ACE: VIP Out of service, Still accepts TCP connections

Hi Guys. I am looking at a issue with an ACE. SW is 3.0(0)A3(2.6)
We have a setup where most of it appears fine. It detect the loss of rservers, probes fail, the VIP stops responding to Pings, but it still accept TCP connections, even though there is nothing behind to accept them.
The question is, is this correct behaviour? and if so is there any reference I can look at to confirm?
While this behaviour is inconvenient for us. I can see why it may actually be correct.
Thanks,
Paul.

Hello Paul,
This is expected behaviour for L7 LB connections:
The 'down' VIP will reply to SYN requests, but will then send a RST packet.
This is because the ACE doesn't know what to do with the L7 connection until it has been build up. Only when the L7 connection is 'open' we notice that all the vserver which could serve this request are down.
So it is correct and expected, but not exactly desired. It's just a side effect of the design. So far I do not known of any plans to change this behaviour. However similar limitations have been addressed in the past, like: CSCsq17137.
Hope this helps, Peter

Similar Messages

Serverfarm state is Out of services, still the associated VIP accepts connections.

Serverfarm state is Out of services, still the associated VIP accepts connections.
Why ?
Niklas

no....it's not related to the sticky entry.
If the server is down, the sticky entry is removed.
The ace may still accept the TCP connection if it is configured as L7....in other words, if you do any data matching/lookup (like urls, cookies, ...)
But the connection will be closed once the client sends data since ACE has no server to forward the request to.
This is expected.
Gilles.

