Forum Discussion

Kai_M__48813's avatar
Kai_M__48813
Icon for Cirrus rankCirrus
Sep 26, 2016
Solved

vdi not working

after our upgrade to 12.1.1, our vdi environment has stopped working. Traffic hits the bigip, but security server sends a error_connection_reset. my suspiscion is that the cookies are not accepted. i saw this on other services, but there, i could simply turn off the modified domain and asm cookie check.

 

we set up the vdi environment using the iapp, but we are not using apm or asm on it. the bigip directs traffic straight to the server, but it drops. no changes have been done to the service apart from the software upgrade.

 

does anyone have any thoughts on how to proceed with troubleshooting this one?

 

application delivery
bigip 12.1.1
iApps
LTM
vdi
  • IainThomson85_1's avatar
    IainThomson85_1
    Sep 30, 2016

    What version was the upgrade from ?

     

    Do you get an SSL Handshake error as the DEFAULT Cipher string has changed ?

     

8 Replies

Sort By
  • IainThomson85_1's avatar
    IainThomson85_1
    Icon for Cumulonimbus rankCumulonimbus
    Sep 26, 2016

    What version was the upgrade from ?

     

    Do you get an SSL Handshake error as the DEFAULT Cipher string has changed ?

     

  • Kai_M__48813's avatar
    Kai_M__48813
    Icon for Cirrus rankCirrus
    Sep 26, 2016

    we went from 11.5.2 to 12.1.1

     

    i get ssl handshake errors in the log, but they dont specify which virtual server it is. assuming this is the issue, what will be the next step forward?

     

  • Kai_M__48813's avatar
    Kai_M__48813
    Icon for Cirrus rankCirrus
    Sep 26, 2016

    the case is now solved! the vdi environment didnt accept the new DEFAULT cipherstring when reencrypting the requests. so i built a new serverside ssl profile, based on the insecure-compatible profile, as it doesnt use the DEFAULT ciphers.

     

    and now i can log in and choose a machine from the pool.

     

    thanks for pointing me in the right direction!

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Sep 27, 2016

    if IainThomson85 did indeed provide the correct answer please flag it as such Kai M.

     

  • Kai_M__48813's avatar
    Kai_M__48813
    Icon for Cirrus rankCirrus
    Sep 28, 2016

    i forgot that...how can i get in and flag it? all i can seemingly do, is to edit the original question..

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Sep 28, 2016

    sorry i missed IainThomson85 didn't use the answer section but the comment, no then you can't do anything. IainThomson85 might copy paste his correct answer to the answer section.

     

  • IainThomson85_1's avatar
    IainThomson85_1
    Icon for Cumulonimbus rankCumulonimbus
    Sep 30, 2016

    What version was the upgrade from ?

     

    Do you get an SSL Handshake error as the DEFAULT Cipher string has changed ?