Montoring https port in windows server 2012 is not working with F5

Hi Edgar, if you read this thread, you will notice multiple potential reasons for a https monitor to fail: - layer 3/4: wrong IP or port - SSL/TLS layer: TLS downgrade, handshake failure, missing or untrusted client certificate - layer 5: missing http-headers, wrong request or not matching receive string To troubleshoot the issue I would first check a plain TCP monitor to the pool members IP and port. If this works I would continue using both curl and openssl s_client (as described above) to validate the SSL handshake and the proper request/receive string definitions. The results would allow you to limit protocol versions and ciphers in your https monitor cipher string settings, i.e. by using a fixed cipher of 'ECDHE-RSA-AES128-GCM-SHA256' (supported on TLS1.2 only; for other ciphers you may want to exclude protocols i.e. by appending ":!TLS1:!TLS1_1"). In case your server supports TLS 1.0 only, a downgrade may fail during the handshake. A cipher as follows may help to fix the issue (to permit TLS 1.0 only): 'DEFAULT:!DTLSv1:!SSLv3:!TLSv1_1:!TLSv1_2' The remaining ciphers can be tested by using the command "tmm --clientcipher 'your_cipher_here'". With one of my clients it was required to use SNI (TLS extension (currently supported only by an external monitor based on openssl s_client). Thanks, Stephan PS: Updated the comment regarding downgrade TLS issues.