ACE VIP not Responding to Ping and cant Connect

Hello All,
I recently deployed an ACE 4710 Appliance. Configs seems right but clients cant Ping the VIP and acnt also connect to the VIP. Also VIP Dosent show in 'sh arp'.
Pls HELP!!!
See the configs!!
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.10.11 10:48:14 =~=~=~=~=~=~=~=~=~=~=~=
sh runGenerating configuration....
boot system image:c4710ace-mz.A4_2_0.bin
hostname STERLING-ACE
interface gigabitEthernet 1/1
channel-group 1
no shutdown
interface gigabitEthernet 1/2
channel-group 1
no shutdown
interface gigabitEthernet 1/3
channel-group 1
no shutdown
interface gigabitEthernet 1/4
channel-group 1
no shutdown
interface port-channel 1
switchport trunk allowed vlan 10,200,205,210,215
no shutdown
--More--
access-list INBOUND line 10 extended permit ip any any
access-list INBOUND line 16 extended permit icmp any any
access-list INBOUND line 24 extended permit icmp any any echo
probe http BANK-APP
interval 2
faildetect 2
passdetect interval 2
expect status 200 200
open 1
probe icmp PING
description ***simple ping monitor***
interval 10
passdetect interval 60
passdetect count 2
receive 1
probe tcp TCP80
interval 10
passdetect interval 10
passdetect count 2
--More--
receive 1
open 5
rserver host BANK-APP-SERVER1
description ***GUI SERVER 1***
ip address 172.20.1.50
probe PING
inservice
rserver host BANK-APP-SERVER2
description ***GUI SERVER 2***
ip address 172.20.1.51
probe PING
inservice
rserver host BANK-APP-SERVER3
description ***GUI SERVER 3***
ip address 172.20.1.52
probe PING
inservice
rserver host BANK-APP-SERVER4
description ***GUI SERVER 4***
ip address 172.20.1.53
probe PING
--More--
inservice
rserver host THIN-CLIENT1
description ***CLI SERVER 1***
ip address 172.20.1.34
probe PING
inservice
rserver host THIN-CLIENT2
description ***CLI SERVER 2***
ip address 172.20.1.35
probe PING
inservice
rserver host THIN-CLIENT3
description ***CLI SERVER 3***
ip address 172.20.1.36
probe PING
inservice
rserver host THIN-CLIENT4
description ***CLI SERVER 4***
ip address 172.20.1.37
probe PING
inservice
--More--
serverfarm host CLI-GROUP
predictor leastconns
probe TCP80
rserver THIN-CLIENT1
    inservice
rserver THIN-CLIENT2
    inservice
rserver THIN-CLIENT3
    inservice
rserver THIN-CLIENT4
    inservice
serverfarm host GUI-GROUP
predictor leastconns
probe TCP80
rserver BANK-APP-SERVER1
    inservice
rserver BANK-APP-SERVER2
    inservice
rserver BANK-APP-SERVER3
    inservice
rserver BANK-APP-SERVER4
    inservice
--More--
parameter-map type connection TCP-PARAM-MAP
set timeout inactivity 360000
class-map type management match-any REMOTEACCESS
description remote access traffic match
2 match protocol ssh any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol xml-https any
6 match protocol http any
7 match protocol https any
class-map match-all TCP-CLASS
description TCP CONNECTION TIMER
2 match any
class-map match-all VS_WEB1
2 match virtual-address 10.0.0.115 any
class-map match-all VS_WEB2
2 match virtual-address 10.0.0.113 any
policy-map type management first-match REMOTEPOLICY
--More--
class REMOTEACCESS
    permit
policy-map type loadbalance first-match HTTP_LB1
class class-default
    serverfarm CLI-GROUP
policy-map type loadbalance first-match HTTP_LB2
class class-default
    serverfarm GUI-GROUP
policy-map multi-match HTTP_MULTI_MATCH1
class VS_WEB1
    loadbalance vip inservice
    loadbalance policy HTTP_LB1
    loadbalance vip icmp-reply
policy-map multi-match HTTP_MULTI_MATCH2
class VS_WEB2
    loadbalance vip inservice
    loadbalance policy HTTP_LB2
    loadbalance vip icmp-reply
policy-map multi-match TCPIP-POLICY
class TCP-CLASS
connection advanced-options TCP-PARAM-MAP
service-policy input REMOTEPOLICY
service-policy input TCPIP-POLICY
interface vlan 10
description ***LAN LEG***
ip address 10.0.0.66 255.255.255.0
no icmp-guard
access-group input INBOUND
no shutdown
interface vlan 200
description ***THIN CLIENT VLAN****
ip address 172.20.1.33 255.255.255.240
no icmp-guard
access-group input INBOUND
service-policy input HTTP_MULTI_MATCH1
no shutdown
interface vlan 210
description ***BANK APP SERVER VLAN****
ip address 172.20.1.49 255.255.255.240
no icmp-guard
--More--
access-group input INBOUND
service-policy input HTTP_MULTI_MATCH2
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.0.200
username admin password 5 $1$ouG5.Okh$jwBoWkMiWstoTPwb9K9ku1 role Admin domain
default-domain
username www password 5 $1$M31zwdiF$iY8Y5e9nV2sMM2HxwrQI7/ role Admin domain de
fault-domain
STERLING-ACE/Admin#
Thanks!!

Hi Joshua,
class-map match-all VS_WEB1
2 match virtual-address 10.0.0.115 any
class-map match-all VS_WEB2
2 match virtual-address 10.0.0.113 any
You have applied
"service-policy input HTTP_MULTI_MATCH1" in VLAN 200 and 210 but as per the config I believe it should be applied to VLAN10.
interface vlan 10
description ***LAN LEG***
ip address 10.0.0.66 255.255.255.0
no icmp-guard
access-group input INBOUND
no shutdown
Can you apply the service policy in VLAN 10 and let me know the result.

