Hi All, I am trying to validate the VIP, which is failing in the browser stating that "connection reset", The server that is mapped to the pool is green via the health check, i can use curl -vk https://<serverip>/state.txt --> it gives the right response, If i do the same with the vip, i get the following error, curl -vk https://<VIPip>/state.txt --> Below error > GET /state.txt HTTP/1.1> Host: xxxxxxxxxxxxxxx> User-Agent: curl/7.47.1> Accept: */*> * SSL read: error:00000000:lib(0):func(0):reason(0), errno 104* Closing connection 0curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104 The server is local to the F5, directly connected, Please let me know if there are any thoughts on this problem.

Hello sathish,I've already met this type of SSL errorno 104 when I was using an iRule containing errors with processing on the HTTP responses part.Regards

Hi Lidev, The Irule used on the vip is a standard rule which is used in 1000's of other vip's with no issues, Do you see any other problem?

It's hard to say without more details about the virtual server and monitoring configuration.I'll still test without the iRule to see if you can reproduce the issue ;-)

Hope you have applied default "serverssl" profile to VIP and automap.. Apply and capture the packet. Hope it will work

Hi Samir,Serverssl is applied, SNAT is not required as server is local to the F5, thank you.

sathish_2826

Nimbostratus

Apr 28, 2020

HTTPS health monitor issue

Hi All,

I am trying to validate the VIP, which is failing in the browser stating that "connection reset",

The server that is mapped to the pool is green via the health check, i can use curl -vk https://<serverip>/state.txt --> it gives the right response,

If i do the same with the vip, i get the following error, curl -vk https://<VIPip>/state.txt --> Below error

> GET /state.txt HTTP/1.1

> Host: xxxxxxxxxxxxxxx

> User-Agent: curl/7.47.1

> Accept: */*

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

* Closing connection 0

curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

The server is local to the F5, directly connected,

Please let me know if there are any thoughts on this problem.

application delivery

BIG-IP

LTM

11 Replies

Lidev
MVP
Apr 28, 2020
Hello sathish,
I've already met this type of SSL errorno 104 when I was using an iRule containing errors with processing on the HTTP responses part.
Regards
sathish_2826
Nimbostratus
Apr 28, 2020
Hi Lidev,

The Irule used on the vip is a standard rule which is used in 1000's of other vip's with no issues,

Do you see any other problem?
Lidev
MVP
Apr 28, 2020
It's hard to say without more details about the virtual server and monitoring configuration.
I'll still test without the iRule to see if you can reproduce the issue ;-)
- sathish_2826
  Nimbostratus
  Apr 28, 2020
  Removing Irule didn't help, anyway, thanks for looking into this :)
Samir
MVP
Apr 28, 2020
Hope you have applied default "serverssl" profile to VIP and automap.. Apply and capture the packet. Hope it will work
sathish_2826
Nimbostratus
Apr 28, 2020
Hi Samir,
Serverssl is applied, SNAT is not required as server is local to the F5, thank you.
- Samir
  MVP
  Apr 28, 2020
  Is it working?
Rodrigo_Albuque
MVP
Apr 28, 2020
Are you able to ping the VIP?
sathish_2826
Nimbostratus
Apr 28, 2020
Yes, i do
Rodrigo_Albuque
MVP
Apr 28, 2020
Is this a production environment with real certificate/key attached to client SSL profile or you're just testing it with default Client SSL profile? Do you have a client SSL Profile attached to the VIP? If so, disable "Generic Alert" option and you can follow the steps in this article to decrypt TLS traffic: https://devcentral.f5.com/s/articles/Decrypting-TLS-traffic-on-BIG-IP
Renato_Abreu
Altostratus
Jul 10, 2020
Any findings? Having the same issue.

Forum Discussion

HTTPS health monitor issue

11 Replies

Recent Discussions

MAC address not showing up in LLDP packet

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Related Content

Health monitor question

iRule based RADIUS Health Monitor Builder

GTM health Monitoring and Probe

HTTP Health Monitor Failure Behavior

Losing Requests because of health monitoring