Offline (Enabled) - The children pool member(s) are down
Hi Friends, I am novice to F5 and following CBT Nuggets to understand LTM in a better way. I have completed basic configuration i.e defined Nodes, defined Pool and assigned Pool Members to my Pool. Now the problem is that I have enabled "http" health monitor and right after I click 'finished' the icon Transitions from 'Blue Square' to 'Rectangle Red' - Offline(Enabled) - The children pool member(s) are down when I hover over the Pool in 'Pool List'. Now this is a very basic setup with 3 .OVA web servers pre configured which I received in my Nuggetlabs. I am able to login to the servers using my browser, telnet 10.2.0.11 80 and curl http://10.2.0.11 commands but the Servers are showing as Offline(Enabled) - Pool member has been marked down by a monitor in 'Members' list. I need your help to proceed further please. Thanks in advance, SagarSolved7.5KViews0likes10CommentsTCP RST instead of Server Hello during SSL Handshake
Hi All, Been troubleshooting an issue with a customer after they made changes server side to disable SSLv2 and SSLv3 etc and to only accept ciphers for TLS1.1 and TLS1.2 By default they were using the standard default https monitor for their pool and post making changes server side (i don't have access) the node is now not coming up. HTTP is fine but HTTPS is a problem. We're running BIG-IP 11.4.0 (Build 2434.0) I'm wondering if he's only enabled ciphers which aren't available in the current version of Big-IP we are using Here's the SSLDUMP (cipher set to ALL): 1 1 - 1444809450.0879 (0.0024) C>SV3.1(114) Handshake ClientHello Version 3.1 random[32]= 56 1e 0a ea e4 11 03 df d1 77 92 83 da ec 1d 44 21 65 c2 20 97 25 40 53 75 d6 e5 c2 6b 1d 96 65 cipher suites TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Unknown value 0x46 Unknown value 0x45 Unknown value 0x44 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 1 - 1444809450.0884 (0.0004) S>C TCP RST2.9KViews0likes2CommentsWhy do we use username and password in Healthcheck Monitor ?
Hi Team , We have an LDAP VIP , and we could see the heathcheck monitor which is applied to the pool has username password enabled and used . Why do we need to authenticate first before checking the services on the server ? When do we really need to enable username/pasword option in monitoring ?1.6KViews1like2CommentsConfiguration SMB Monitors
Hi, We are looking to load balance CIFS servers using the F5 - the idea is we have two servers, a primary and a secondary. I'd like to only use the secondary when the primary fails (using priority groups), but I'm having trouble getting the Monitor to work. We're running 11.4.1 on our LTM and I've set a health monitor up as follows: ltm monitor smb /Common/cifs_monitor { debug yes defaults-from /Common/smb destination *:* get file.txt interval 10 password mypassword server longweb03sandbo service share time-until-up 0 timeout 31 username myuser The basic check works, but as soon as I try to put in a "file" to check, the pool is marked as down. It's probably irrelevant, but I'm using Samba on a Linux box for this test - the service is "share" and there is a file called file.txt in the root folder of this share. Regardless of whether I name the file share/file.txt, \share\file.txt, file.txt, etc it won't recognise the file. Is there something I am doing wrong? Thanks!Solved1.5KViews0likes19CommentsHTTP monitor receive string : how to not take the '200 OK' into account
Hello, I have to monitor a page which give in its body 'OK' if server is OK and KO if the server is down. As a 'receive string', I use 'OK'. The problem is that 'OK' is already present in the 'HTTP/1.1 200 OK' (see below the output of the curl command) I tried different receive strings, last attempt with this one: ^server But it does not work as F5 apparently considers the whole response as a single line. Would you have an idea on how to make F5 to 'ignore' the "HTTP/1.[01] 200" ? curl -vi --http1.0 [http://x.x.x.x:yy/a_path_to_a_page.asp](http://x.x.x.x:yy/a_path_to_a_page.asp) About to connect() to 10.0.110.192 port 81 (0) Trying x.x.x.x... connected Connected to x.x.x.x (x.x.x.x) port yy (0) GET /a_path_to_a_page.asp HTTP/1.0User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1j zlib/1.2.3 libidn/0.6.5Host: x.x.x.x:yyAccept: _/_ HTTP/1.1 200 OK HTTP/1.1 200 OK Cache-Control: private, max-age=0 Cache-Control: private, max-age=0 Content-Length: 2 Content-Length: 2 Content-Type: text/html Content-Type: text/html Expires: Tue, 06 Oct 2015 11:47:20 GMT Expires: Tue, 06 Oct 2015 11:47:20 GMT Server: Microsoft-IIS/xxxxx Server: Microsoft-IIS/xxxxx Strict-Transport-Security: max-age=31536000;includeSubdomains Strict-Transport-Security: max-age=31536000;includeSubdomains set-Cookie: sessionInt=6946fffe-be06-4e78-a4f0-127e0fc528ad; path=/ncol/int/; Secure; HttpOnly set-Cookie: sessionInt=6946fffe-be06-4e78-a4f0-127e0fc528ad; path=/ncol/int/; Secure; HttpOnly X-Powered-By: ASP.NET X-Powered-By: ASP.NET Date: Tue, 06 Oct 2015 11:48:19 GMT Date: Tue, 06 Oct 2015 11:48:19 GMT Connection: close Connection: close Closing connection 0 OK thanks a lot -- B.1.5KViews0likes8Commentszabbix+f5
Hello! Please, give me advice about this problem: how to monitoring pool hosts in Zabbix?(Reason for it is sending e-mail when one of the hosts (or pool members) is down) As i know it s necessary to translate mibs of F5 to oids for adding to Zabbix triggers.Please help me in this question. How can i do this translation? You can see links to archive below. https://www.dropbox.com/s/mnnlzks9b6jmpfr/mibs_f5.tar.gz?dl=0 https://www.dropbox.com/s/5odq8mprdhgqbmj/mibs_netsnmp.tar.gz?dl=01.3KViews0likes1CommentConfigure a monitor/irule to check a webpage health only after login using a test credentials
I am looking for help to configure a monitor/irule to login to a web page with credentials then check the service up/down when the login is successful. It would be really appreciated if someone could be able to share/help me with coding/programming to achieve this. I have gone through some F5 articles but did not find a better solution.Solved1.3KViews1like2CommentsNeed help in send and receive string set up for F5 ECV monitor when response is in json format
Hi Team, I am trying to set up monitoring for F5 load balancer pool. I am using below send and receive string however it does not work. It always shows status as RED even if server is UP. Send string : GET /actuator/health HTTP/1.1\r\n -H Host:<host> recv string :\"UP\" https://<url>/actuator/healthis used for health check which returns response in json format as below. {"status":"UP","groups":["liveness","readiness"]} Could you please help what should be the correct recv string which we should set up so that monitoring works.1.3KViews0likes3Comments