Azure Worker Role can't receive tcp connection to Port 25(Smtp)

I have an SMTPE implementation as an Azure Worker Role. I have defined two input endpoints (port 25 and port 2525). Listener at 2525 accepts tcp connections from smtp clients. However port 25 can't receive connections.
When running on emulator port 25 works fine. This issue occurs when I publish my worker roles to the cloud.
I use the same code for both. InputEndpoints are also defined the same way. The only difference is the port number.
Is there any limitation related to port 25?

hi sir,
Base on my experience, Azure platform don't support out-of-the-box mail server. So I am not sure you can use SMTP on Azure cloud service. but I recommend you could refer to the
sendgrid .Also, you can follow this documents:
http://blog.smarx.com/posts/emailtheinternet-com-sending-and-receiving-email-in-windows-azure
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

ACE VIP OK HTTP, NOK other TCP port

Hi,
we are having issues in configuring load balancing for a TCP port. For HTTP it's working without issues and we have the ACE also balancing for other TCP ports.
Here goes the relevant config:
probe http PROBE-HTTP
interval 5
passdetect interval 2
passdetect count 1
request method get url /idc/
expect status 200 200
probe tcp PROBE-TCP
port 4444
interval 5
passdetect interval 10
rserver host PRD1
ip address 10.10.10.1
inservice
rserver host PRD2
ip address 10.10.10.2
inservice
serverfarm host SF-HTTP
probe PROBE-HTTP
rserver PRD1 80
    inservice
rserver PRD2 80
    inservice
serverfarm host SF-TCP
probe PROBE-TCP
rserver PRD1 4444
    inservice
rserver PRD2 4444
    inservice
sticky ip-netmask 255.255.255.255 address source SC-IP-PRD-HTTP
timeout 10
serverfarm SF-HTTP
class-map match-all NAT-VIP-HTTP
2 match virtual-address 10.10.35.1 any
class-map match-all NAT-VIP-TCP
2 match virtual-address 10.10.35.1 tcp eq 4444
policy-map type loadbalance first-match LB-VIP-HTTP
class class-default
    sticky-serverfarm SC-IP-PRD-HTTP
    insert-http x-forward header-value "%is"
policy-map type loadbalance first-match LB-NAT-VIP-TCP
class class-default
    serverfarm SF-TCP
policy-map multi-match POLICY-RSERVER-VIP
class NAT-VIP-TCP
    loadbalance vip inservice
    loadbalance policy LB-NAT-VIP-TCP
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 200
class NAT-VIP-HTTP
    loadbalance vip inservice
    loadbalance policy LB-VIP-HTTP
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 200
interface vlan 200
description SERVER-SIDE
ip address 10.10.14.2 255.255.255.0
alias 10.10.14.1 255.255.255.0
peer ip address 10.10.14.3 255.255.255.0
access-group input EVERYONE
nat-pool 1 10.10.4.6 10.10.4.6 netmask 255.255.255.255 pat
service-policy input AllowICMP
service-policy input POLICY-RSERVER-VIP
no shutdown
The probe are OK, but nothing seems to get to the VIP:
ACE/CTX# show probe PROBE-TCP
probe       : PROBE-TCP
type        : TCP
state       : ACTIVE
   port      : 4444    address     : 0.0.0.0         addr type : -
   interval : 5       pass intvl : 10              pass count : 3
   fail count: 3       recv timeout: 10
                       --------------------- probe results --------------------
   probe association   probed-address probes     failed     passed     health
   ------------------- ---------------+----------+----------+----------+-------
   serverfarm : SF-TCP
     real      : PRD1[4444]
                       10.10.10.1     8853       1          8852       SUCCESS
     real      : PRD2[4444]
                       10.10.10.2     8853       1          8852       SUCCESS
ACE/CTX# show serverfarm SF-TCP detail
serverfarm     : SF-TCP, type: HOST
total rservers : 2
active rservers: 2
description    : -
state          : ACTIVE
predictor      : ROUNDROBIN
failaction     : -
back-inservice    : 0
partial-threshold : 0
num times failover       : 0
num times back inservice : 1
total conn-dropcount : 0
Probe(s) :
    PROBE-TCP, type = TCP
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: PRD1
       10.10.10.1:4444      8      OPERATIONAL 0          0          0
         max-conns            : -         , out-of-rotation count : -
         min-conns            : -
         conn-rate-limit      : -         , out-of-rotation count : -
         bandwidth-rate-limit : -         , out-of-rotation count : -
         retcode out-of-rotation count : -
         load value           : 0
   rserver: PRD2
       10.10.10.2:4444      8      OPERATIONAL 0          0          0
         max-conns            : -         , out-of-rotation count : -
         min-conns            : -
         conn-rate-limit      : -         , out-of-rotation count : -
         bandwidth-rate-limit : -         , out-of-rotation count : -
         retcode out-of-rotation count : -
         load value           : 0
ACE/CTX# show service-policy POLICY-RSERVER-VIP
Status     : ACTIVE
Interface: vlan 1 200
service-policy: POLICY-RSERVER-VIP
    class: NAT-VIP-TCP
      nat:
        nat dynamic 1 vlan 200
        curr conns       : 0         , hit count        : 0
        dropped conns    : 0
        client pkt count : 0         , client byte count: 0
        server pkt count : 0         , server byte count: 0
        conn-rate-limit      : 0         , drop-count : 0
        bandwidth-rate-limit : 0         , drop-count : 0
      loadbalance:
        L7 loadbalance policy: LB-NAT-VIP-TCP
        VIP ICMP Reply       : ENABLED-WHEN-ACTIVE
        VIP State: INSERVICE
        curr conns       : 0         , hit count        : 0
        dropped conns    : 0
        client pkt count : 0         , client byte count: 0
        server pkt count : 0         , server byte count: 0
        conn-rate-limit      : 0         , drop-count : 0
        bandwidth-rate-limit : 0         , drop-count : 0
      compression:
        bytes_in : 0
        bytes_out : 0
I see a lot of this messages in the logging of the ACE:
show logging | i 4444
22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
show logging | i 4444
22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
The client request it's going trough an ASA, in the ASA side I see that the TCP connection it' half-open with SAaB flags. It seems that the VIP never replies with SYN+ACK to the ASA...
Thank you.
Best regards

