Forum Discussion

mikemich_131967's avatar
mikemich_131967
Icon for Nimbostratus rankNimbostratus
Jun 10, 2014

HTTPS Monitor not working but same monitor for HTTP does

I am running an HTTPS monitor below. When i apply the health check in HTTP it works fine but when I add it to HTTPS Monitor it doesn't work. I have used HTTPS monitors before and I am stuck on why this is happening

 

Send String GET /monitor/status_check \r\n\r\n

 

ReceivePASS

 

application delivery
availability
deployment
LTM

8 Replies

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Jun 10, 2014

    Do the following command from your F5. This assumes the pool member is on port 443. If not then add :port to then end of pool_member_ip with the port of the pool member you are testing.

    curl -k https://pool_member_ip/monitor/status_check

    Do you get something back?

    • Ellison_Zhang_2's avatar
      Ellison_Zhang_2
      Icon for Nimbostratus rankNimbostratus
      May 11, 2016
      I got expected string "OK" when I use curl -k. but HTTPS monitor still failed.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 10, 2014

    additionally, you may try tcpdump/ssldump to see what is going on.

     tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y and port zzz -v

x.x.x.x is non floating self ip on server vlan
y.y.y.y is server (pool member) ip
zzz is server (pool member) port number

    sol10209: Overview of packet tracing with the ssldump utility

    http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
    • Ellison_Zhang_2's avatar
      Ellison_Zhang_2
      Icon for Nimbostratus rankNimbostratus
      May 11, 2016
      What version of TLS/SSL does F5 use(11.3). Here is my ssldump output. Seems Service directly send FIN to client after two tries to use SSL2.0 and SSL3.0. would you help me to check what's wrong? New TCP connection 1: xxx.xxx.xxx.xxx(44432) <-> xxx.xxx.xxx.xxx(8175) 1 1 0.0022 (0.0022) C>S SSLv2 compatible client hello Version 3.1 cipher suites TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA SSL2_CK_3DES TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0x45 Unknown value 0x44 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 SSL2_CK_RC2 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 SSL2_CK_RC4 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA SSL2_CK_DES TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL2_CK_RC2_EXPORT40 TLS_RSA_EXPORT_WITH_RC4_40_MD5 SSL2_CK_RC4_EXPORT40 Unknown value 0xff 1 0.0067 (0.0044) S>C TCP FIN New TCP connection 2: xxx.xxx.xxx.xxx(44433) <-> xxx.xxx.xxx.xxx(8175) 2 1 0.0022 (0.0022) C>S Handshake ClientHello Version 3.0 cipher suites SSL_DHE_RSA_WITH_AES_256_CBC_SHA SSL_DHE_DSS_WITH_AES_256_CBC_SHA SSL_RSA_WITH_AES_256_CBC_SHA SSL_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA SSL_RSA_WITH_CAMELLIA_256_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_128_CBC_SHA Unknown value 0x45 Unknown value 0x44 SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 2 0.0058 (0.0035) S>C TCP FIN New TCP connection 3: xxx.xxx.xxx.xxx(44465) <-> xxx.xxx.xxx.xxx(8175) Version 2 Client. 3 0.0049 (0.0049) S>C TCP FIN 3 0.0118 (0.0068) C>S TCP FIN 2 0.0355 (0.0297) C>S TCP FIN 1 0.0545 (0.0477) C>S TCP FIN
    • Ellison_Zhang_2's avatar
      Ellison_Zhang_2
      Icon for Nimbostratus rankNimbostratus
      May 11, 2016
      What version of TLS/SSL does F5 use(11.3). Here is my ssldump output. Seems Service directly send FIN to client after two tries to use SSL2.0 and SSL3.0. would you help me to check what's wrong? New TCP connection 1: xxx.xxx.xxx.xxx(44432) <-> xxx.xxx.xxx.xxx(8175) 1 1 0.0022 (0.0022) C>S SSLv2 compatible client hello Version 3.1 cipher suites TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA SSL2_CK_3DES TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0x45 Unknown value 0x44 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 SSL2_CK_RC2 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 SSL2_CK_RC4 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA SSL2_CK_DES TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL2_CK_RC2_EXPORT40 TLS_RSA_EXPORT_WITH_RC4_40_MD5 SSL2_CK_RC4_EXPORT40 Unknown value 0xff 1 0.0067 (0.0044) S>C TCP FIN New TCP connection 2: xxx.xxx.xxx.xxx(44433) <-> xxx.xxx.xxx.xxx(8175) 2 1 0.0022 (0.0022) C>S Handshake ClientHello Version 3.0 cipher suites SSL_DHE_RSA_WITH_AES_256_CBC_SHA SSL_DHE_DSS_WITH_AES_256_CBC_SHA SSL_RSA_WITH_AES_256_CBC_SHA SSL_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA SSL_RSA_WITH_CAMELLIA_256_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_AES_128_CBC_SHA Unknown value 0x45 Unknown value 0x44 SSL_DHE_RSA_WITH_AES_128_CBC_SHA256 SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 2 0.0058 (0.0035) S>C TCP FIN New TCP connection 3: xxx.xxx.xxx.xxx(44465) <-> xxx.xxx.xxx.xxx(8175) Version 2 Client. 3 0.0049 (0.0049) S>C TCP FIN 3 0.0118 (0.0068) C>S TCP FIN 2 0.0355 (0.0297) C>S TCP FIN 1 0.0545 (0.0477) C>S TCP FIN
  • mikemich_131967's avatar
    mikemich_131967
    Icon for Nimbostratus rankNimbostratus
    Jun 12, 2014

    Thanks for the feedback everyone. When I was adding or removing the monitor on the HTTPS monitor to the pool. The pool would never change status. I found out that on this the node was being individually monitored within the pool which is not something we normally do. I should have noticed sooner.