Forum Discussion

Harps_VIrdee_Si's avatar
Harps_VIrdee_Si
Icon for Nimbostratus rankNimbostratus
Dec 19, 2018

HTTPS Monitor Healthcheck Failing

Hi All,

 

I'm trying to monitor the health of a pool by using a send string and receive string.

 

the following path as been setup on both the IIS servers:

 

https://10.54.118.11/portal/portaladmin/healthCheck https://10.54.118.12/portal/portaladmin/healthCheck

 

which I get the following response from CURL from the F5:

 

I have set the following in the monitor

 

SEND STRING : GET /portal/portaladmin/healthcheck HTTP/1.1\r\nHost: Close\r\n\r\n

 

RECEIVE STRING : 200 OK

 

however the monitor doesn't work and nodes are marked offline, the pool only becomes available if I apply a TCP monitor.

 

application delivery
LTM
  • Harps_VIrdee_Si's avatar
    Harps_VIrdee_Si
    Icon for Nimbostratus rankNimbostratus
    Dec 19, 2018

    CURL

     

    :Active:Changes Pending] ~ curl -vk https://10.54.118.11/portal/portaladmin/healthcheck * About to connect() to 10.54.118.11 port 443 (0) * Trying 10.54.118.11... connected * Connected to 10.54.118.11 (10.54.118.11) port 443 (0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES256-GCM-SHA384 * Server certificate: * subject: CN=plhresrweb001.uk.baa.com * start date: 2018-12-10 12:02:29 GMT * expire date: 2019-12-10 12:02:29 GMT * common name: plhresrweb001.uk.baa.com (does not match '10.54.118.11') * issuer: DC=com; DC=BAA; DC=UK; CN=HAL-SHA2-Issuing-CA-1 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

     

    GET /portal/portaladmin/healthcheck HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1l zlib/1.2.3 libidn/1.18 Host: 10.54.118.11 Accept: /

     

    < HTTP/1.1 200 OK < Cache-Control: no-cache, no-store, must-revalidate, no-transform < Pragma: no-cache < Content-Type: text/html;charset=UTF-8 < Expires: -1 < Vary: Origin < Server: Microsoft-IIS/10.0 < X-XSS-Protection: 1; mode=block,1; mode=block < X-Content-Type-Options: nosniff,nosniff < X-Frame-Options: SAMEORIGIN < Server: < X-AspNet-Version: 4.0.30319 < X-Powered-By: ASP.NET < Date: Wed, 19 Dec 2018 11:53:32 GMT < Content-Length: 2702

     

     

     

     

    Portal Administrator Directory

     

     

     

    Login

     

    Username

     

    Password

     

     

     

    * Connection 0 to host 10.54.118.11 left intact * Closing connection 0 * SSLv3, TLS alert, Client hello (1):

     

  • Dylan_375544's avatar
    Dylan_375544
    Icon for Cirrocumulus rankCirrocumulus
    Dec 19, 2018

    I think your send string might be a little off.

     

    You have "Host: Close" when it should be:

     

    "Host: 10.54.118.11\r\nConnection: close\r\n\r\n"

     

     

    Hope that helps!

     

     

    -Dylan

     

    • Harps_VIrdee_Si's avatar
      Harps_VIrdee_Si
      Icon for Nimbostratus rankNimbostratus
      Dec 19, 2018

      Hi Dylan,

       

      Got it working with the following:

       

      TYPE : HTTPS SEND STRING : GET /portal/portaladmin/healthCheck HTTP/1.1\r\nHost: Close\r\n\r\n

       

      RECEIVE STRING : healthcheck

       

      the server guy stopped IIS on one of the servers and the F5 removed it from the pool

       

      logs:

       

      Dec 19 14:50:30 ITF55175HDC1-INT1 notice mcpd[14150]: 01070638:5: Pool /Common/ArcGIS_WEB_Pool member /Common/PLHRESRWEB001:443 monitor status down. [ /Common/ARC_GIS_PRE_PORTAL_HEALTHCHECK: down; last error: /Common/ARC_GIS_PRE_PORTAL_HEALTHCHECK: Response Code: 302 (Found) @2018/12/19 14:50:30. ] [ was up for 0hr:10mins:4sec ] Dec 19 14:51:41 ITF55175HDC1-INT1 notice mcpd[14150]: 01070727:5: Pool /Common/ArcGIS_WEB_Pool member /Common/PLHRESRWEB001:443 monitor status up. [ /Common/ARC_GIS_PRE_PORTAL_HEALTHCHECK: up ] [ was down for 0hr:1min:11sec ] Dec 19 14:52:41 ITF55175HDC1-INT1 notice mcpd[14150]: 01070638:5: Pool /Common/ArcGIS_WEB_Pool member /Common/PLHRESRWEB001:443 monitor status down. [ /Common/ARC_GIS_PRE_PORTAL_HEALTHCHECK: down; last error: /Common/ARC_GIS_PRE_PORTAL_HEALTHCHECK: Response Code: 302 (Found); Unable to connect; No successful responses received before deadline. @2018/12/19 14:52:41. ] [ was up for 0hr:1min:0sec ] Dec 19 14:52:57 ITF55175HDC1-INT1 notice mcpd[14150]: 01070727:5: Pool /Common/ArcGIS_WEB_Pool member /Common/PLHRESRWEB001:443 monitor status up. [ /Common/ARC_GIS_PRE_PORTAL_HEALTHCHECK: up ] [ was down for 0hr:0min:16sec ]

       

      and then once enabled, came back into the pool...noticed there was a 200 OK being returned in the CURL output, I just took a string which was "healthcheck"

       

      will do some failover testing with the server admin tomorrow

       

  • Massina754_3754's avatar
    Massina754_3754
    Icon for Nimbostratus rankNimbostratus
    Jan 02, 2019

    Something like this?

     

    GET /Connect/v1/checkservicestatus HTTP/1.1\r\nHost: 10.55.185.58\r\nConnection: Close\r\n\r\n apkjunky