monitor
278 TopicsOffline (Enabled) - The children pool member(s) are down
Hi Friends, I am novice to F5 and following CBT Nuggets to understand LTM in a better way. I have completed basic configuration i.e defined Nodes, defined Pool and assigned Pool Members to my Pool. Now the problem is that I have enabled "http" health monitor and right after I click 'finished' the icon Transitions from 'Blue Square' to 'Rectangle Red' - Offline(Enabled) - The children pool member(s) are down when I hover over the Pool in 'Pool List'. Now this is a very basic setup with 3 .OVA web servers pre configured which I received in my Nuggetlabs. I am able to login to the servers using my browser, telnet 10.2.0.11 80 and curl http://10.2.0.11 commands but the Servers are showing as Offline(Enabled) - Pool member has been marked down by a monitor in 'Members' list. I need your help to proceed further please. Thanks in advance, SagarSolved8.6KViews0likes10CommentsTCP RST instead of Server Hello during SSL Handshake
Hi All, Been troubleshooting an issue with a customer after they made changes server side to disable SSLv2 and SSLv3 etc and to only accept ciphers for TLS1.1 and TLS1.2 By default they were using the standard default https monitor for their pool and post making changes server side (i don't have access) the node is now not coming up. HTTP is fine but HTTPS is a problem. We're running BIG-IP 11.4.0 (Build 2434.0) I'm wondering if he's only enabled ciphers which aren't available in the current version of Big-IP we are using Here's the SSLDUMP (cipher set to ALL): 1 1 - 1444809450.0879 (0.0024) C>SV3.1(114) Handshake ClientHello Version 3.1 random[32]= 56 1e 0a ea e4 11 03 df d1 77 92 83 da ec 1d 44 21 65 c2 20 97 25 40 53 75 d6 e5 c2 6b 1d 96 65 cipher suites TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Unknown value 0x46 Unknown value 0x45 Unknown value 0x44 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 1 - 1444809450.0884 (0.0004) S>C TCP RST3.7KViews0likes2CommentsHTTP monitor receive string : how to not take the '200 OK' into account
Hello, I have to monitor a page which give in its body 'OK' if server is OK and KO if the server is down. As a 'receive string', I use 'OK'. The problem is that 'OK' is already present in the 'HTTP/1.1 200 OK' (see below the output of the curl command) I tried different receive strings, last attempt with this one: ^server But it does not work as F5 apparently considers the whole response as a single line. Would you have an idea on how to make F5 to 'ignore' the "HTTP/1.[01] 200" ? curl -vi --http1.0 [http://x.x.x.x:yy/a_path_to_a_page.asp](http://x.x.x.x:yy/a_path_to_a_page.asp) About to connect() to 10.0.110.192 port 81 (0) Trying x.x.x.x... connected Connected to x.x.x.x (x.x.x.x) port yy (0) GET /a_path_to_a_page.asp HTTP/1.0User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1j zlib/1.2.3 libidn/0.6.5Host: x.x.x.x:yyAccept: _/_ HTTP/1.1 200 OK HTTP/1.1 200 OK Cache-Control: private, max-age=0 Cache-Control: private, max-age=0 Content-Length: 2 Content-Length: 2 Content-Type: text/html Content-Type: text/html Expires: Tue, 06 Oct 2015 11:47:20 GMT Expires: Tue, 06 Oct 2015 11:47:20 GMT Server: Microsoft-IIS/xxxxx Server: Microsoft-IIS/xxxxx Strict-Transport-Security: max-age=31536000;includeSubdomains Strict-Transport-Security: max-age=31536000;includeSubdomains set-Cookie: sessionInt=6946fffe-be06-4e78-a4f0-127e0fc528ad; path=/ncol/int/; Secure; HttpOnly set-Cookie: sessionInt=6946fffe-be06-4e78-a4f0-127e0fc528ad; path=/ncol/int/; Secure; HttpOnly X-Powered-By: ASP.NET X-Powered-By: ASP.NET Date: Tue, 06 Oct 2015 11:48:19 GMT Date: Tue, 06 Oct 2015 11:48:19 GMT Connection: close Connection: close Closing connection 0 OK thanks a lot -- B.1.7KViews0likes8CommentsConfiguration SMB Monitors
Hi, We are looking to load balance CIFS servers using the F5 - the idea is we have two servers, a primary and a secondary. I'd like to only use the secondary when the primary fails (using priority groups), but I'm having trouble getting the Monitor to work. We're running 11.4.1 on our LTM and I've set a health monitor up as follows: ltm monitor smb /Common/cifs_monitor { debug yes defaults-from /Common/smb destination *:* get file.txt interval 10 password mypassword server longweb03sandbo service share time-until-up 0 timeout 31 username myuser The basic check works, but as soon as I try to put in a "file" to check, the pool is marked as down. It's probably irrelevant, but I'm using Samba on a Linux box for this test - the service is "share" and there is a file called file.txt in the root folder of this share. Regardless of whether I name the file share/file.txt, \share\file.txt, file.txt, etc it won't recognise the file. Is there something I am doing wrong? Thanks!Solved1.7KViews0likes19CommentsWhy do we use username and password in Healthcheck Monitor ?
Hi Team , We have an LDAP VIP , and we could see the heathcheck monitor which is applied to the pool has username password enabled and used . Why do we need to authenticate first before checking the services on the server ? When do we really need to enable username/pasword option in monitoring ?1.6KViews1like2CommentsHow does https send string works ?
Hi Team , How does the below send string works ? What is the exact meaning of this send string path ?Can someone please explain in detail based on the below mentioned send string . Send string : GET /PasswordVault HTTP/1.1\r\nHost: example.xyz.com\r\nConnection: Close\r\n\r\n Receive string : 2001.5KViews0likes2CommentsHealth check fails on HTTPS, even though port is open
I am basically using the F5 as a proxy for an HTTPS service, but when I use the built-in https health check to monitor the pool, it fails. The port is definitely open as it responds to direct browser requests, as well as telnet to port 443, but the F5 pool shows down rendering the service inoperable. If I change the health check to TCP, it immediately responds and the VS works fine, but changing back to https again drops the service. Any thoughts on the best way to find why the https HC is failing, or even ways to monitor the traffic?1.4KViews0likes3CommentsConfigure a monitor/irule to check a webpage health only after login using a test credentials
I am looking for help to configure a monitor/irule to login to a web page with credentials then check the service up/down when the login is successful. It would be really appreciated if someone could be able to share/help me with coding/programming to achieve this. I have gone through some F5 articles but did not find a better solution.Solved1.4KViews1like2Comments