cancel
Showing results for 
Search instead for 
Did you mean: 

HTTPS health monitor issue

sathish_2826
Nimbostratus
Nimbostratus

Hi All,

I am trying to validate the VIP, which is failing in the browser stating that "connection reset",

 

The server that is mapped to the pool is green via the health check, i can use curl -vk https://<serverip>/state.txt --> it gives the right response,

 

If i do the same with the vip, i get the following error, curl -vk https://<VIPip>/state.txt --> Below error

 

> GET /state.txt HTTP/1.1

> Host: xxxxxxxxxxxxxxx

> User-Agent: curl/7.47.1

> Accept: */*

 

 

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

* Closing connection 0

curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

 

 

The server is local to the F5, directly connected,

 

Please let me know if there are any thoughts on this problem.

 

11 REPLIES 11

Lidev
MVP
MVP

Hello sathish,

I've already met this type of SSL errorno 104 when I was using an iRule containing errors with processing on the HTTP responses part.

Regards

sathish_2826
Nimbostratus
Nimbostratus

Hi Lidev,

 

The Irule used on the vip is a standard rule which is used in 1000's of other vip's with no issues,

 

Do you see any other problem?

Lidev
MVP
MVP

It's hard to say without more details about the virtual server and monitoring configuration.

I'll still test without the iRule to see if you can reproduce the issue 😉

Removing Irule didn't help, anyway, thanks for looking into this 🙂

Samir
Nacreous
Nacreous

Hope you have applied default "serverssl" profile to VIP and automap.. Apply and capture the packet. Hope it will work

sathish_2826
Nimbostratus
Nimbostratus

Hi Samir,

Serverssl is applied, SNAT is not required as server is local to the F5, thank you.

Is it working?

Are you able to ping the VIP?

sathish_2826
Nimbostratus
Nimbostratus

Yes, i do

Is this a production environment with real certificate/key attached to client SSL profile or you're just testing it with default Client SSL profile? Do you have a client SSL Profile attached to the VIP? If so, disable "Generic Alert" option and you can follow the steps in this article to decrypt TLS traffic: https://devcentral.f5.com/s/articles/Decrypting-TLS-traffic-on-BIG-IP

Renato_Abreu
Altostratus
Altostratus

Any findings? Having the same issue.