship for the SSL/TLS when load balancing IIS Servers
Hello, trying to use F5 VIP to load balance traffic from IIS Server(Client) to an IIS Server Pool. I get the below handshake error when I use the F5 VIP in the end point url on the IIS web.config file.
"ERROR: Login failed!\n\n\n Could not establish trust relationship for the SSL/TLS secure channel with authority "
I do not see this error when I directly try to reach the end point using the server host. Any help truly appreciated.
patonbikeCirrus
Which serverssl profile are you using? What certificate is installed on the IIS side?
Try "server certificate: ignore" just to see if it fixes it. If it fixes the problem, then the F5 doesn't trust the cert that IIS is presenting.
- patonbike
Sorry, I misread, that error sounds like it is coming from IIS, not the LTM.. meaning that the error is between the client and the VIP not VIP and pool member.
What happens if you type in the from a web browser on the client's IIS server--does that work?
Do you see anything in /var/log/ltm?
Is it a public issued cert and website? If so I like to use https://www.sslshopper.com/ssl-checker.html to check the cert's chain.
abhy201What happens if you type in the from a web browser on the client's IIS server--does that work?
I get the IIS Login screen when I run the VIP from the client IIS server. And I dont see anything in the LTM logs. Strange thing is it works when I bypass the F5 and directly use the server host.
- abhy201
We have seen there was a missmatch in the cert name and LB VIP url. We were using a common cert used across different envts and the name was not matching to the VIP. Once this was udpated, the issue resolved.
Thank you for the info provided earlier.