05-13-2009 10:33 AM
Team,
Is the ACE module able to probe a specific context for a webpage? What would I need to configure on the probe to search for the following context?
GET https://wil-02.testtnet.com/index.jsp
Look for âwindows-password-usernameâ
The server admins are telling me that when one server is frozen it's not being taken out of the rotation. The current probe is configured as follows:
probe https https-probe-wilsonvdi
interval 10
passdetect interval 3
request method get url https://wilsonvdi
expect status 200 200
John...
05-13-2009 11:33 AM
Hi John,
An HTTPS probe is similar to an HTTP probe except that it uses SSL to generate encrypted data. HTTPS probes are hardware assisted, which causes the ACE to send them from the data plane instead of the control plane. This feature causes the ACE to use the routing table (which may bypass the real server IP address) to direct HTTPS probes to their destination regardless of whether you specify the routed option or not in the ip address command.
Also, ACLs may impact HTTPS probes if you apply them incorrectly.
The server response must include the Content-Length header for the expect regex or hash command to function. Otherwise, the probe does not attempt to parse the regex or hash value.
The version in the ClientHello message sent to the server indicates the highest supported version. By default, the probe supports all as the SSL version. You can configure the version of SSL that the probe supports by using the ssl version command in probe HTTPS configuration mode. The syntax of this command is as follows:
ssl version all | SSLv3 | TLSv1
The keywords are as follows:
â¢all-(Default) Specifies all SSL versions.
â¢SSLv3-Specifies SSL version 3.
â¢TLSv1-Specifies TLS version 1.
By default, the HTTPS probe accepts any of the RSA configured cipher suites. You can configure the probe to expect a specific type of RSA cipher suite from the back-end server by using the ssl cipher command.
Kindly sent the out of the 'show probe detail'
So that I can see what is the expec status is returned.
Please reply back to troubleshoot this for you.
Kind Regards,
Sachin Garg
05-13-2009 12:40 PM
probe : https-probe-wilsonvdi
type : HTTPS
state : ACTIVE
description :
----------------------------------------------
port : 443 address : 0.0.0.0 addr type : -
interval : 10 pass intvl : 3 pass count : 3
fail count: 3 recv timeout: 10
http method : GET
http url : https://wilsonvdi
conn termination : GRACEFUL
expect offset : 0 , open timeout : 10
expect regex : -
send data : -
05-14-2009 02:38 PM
Hi John,
Can you try to add connection term forced in your probe config as By default, the ACE terminates a TCP connection gracefully by sending a FIN to the server. To configure the ACE to terminate a TCP connection by sending a RST, use the connection term command.This command applies only to TCP-based probes.
Also add the https://wil-02.testtnet.com/index.jsp to your request method not https://wilsonvdi
So your probe look like this after addition and chages ,as follows:
probe https https-probe-wilsonvdi
interval 10
passdetect interval 3
request method get url https://wil-02.testtnet.com/index.jsp
expect status 200 200
connection term forced
Add the correct url(for probe testing page) for get method. Because DNS will not resolve it.
Kindly go throught this url for a lot more:
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_ACE_Health_Monitoring
http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Configuring_Health_Monitoring_Using_Health_Probes
Kindly add your inputs on this.
If it works then please rate.
Kind Regards,
Sachin Garg
05-14-2009 02:59 PM
Kindly add http:// to the websites mentioned below
docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_ACE_Health_Monitoring
docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide%2C_Release_A3%281.0%29_--_Configuring_Health_Monitoring_Using_Health_Probes
and then paste there to the IExplorer.
Tell me if it works then.
Sachin Garg
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: