cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Switched from monitoring IIS servers via IP-based URL to a proper domain-based URL. Afterward, HTTP monitors work but HTTPS don't

Graham_Starfelt
Nimbostratus
Nimbostratus

Pretty much what the title says.

 

We were originally requesting a monitoring page from our IIS servers that was something like http://192.168.x.x/lb/health.asp.

 

Due to a new configuration requirement, it was necessary to change this to something like http://web1.ourdomain.com/lb/health.asp. So we configured a send string that was something like:

 

GET /lb/health.asp HTTP/1.1\r\nHost:web1.ourdomain.com\r\nConnection: close\r\n\r\n

 

Now, as part of the configuration change, the backend IIS servers were configured to no longer respond to those requests that went to http://192.168.x.x. They should only be responding to the traffic to http://web1.ourdomain.com

 

After this change was made, we found that the HTTP version of the monitors worked fine. However, the HTTPS versions did not.

 

We can go into bash and confirm that the load balancer can reach the HTTPS version of the page just fine, gets a status 200, and finds the receive string we're looking for. But regardless. the load balancer still thinks that pool member is down.

 

Curiously, the HTTPS monitors work fine if we leave IIS configured such that it will accept requests from any URL that reaches it, as if the HTTPS monitors were still trying to access the monitoring page via an IP address-based URL.

 

 

1 REPLY 1

SanjayP
MVP
MVP

You can enable monitoring on the member to see what's happening. Please make sure to disable the monitoring after troubleshooting is over.

 

https://support.f5.com/csp/article/K12531