Forum Discussion

Aabuitrago's avatar
Aabuitrago
Icon for Altostratus rankAltostratus
May 15, 2025

Load Balancing IIS Servers

Hi,

 

I have two IIS Servers that I use to publish multiple sites. I load balance those two IIS Servers through a Big-IP.

I recently add a new application on the IIS Servers and for some reason when I try to access this new app I get the error "500 - Internal server error. There is a problem with the resource you are looking for, and it cannot be displayed."  If I try to access this app directly to the server "http://ServerName/Newapp" the site shows correctly.

 

What can be causing this issue

 

Regards,

 

 

 

application delivery

6 Replies

  • Aabuitrago's avatar
    Aabuitrago
    Icon for Altostratus rankAltostratus
    May 19, 2025

    Hi,

    Thanks everyone for your suggestions. We discovered that the IIS Server was trying to resolve the name for the IP address of the source of the connection (the SelfIP of the F5).  On the log of the IIS Servers we found this error No_such_host_is_known 8082 - 10.1.2.193. As soon as we created an entrance on the DNS for the selfIP of the F5, the application started to work.

    Does anyone know if this behavior is normal as part of a particular configuration at the IIS?

     

    Regards,

    • zamroni777's avatar
      zamroni777
      Icon for MVP rankMVP
      May 28, 2025

      it's not iis specific, but app specific.
      i had encountered some java based http servers had that behavior.

  • zamroni777's avatar
    zamroni777
    Icon for MVP rankMVP
    May 18, 2025

    test using "curl -vk http://vip:port/....."
    it will show many details to help troubleshoot the problem

    if you put irules in the vserver config, also check /var/log/ltm

  • Aabuitrago's avatar
    Aabuitrago
    Icon for Altostratus rankAltostratus
    May 15, 2025

    Thanks for your prompt response.

     

    In this case its a simple plain text virtual server. 

    • Injeyan_Kostas's avatar
      Injeyan_Kostas
      Icon for Cumulonimbus rankCumulonimbus
      May 15, 2025

      could you get a pcap?

      also might your server accept only http://ServerName as hostname
      do you have a proper binding on IIS for http://vipname ?

      if not you might just need to rewrite host header

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Cumulonimbus rankCumulonimbus
    May 15, 2025

    Might be SNI

    You can you use either different Server SSL profiles or a generic irule like 

    when HTTP_REQUEST
{
    set serverSideSSLSNIName [ string tolower [HTTP::host] ]
}

when SERVERSSL_CLIENTHELLO_SEND
{
	#https://support.f5.com/csp/article/K41600007
	if { [ info exists serverSideSSLSNIName ] }
	{
	    if { [catch { SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $serverSideSSLSNIName]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $serverSideSSLSNIName] } ] }
	    {
		    log local0. "ERROR: Attempting to assign server SSL  - SNI : $serverSideSSLSNIName failed"
	    }
	}
}