Forum Discussion
genseek_32178
Nimbostratus
NimbostratusMonitor showing Down
I have 2 DIPs configured with monitors on port 80 working fine.
But the same monitor on port 443 for the same DIPs is showing as Inactive, Down.
Any ideas..would help here.
genseek
44 Replies
genseek_32178Out put from curl commands,
curl -v https://10.20.30.20/HeartBeat/Heartbeat.htm
* About to connect() to 10.20.30.20 port 443
* Trying 10.20.30.20... connected
* Connected to 10.20.30.20 (10.20.30.20) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES128-SHA
* Server certificate:
* subject: /C=US/ST=WA/L=Redmond/O=Microsoft/OU=RXP Security/CN=rxpsws
* start date: 2011-04-29 13:42:40 GMT
* expire date: 2013-04-28 13:42:40 GMT
* SSL: certificate subject name 'rxpsws' does not match target host name '10.20.30.20'
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name 'rxpsws' does not match target host name '10.20.30.20'
curl -v https://10.20.30.10/HeartBeat/Heartbeat.htm
* About to connect() to 10.20.30.10 port 443
* Trying 10.20.30.10... connected
* Connected to 10.20.30.10 (10.20.30.10) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES128-SHA
* Server certificate:
* subject: /C=US/ST=WA/L=Redmond/O=Microsoft/OU=RXP Security/CN=rxpsws
* start date: 2011-04-29 13:42:40 GMT
* expire date: 2013-04-28 13:42:40 GMT
* SSL: certificate subject name 'rxpsws' does not match target host name '10.20.30.10'
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name 'rxpsws' does not match target host name '10.20.30.10'- nitass
Employee
for curl, you may have to use -k option.
e.g.
curl -kv https://x.x.x.x/something - genseek_32178nitass,
any specific reason why you want "404 Not Found" to be used as receive string in the https monitor?
The fact that it shows:404 not found, does it not mean that there is server end issue.
I will post you the out put from updated curl cmd. - nitassany specific reason why you want "404 Not Found" to be used as receive string in the https monitor? since server responds 404 Not Found but https_443_pqr_mn monitor expects 200 OK. i think that is a reason the pool member is marked down.
- genseek_32178OK. Do i have to remove the whole default monitor or is there a way i can edit the monitor and update with "404 Not Found " as recv string?
b monitor https_default_mn list
monitor https_default_mn {
defaults from https
recv "200 OK"
send "GET /smoketest/test.htm HTTP/1.0\r\n\r\n"
}
If you can show the configuration cmd, it would be helpful? - nitasse.g.
[root@ve1023:Active] config b monitor https_443_pqr_mn list monitor https_443_pqr_mn { defaults from https_default_mn send "GET /smoketest/test.htm HTTP/1.0\r\n\r\n" } [root@ve1023:Active] config b monitor https_443_pqr_mn '{ defaults from https_default_mn recv "404 Not Found" }' [root@ve1023:Active] config b monitor https_443_pqr_mn list monitor https_443_pqr_mn { defaults from https_default_mn recv "404 Not Found" send "GET /smoketest/test.htm HTTP/1.0\r\n\r\n" } - nitasse.g.
root@ve1023(Active)(tmos) list ltm monitor https https_443_pqr_mn ltm monitor https https_443_pqr_mn { cipherlist "DEFAULT:+SHA:+3DES:+kEDH" compatibility "enabled" defaults-from https_default_mn interval 5 send "GET /smoketest/test.htm HTTP/1.0\r\n\r\n" time-until-up 0 timeout 16 } root@ve1023(Active)(tmos) modify ltm monitor https https_443_pqr_mn defaults-from https_default_mn recv "404 Not Found" root@ve1023(Active)(tmos) list ltm monitor https https_443_pqr_mn ltm monitor https https_443_pqr_mn { cipherlist "DEFAULT:+SHA:+3DES:+kEDH" compatibility "enabled" defaults-from https_default_mn interval 5 recv "404 Not Found" send "GET /smoketest/test.htm HTTP/1.0\r\n\r\n" time-until-up 0 timeout 16 } - genseek_32178thank a ton nitass, shall updatel you when i have done this.
So after the recv string is modified, the pool member should show as UP, right?
do you want me to again run openssl and curl? - nitassSo after the recv string is modified, the pool member should show as UP, right? yes
do you want me to again run openssl and curl?i think it is not needed. - genseek_32178Or the other way..to make the pool member show UP is to create the monitor object "/HeartBeat/Hearbeat.htm" on the server, right?
