Forum Discussion

Kai_M__48813's avatar
Sep 26, 2016

vdi not working

after our upgrade to 12.1.1, our vdi environment has stopped working. Traffic hits the bigip, but security server sends a error_connection_reset. my suspiscion is that the cookies are not accepted. i saw this on other services, but there, i could simply turn off the modified domain and asm cookie check.

 

we set up the vdi environment using the iapp, but we are not using apm or asm on it. the bigip directs traffic straight to the server, but it drops. no changes have been done to the service apart from the software upgrade.

 

does anyone have any thoughts on how to proceed with troubleshooting this one?

 

  • What version was the upgrade from ?

     

    Do you get an SSL Handshake error as the DEFAULT Cipher string has changed ?

     

8 Replies

  • What version was the upgrade from ?

     

    Do you get an SSL Handshake error as the DEFAULT Cipher string has changed ?

     

  • we went from 11.5.2 to 12.1.1

     

    i get ssl handshake errors in the log, but they dont specify which virtual server it is. assuming this is the issue, what will be the next step forward?

     

  • the case is now solved! the vdi environment didnt accept the new DEFAULT cipherstring when reencrypting the requests. so i built a new serverside ssl profile, based on the insecure-compatible profile, as it doesnt use the DEFAULT ciphers.

     

    and now i can log in and choose a machine from the pool.

     

    thanks for pointing me in the right direction!

     

  • if IainThomson85 did indeed provide the correct answer please flag it as such Kai M.

     

  • i forgot that...how can i get in and flag it? all i can seemingly do, is to edit the original question..

     

  • sorry i missed IainThomson85 didn't use the answer section but the comment, no then you can't do anything. IainThomson85 might copy paste his correct answer to the answer section.

     

  • What version was the upgrade from ?

     

    Do you get an SSL Handshake error as the DEFAULT Cipher string has changed ?