Esri ArcGIS unable to execute print when passing F5 LTM on Standard VS

Question

Good Day F5 Community,&nbsp;&nbsp;&nbsp;I am having a problem with one of our web server that serves Map services with PRINT to PDF functionality. All services are good when the web server bypasses F5, but when it passes through F5 on a Virtual Server with standard type VS (using default TCP profile, inserted SSL client and server) PRINT to PDF gets an error and it doesn't work. Maybe you guys have experienced this or may share inputs. Thank you!&nbsp;Our setup is:&nbsp;ArcGIS Server  &lt;-----  Web Server (web adaptor to FQDN) &lt;----- F5 BIGIP LTM  &lt;-------  ISP Router &lt;-------- INTERNET&nbsp;

leonardo_souza · Answer

You will have to analyse the traffic all the way from the client to the final server.

In the client, use the browser developer tools, or a external tool like HttpWatch (https://www.httpwatch.com/).

Check what happens when you click/select the option to print.

You want to see what URL is been requested when you do that.

Compare the cases when you go direct and when you go via the F5.

A common problem is when the server has a hard-coded link (or absolute link), so that request is not going via F5.

This link looks to have a good example about HTTP link types:

https://www.coffeecup.com/help/articles/absolute-vs-relative-pathslinks/

Next, if you haven't find the problem yet, is tcpdump on the F5 device.

Read this solution that explains tcpdump:

https://support.f5.com/csp/article/K411

Also, assuming you are using version 11.6 or above, you can decrypt the traffic using data collect using iRule:

https://support.f5.com/csp/article/K16700

If you still haven't found the issue, very unlike, you need captures from the servers.

In this case, capture the client + F5 + servers at the same time, as this will give the full picture of what happens.

If you can't find the issue yourself with the data above, you need to open a case with F5 support.

To be able to help you here I would need to analyse the data you collected, and I can't do that via DevCentral, but F5 support can.

ryansia · Answer

Thanks for the response and detailed answer.

Yes I already did all the packet capture from Client to F5 and F5 to the DC-Switch where the web server is connected. We have also created a TAC case for this and worked with the support analyzing packets. But what we are missing right now is the packet capture on the web server itself, because client still not approving the installation of wireshark yet.

We are just using the built in devtool from Chrome, by pressing F12 to get the HAR files

But from what we have gathered and analyzed, print request requires "parameteres" in forms from the website. Comparing packets of with F5 and without F5, print request is the same, parameters are the same, so it made me think that there is nothing wrong with the request when passing F5, even it is performing "proxy" decrypt/encrypt process (ssl client / ssl server).

Sadly, even the Technical Support exhausted all possible tweaks, but still unable to resolve the problem,

I am reaching out now with ESRI the creator of ARCGIS, if there is a way to resolve this.

Thanks for the input,

"

A common problem is when the server has a hard-coded link (or absolute link), so that request is not going via F5.

Forum Discussion

Esri ArcGIS unable to execute print when passing F5 LTM on Standard VS

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Passing Arguments to iCall Scripts

F5 Partners join F5 executives at our Partner Connect event

VIP-targeting-VIP solution using Standard and performance L4 VS

Oracle WebLogic Deserialization Remote Code Execution

Logging/Audit Binary Execution?