BigIP Report Old

Sure, I will add that.

Let's focus on getting those errors out of the way first and see if it helps.

/Patrik

Cannot index into a null array. At C:\inetpub\wwwroot\newBigipreport-4.3.0.ps1:1004 char:4 + $virtualserverprofilelist[$i] | ForEach-Object { + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

Cannot index into a null array. At C:\inetpub\wwwroot\newBigipreport-4.3.0.ps1:1012 char:4 + $virtualserverprofilelist[$i] | ForEach-Object { + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

Cannot index into a null array. At C:\inetpub\wwwroot\newBigipreport-4.3.0.ps1:1060 char:5 + $objTempVirtualServer.sourcexlatetype = [string]$virtualserversourceaddresst ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

Cannot index into a null array. At C:\inetpub\wwwroot\newBigipreport-4.3.0.ps1:1061 char:5 + $objTempVirtualServer.sourcexlatepool = [string]$virtualserversourceaddresss ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

2017-01-10 10:18:50 Adding orphaned pools to the virtual server list 2017-01-10 10:18:51 Verifying load balancer data to make sure that no load balancer is missing 2017-01-10 10:18:51 No missing loadbalancer data was detected, compiling the report 2017-01-10 10:19:00 No iRule links to add to the dropdown 2017-01-10 10:19:00 No iRule definitions to add to the body 2017-01-10 10:19:00 Writing report temporary file to C:\inetpub\wwwroot\index.html.tmp 2017-01-10 10:19:00 Writing temporary pools json object to C:\inetpub\wwwroot\json\pools.json.tmp 2017-01-10 10:19:00 Writing temporary monitor json object to C:\inetpub\wwwroot\json\monitors.json.tmp 2017-01-10 10:19:00 Writing temporary virtual server json object to C:\inetpub\wwwroot\json\virtualservers.json.tmp 2017-01-10 10:19:00 Writing temporary irules json object to C:\inetpub\wwwroot\json\irules.json.tmp 2017-01-10 10:19:00 Writing temporary data group list json object to C:\inetpub\wwwroot\json\datagrouplists.json.tmp 2017-01-10 10:19:00 Successfully wrote the temporary files 2017-01-10 10:19:10 Updating the report with the new data 2017-01-10 10:19:10 The report has been successfully been updated 2017-01-10 10:19:10 There were errors while generating the report 2017-01-10 10:19:10 No error mail reporting enabled/configured

This certainly shows why you're not seeing the ssl profiles, but it does not explain why the errors occur.

• What role does the iControl user have? It should have read-only on all partitions.
• Is there no other error prior to the ones you pasted above? I would have expected an error on line 964 too considering the output.

Please paste this below the data retrieval (line 967) and run the script again?

"Here's the virtual server profile list"
$virtualserverprofilelist
"Here's the object type"
$virtualserverprofilelist.gettype()

Paste the output in a comment (censor as needed). It should look like this:

[array]$virtualserverlist = $f5.LocalLBVirtualServer.get_list()
[array]$virtualserverdestinationlist = $f5.LocalLBVirtualServer.get_destination($virtualserverlist)
[array]$virtualserverdefaultpoollist = $f5.LocalLBVirtualServer.get_default_pool_name($virtualserverlist)
[array]$virtualserverprofilelist = $f5.LocalLBVirtualServer.get_profile($virtualserverlist)
[array]$virtualserverirulelist = $f5.LocalLBVirtualServer.get_rule($virtualserverlist)
[array]$virtualserverpersistencelist = $f5.LocalLBVirtualServer.get_persistence_profile($virtualserverlist)
"Here's the virtual server profile list"
$virtualserverprofilelist
"Here's the object type"
$virtualserverprofilelist.gettype()

/Patrik

What role does the iControl user have? It should have read-only on all partitions. Ans - It is an Admin User on the LTM's Is there no other error prior to the ones you pasted above? I would have expected an error on line 964 too considering the output. Ans - I would re-run and look closely, have around 270 VIP's and the four errors I pasted are common for all the VIP's.

Would try again and keep you posted.

So strange. We have ~1000 VIPs in total on multiple clusters and I have never seen this before. If you add the debug lines I asked for it might give some more insight as to what could be wrong.

From the errors you have provided it looks like the F5 does not return any profiles at all.

• Do you have any other load balancers you can try this against?
• Could you try a different account? The script does not need more than read-only, so feel free to pick any other user with at least read access to all partitions.

/Patrik

Would try using a read only account btw FYI I tried on a lab ltm and there I got the ssl information though for both client and server side it gave the same I.e client profile info.

That would conclude that it's a problem with one specific load balancer, and only for some objects? Very weird...

Read-only vs admin does not make a difference in terms of results, it's just good practice to not give more access than necessary.

For "fun" could you please run this on the device (ssh to it) and see if you see your ssl profiles then?

curl -sku user:password https://localhost/mgmt/tm/ltm/virtual?expandSubcollections=true\&\$select=name,profilesReference/items/name,profilesReference/items/context | json-format

You need to run the command as an admin user, preferably the same user you used to generate the report earlier.

You should then get a list that looks like this:

{
      "name": "vipname",
      "profilesReference": {
        "items": [
          {
            "name": "profilename",
            "context": "all",
            "nameReference": {
              "link": "https://localhost/mgmt/tm/ltm/profile/tcp/~Common~profilename?ver\u003d12.1.2"
            }
          }
        ]
      }
    },

If you don't see the profiles on your servers you have grounds to open up a case with F5 (they support iControl Rest but not the powershell snap-in).

That would be the "simple" way. Then there is a way of using Wireshark to capture the iControl traffic, decipher it to extract the SOAP request and response and then open up a case with that. But that would probably require too much effort. 🙂

/Patrik

You are correct I tried the command on the problematic LTM and was able to get the output.

"name": "VIP NAME", "profilesReference": { "items": [ { "name": "VIP NAME", "context": "clientside", "nameReference": { "link": " NAME?ver\u003d12.1.1" }

Additionally the problematic LTM is a Virtual instance on a Viprion chassis dunno if that make a difference.

VCMP instance or not would not make a difference I'm afraid. The only thing left from what I can see if so to open up a case with F5 asking them for help troubleshooting iControl SOAP. I'd point out that it's working on other F5's while this particular unit is not returning the SSL profiles.

Perhaps they've seen this issue before or know some way to troubleshoot further.

Is this unit part of a cluster? If so, have you tried it against both nodes?

/Patrik

Added those lines "Here's the virtual server profile list" $virtualserverprofilelist "Here's the object type" $virtualserverprofilelist.gettype()

Post running got below output 2017-01-11 05:30:28 Fetching information about /Common/ Cannot index into a null array. At C:\inetpub\wwwroot\updated-Bigipreport-4.3.0.ps1:1009 char:4 + $virtualserverprofilelist[$i] | ForEach-Object { + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

Cannot index into a null array. At C:\inetpub\wwwroot\updated-Bigipreport-4.3.0.ps1:1017 char:4 + $virtualserverprofilelist[$i] | ForEach-Object { + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

Cannot index into a null array. At C:\inetpub\wwwroot\updated-Bigipreport-4.3.0.ps1:1065 char:5 + $objTempVirtualServer.sourcexlatetype = [string]$virtualserversourceaddresst ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

Cannot index into a null array. At C:\inetpub\wwwroot\updated-Bigipreport-4.3.0.ps1:1066 char:5 + $objTempVirtualServer.sourcexlatepool = [string]$virtualserversourceaddresss ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorId : NullArray

This is line 1009 $virtualserverprofilelist[$i] | ForEach-Object { 1009 >>>>> $virtualserverprofilelist[$i] | ForEach-Object { 1010>>>>>>if( -eq "PROFILE_TYPE_CLIENT_SSL"){ 1011>>>>>>$objTempVirtualServer.sslprofile = $_.profile_name; 1012>>>>>>} 1013>>>>>>}

This is line 1017 $virtualserverprofilelist[$i] | ForEach-Object {