Forum Discussion
SSL LTM issue
Hey all -
This is going to likely be a DUMB question, but it's Monday, and the coffee is still sinking into my head.
I'm working on setting up my first SSL system behind our newly deployed F5's. Initially I had just set a port 443 monitor, but the boss wants something a bit more robust.
So, started working through this guide: https://www.f5.com/pdf/deployment-guides/f5-microsoft-remote-desktop-services-dg.pdf
and I did the configuration that was specified on page 17. I created a health monitor to do the following:
GET /RDWeb/Pages/en-US/login.aspx HTTP/1.1\r\nHost: rdwa.example.com\r\nConnection: Close\r\n\r\n
(should return 200 OK).
I've done similar get/return strings on standard non-ssl port 80 websites. However, this one doesn't work. If I pull the page in Postman, I can get the page source returned with no issue.
So, my dumb question:
Do I need to load a certificate onto the F5 for the new hostname, or the client machines behind this config for this to work correctly? I don't have a cert for either at the moment, so I know that part is missing on my config. But right now i'm just trying to get the monitor working.
So, with some assistance with F5, the issue was found!
Apparently... NTLM doesn't like playing well with \r\n's as the end of the url.
Before(not working): GET /RDWeb/Pages/en-US/login.aspx HTTP/1.1\r\nHost: lbtest.internalserver.int\r\nConnection: Close\r\n\r\n
After (working): GET /RDWeb/Pages/en-US/login.aspx HTTP/1.1\r\nHost: lbtest.internalserver.int
- Vijay_ECirrus
Were you able to test the connectivity and response from the server with simple commands from F5 bash like:
curl -Ik -H "Host: rdwa.example.com" https:///RDWeb/Pages/en-US/login.aspx
- JohnP_WDG_36158Altocumulus
So, with some assistance with F5, the issue was found!
Apparently... NTLM doesn't like playing well with \r\n's as the end of the url.
Before(not working): GET /RDWeb/Pages/en-US/login.aspx HTTP/1.1\r\nHost: lbtest.internalserver.int\r\nConnection: Close\r\n\r\n
After (working): GET /RDWeb/Pages/en-US/login.aspx HTTP/1.1\r\nHost: lbtest.internalserver.int
- JohnP_WDG_36158Altocumulus
So, with some assistance with F5, the issue was found!
Apparently... NTLM doesn't like playing well with \r\n's as the end of the url.
Before(not working): GET /RDWeb/Pages/en-US/login.aspx HTTP/1.1\r\nHost: lbtest.internalserver.int\r\nConnection: Close\r\n\r\n
After (working): GET /RDWeb/Pages/en-US/login.aspx HTTP/1.1\r\nHost: lbtest.internalserver.int
- JGCumulonimbus
You should have only one set of "
" at the end of the send string, for user password information will need to be sent as an extra header after that. The system will automatically furnish the end of the request properly.\r\n
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com