Michael Auerbach1709153770 Posted March 3, 2021 Share Posted March 3, 2021 Hi All, I'm trying to configure a servicegroup with https monitor but I keep getting a timeout during SSL handshake stage and have tried everything that normally works for me to workaround this problem. I have server added to the servicegroup with FQDN to public internet site: www.developer.interact-lighting.com , which internal backend-servers with no Internet access need to access through the netscaler. I have a custom https monitor with custom header: HOST: www.developer.interact-lighting.com\r\n I have a custom ssl profile with ciphers matching scan from ssllabs bound to servicegroup and monitor - but still gets the handshake error! Is there any guru's here that have tip on how to workaround this timeout during SSL handshake stage problem? :) Thanks!! BR Michael Link to comment Share on other sites More sharing options...
Manoj Rana Posted March 3, 2021 Share Posted March 3, 2021 Hi Michael, You can use HTTP or HTTP-ECV, create a regular HTTP monitor. Regular HTTP monitors look for status codes instead of patterns. Thanks Manoj Link to comment Share on other sites More sharing options...
Michael Auerbach1709153770 Posted March 3, 2021 Author Share Posted March 3, 2021 Hi Manoj, I'm already doing that and normally works for me - but in this case it does not work. That's why I need help. BR Michael Link to comment Share on other sites More sharing options...
Manoj Rana Posted March 3, 2021 Share Posted March 3, 2021 Hi Michael, I had an issue when I was using my monitor with Custom Header. So I Change to HTTP Request HEAD /health.html Can you try use HTTP Request ? if you can. Thanks Manoj Link to comment Share on other sites More sharing options...
Michael Auerbach1709153770 Posted March 3, 2021 Author Share Posted March 3, 2021 Hi Manoj, That won't work in this case, as this is a ssl issue between netscaler (back) and the internet site www.developer.interact-lighting.com. I have the same solution working with other internet sites, but this site was fails everything that I try! BR Michael Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted March 3, 2021 Share Posted March 3, 2021 Can you clarify what you want your monitor to confirm? It sounded like you are determining the UP/DOWN state of your servicegroup (aka your own internal server destinations) by whether they can or can't see an external destination? You may need two monitors: 1) regular monitor that determines if the actual service is UP/DOWN by its own details. 2) a second monitor that determines if the dependency works. Usually this might include a destination override, but if I understand you directly, you want to see if your SERVICE can resolve a different destination? I'm not sure that you can write a monitor to Service1 and ask it to probe ExtWeb1 and get a response back. Now, if there was an existing page where the server does this call on the backend and you use a monitor to check the status of this service, it would be easier. And you don't need to test if the ADC can reach externalweb, just the backend service? (Or am I reading that wrong?) If you are trying to get the ADC to probe the externalweb destination and then bring the service up/down you need a Destination IP and/or Destination Port to make the ADC probe a location other than the service it is bound to. See if this article assists with the proxy call: https://support.citrix.com/article/CTX120921 (Its not your exact scenario at all, but may help tweak the ecv parameters.) But, I would try to make the backend server have a test page that returns a /health page up/down where it makes the call itself and your ADC just has to probe the /health page to see if it works. This would also let you test if the dependency works per service destination and not a blanket works for everyone or not. Link to comment Share on other sites More sharing options...
Nikolay Dimitrov1709159278 Posted April 22, 2021 Share Posted April 22, 2021 For SSL Hanshake issues check nstrace option. If the SSL hanshake works but this issue is after that then it is in HTTP and what the server returns. https://support.citrix.com/article/CTX135889 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now