Hi Norberto,
The log messages you are getting are most probably the probe connections and not a failure, looking to them you will see your ACE is establishing TCP connection on 4444 then it will teardown the connection with FIN which is expected since you are using TCP keepalives.
I would recommend to go back and define the problem exactly, what are you exteriancing when you try to telnet on port 4444 toward the VIP from the client?
Run sniffing software on the client, the server and enable capture on ACE and ASA will give you exact idea what you are experiencing.
Note: The ASA and the ACE has great capture feature which will show you exactly the packet flows.
Note: Since you are applying NAT on the client requests, you should see the NATed IP address on the server capture.
Note: With L4 load balancing the ACE is not spoofing the clients' request, it just forward the SYN, SYN+ACK and ACK between the server and the client.
Let me know if you have any other questions.
Best regards,
Ahmad

Mouse multi touch out of service Idea pad G400S

The mouse works ok, but the multi touch is out of service. I´ve tryed to unistall and re install the driver serveral times. I removed the mouse driver at device manager and installed again. No success.
Those images show what is going on. Does anybody know how to fix it?

Hi Fernandesl,
Welcome to Lenovo Community!
I’m sorry to hear that Multi-touch feature is not working as expected in your G400s Laptop even after re-installing the Touchpad Driver in the computer, as per the image you have attached the Hardware is not getting enabled as the option is graded out, I suggest you to the Flee-Power in the computer, below are the steps to perform the same:
Remove the battery and any other peripheral device connected to the computer.
Hold the power button for 10-15 seconds and then connect only the AC Adapter and try to turn ON the computer.
Then check by disabling and then enabling the Touchpad pressing Fn+F6 together.
Do post us back if the issue still persists.
Best Regards
Shiva Kumar
Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
Follow @LenovoForums on Twitter!

ACE:LB several https services using same client(public) IP address

Works perfectly with http but doesn't with https:
class-map type http loadbalance match-all domain_mysite2
2 match http header Host header-value "www.mysite2.com"
class-map match-any vip_http
2 match virtual-address 192.168.99.100 tcp eq www
class-map match-any vip_https
2 match virtual-address 192.168.99.100 tcp eq https
policy-map type loadbalance first-match L7_policymap
class domain_mysite2
    serverfarm sfarm_SFARM2
class class-default
    serverfarm sfarm_SFARM1
policy-map multi-match L4_policymap
class vip_http
    loadbalance vip inservice
    loadbalance policy L7_policymap
    loadbalance vip icmp-reply active
class vip_https
    loadbalance vip inservice
    loadbalance policy L7_policymap
    loadbalance vip icmp-reply active
Need urgent help.

Hi Antonio,
Have a look at this below as well for details.
Example of an SSL Termination Configuration
The following example illustrates a running configuration of the ACE acting as an SSL proxy server; terminating SSL or TLS connections from a client and then establishing a TCP connection to an HTTP server. When the ACE terminates the SSL or TLS connection, it decrypts the cipher text from the client and transmits the data as clear text to the HTTP server. The SSL termination-specific configuration elements appear in bold in the example.
access-list ACL1 line 10 extended permit ip any any
probe https GEN-HTTPS
port 80
interval 50
faildetect 5
expect status 200 200
rserver SERVER1
ip address 172.27.16.11
    inservice
rserver SERVER2
ip address 172.27.16.12
    inservice
rserver SERVER3
ip address 172.27.16.13
    inservice
rserver SERVER4
ip address 172.27.16.14
    inservice
serverfarm host SFARM1
description SERVER FARM 1 FOR SSL TERMINATION
probe GEN-HTTPS
rserver SERVER1 80
    inservice
rserver SERVER2 80
    inservice
serverfarm host SFARM2
description SERVER FARM 2 FOR SSL TERMINATION
probe GEN-HTTPS
rserver SERVER3 80
    inservice
rserver SERVER4 80
    inservice
parameter-map type ssl PARAMMAP_SSL_TERMINATION
cipher RSA_WITH_3DES_EDE_CBC_SHA
cipher RSA_WITH_AES_128_CBC_SHA priority 2
cipher RSA_WITH_AES_256_CBC_SHA priority 3
version all
parameter-map type connection TCP_PARAM
syn-data drop
exceed-mss allow
ssl-proxy service SSL_PSERVICE_SERVER
ssl advanced-options PARAMMAP_SSL_TERMINATION
key MYKEY.PEM
cert MYCERT.PEM
class-map type http loadbalance match-all L7_SERVER_CLASS
description Sticky for SSL Testing
2 match http url .*.jpg
3 match source-address 192.168.130.0 255.255.255.0
class-map type http loadbalance match-all L7_SLB-HTTP_CLASS
2 match http url .*
3 match source-address 192.168.130.0 255.255.255.0
class-map match-all L4_SSL-TERM_CLASS
description SSL Termination VIP
2 match virtual-address 192.168.130.11 tcp eq https
policy-map type loadbalance first-match L7_SSL-TERM_POLICY
class L7_SERVER_CLASS
    serverfarm SFARM1
    insert-http I_AM header-value "SSL_TERM"
    insert-http SRC_Port header-value "%ps"
    insert-http DEST_IP header-value "%id"
    insert-http DEST_Port header-value "%pd"
    insert-http SRC_IP header-value "%is"
class L7_SLB-HTTP_CLASS
    serverfarm SFARM1
    insert-http I_AM header-value "SSL_TERM"
    insert-http SRC_Port header-value "%ps"
    insert-http DEST_IP header-value "%id"
    insert-http DEST_Port header-value "%pd"
    insert-http SRC_IP header-value "%is"
policy-map multi-match L4_SSL-VIP_POLICY
class L4_SSL-TERM_CLASS
    loadbalance vip inservice
    loadbalance policy L7_SSL-TERM_POLICY
    loadbalance vip icmp-reply
    ssl-proxy server SSL_PSERVICE_SERVER
    connection advanced-options TCP_PARAM
interface vlan 120
description Upstream VLAN_120 - Clients and VIPs
ip address 192.168.120.1 255.255.255.0
fragment chain 20
fragment min-mtu 68
access-group input ACL1
nat-pool 1 192.168.120.70 192.168.120.80 netmask 255.255.255.0 pat
service-policy input L4_SSL-VIP_POLICY
no shutdown
ip route 10.1.0.0 255.255.255.0 192.168.120.254
Regards,
Kanwal

Regarding mountain lion server: clients experience intermittent service connections. the server system log has the following error- Client handshake failed (6):113: Server not accepting client connections (any ideas???)

regarding mountain lion server: clients experience intermittent service connections. the server system log has the following error- Client handshake failed (6):113: Server not accepting client connections. any suggestions would be greatly appreciated - thank you

Hi Jason
I was getting the same behavior after Apple support had me delete some plist files to get Airplay going. I was also getting the following error:
the error occurred while processing a command of type 'writesettings' in the plug-in 'server vpn'
I went into ~/Library/Preferences/ and /Library/Preferences/ and deleted every plist contating the word server. I had to re-set up my server (meaning walk through some intial steps) but all of my settings were still there after that and everything started working again.
Just a thought, obviously try at your own risk but it worked for me.
Kellen

UCCX 8 VOIP Monitor Subsystem - Out of Service

All,
Upgraded CCX 701(SR5) to CCX 8.0.2 Premium HA enabled. Both Servers were IN SERVICE. Did a Patch upgrade to UCCX 8.0.2SU1. Noticed that VOIP Monitor Subsystem on both servers showing as OUT OF SERVICE. Downgraded to CCX 8.0.2, still get this Subsystem OUT OF SERVICE.
From RTMT, it shows the following error:
%MIVR-SS_VOIPMON_SRV-3-VOIP_OPERATION_ERROR:VOIP Subsystem Operation Error: Module Name=LRMConnection.readMSG, A specific description for a trace=erroris: ,Exception=java.io.EOFException
Anyone kows how to fix this problem???
Thanks.

Hi all,
I had this same problem and similar/same versions.
Restarting Cisco DESKTOP VoIP Monitor Service (on sub - which had VoIP Monitor Service showing 'OOS') made no impact. I don't think there is any real relationship between DESKTOP VoIP monitor service and VoIP monitor service?
Anyway, restarted the same service on Pub - no change.
Tried restarting various sub services including CCX Engine - no change.
I found I had to restart publisher Cisco Unified CCX Engine, then go to sub and do the same once pub was back to all 'in service'.
I then found that my sub's 'Log Manager' under 'Cisco Unified CCX Serviceability' had gone to PARTIAL SERVICE.
I restarted 'Cisco Unified CCX Serviceability' on sub - which had to be done via CLI.
It appeared to restart no issue - but refreshing the list of services in the GUI several times - it still was in PARTIAL.
Restarted Sub appliance (bounced the server) from CLI, after reboot - all services were back up and IN SERVICE.
Thankfully I didn't have to restart my Pub - all services... IN SERVICE on pub & sub
Resolved.
PS. No calls were dropped for us.

ACE TCP connection timeout

Hello,
our customer has a problem with correct closing TCP connections on the ACE. TCP session (HTTP protocol) is closed _correctly_ (we can see it in the sniffer output), but 'sh conn' on the ACE shows it as 'established' (session is already closed). TCP timeout is set to default (60min).
Any new connection from the same src port (because many connection to the service) is closed after TCP session is established.
When I try generate 200 concurrent sessions TCP sessions in my lab, this are on the ACE closed correctly. Customer's traffic is around 20-30.000 concurrent session, but I can't generate so much traffic.
SW version on the ACE: 3.0(0)A1(3b)
thx
martin

Thanks Gilles!
The problem occurs only with traffic from WAP nodes (too many short HTTP requests).
We try it upgrade to A1(5b), but I'm not sure, if this is our problem...
Bug description:
Symptom:
With L7 LB configuration, Some times connections do not close.
Conditions:
SYN sent to Real server may result in ACK coming from server. ACE TCP module was not handling this ACK correctly.
...but our traffic is only L4 LB and we have a problem with connection state on the ACE from both sides (client and server). on the client and server side is connection closed properly, but on the ACE module ('sh conn') we can see it in 'established' state. It's closed after TCP timeout and that is not correct.
martin

CSS -Can TCP port number under the VIP be different to real server TCP Port

Client
TCPrt : 80 -----------------------------> CSS VIP to the actual server on TCP port 5555 --------------> Server
The requirement is that client will send a request to VIP on port 80 and VIP has to forward the request to server on a different port(TCP port 5555).

Yes its possible.
Port command under service translates the destination port.
content whol_eiwebsit_80
add service srvr1
add service srvr2
vip address 128.1.1.1 <-- Vip
port 80 <-- Listening on port 80
protocol tcp
url "/*"
active
service srvr1
ip address 10.10.10.1
protocol tcp
port 5555 <-- will translate dest port
keepalive type tcp
keepalive port 5555
active
service srvr2
ip address 10.10.10.2
protocol tcp
port 5555
keepalive type tcp
keepalive port 5555
active
HTH
Syed Iftekhar Ahmed

Password issues - says out of service. Can't sign in

in pse 9 adobe, i can't access information on different projects to do. a window comes up that when i enter my password it says it's out of service. i have been trying to do this for a while now.

phpotshop.com shut down last year so there is nothing left for you to log in to. If you had photos saved on photoshop.com you should have received several emails about this and your jpeg images will have been transferred to an Adobe Revel A/c with the same ID and Password.
You can still use the Organizer and Editor without logging in.
Cheers,
Neale
Insanity is hereditary, you get it from your children
If this post or another user's post resolves the original issue, please mark the posts as correct and/or helpful accordingly. This helps other users with similar trouble get answers to their questions quicker. Thanks.

The agent extension is out of service. error

The agent extension is out of service.
ready state change and call control operations cannot be performed.
The agent extension is back in service.
all operations are back in service.
I get this when the agent is just sitting there in a ready state.
CUCM 7.0 UCCX 7.0
I would appreciate any help you can offer.
Dave 404 569-1752
[email protected]

The most common cause of this was the agent's phone restarted or a CTI interruption occured. This is typically something to start troubleshooting on UCM side. The CAD Troubleshooting Guide says essentially the same thing:
Problem The agent’s state changed to Not Ready for no apparent reason.
Symptom. In some situations, an agent’s state may change to Not
Ready for no apparent reason.
Cause. To determine the reason, check the reason code:
..other causes removed...
■ If the reason code is 32759, the agent’s state became Not Ready
because the phone went out of service. Check to make sure the
phone is still functional and that you can call the phone directly. If
everything seems fine, it is most likely a temporary problem and the
phone has since recovered. If the phone is still down, it is most
likely a Unified CM problem. Please consult Unified CM support.
Solution In many cases, an agent’s state becoming Not Ready is not a serious
issue. Simply click Ready to change the agent’s state to Ready.
To determine the reason code, do one of the following:
...other solutions removed...
If the reason code is 32759, the agent’s state became Not Ready
because the phone went out of service. Check to make sure the
phone is still functional and that you can call the phone directly. If
everything seems fine, it is most likely a temporary problem and the
phone has since recovered. If the phone is still down, it is most
likely a Unified CM problem. Please consult Unified CM support.

ACE - VIP address on different subnet

Hello,
Is it possible to configure a VIP address that is different from the VLAN subnet where it is applied on?
Fe:
VIP is 10.10.10.1/24 on VLAN 10
Interface of ACE in VLAN 10 is 192.168.1.1/24
On the upstream routers, a static route points to the VIP address (subnet) with next-hop the ACE address?
Thanks.

Unfortunately I dont have a test environment either to verify this.
I dont think you will see arp entries as the address doesnt belong to an interface.
You should see the VIPs active (sh service policy detail) for these non-interface VIPs.
If those are active then I think once client request hits the ACE it should take care of it.
I have deployed such solution with FWSM (no VIPs there but used Natted addresses not belonging to any attached interface ) and as per that experience I think it should work.
But yes you need actual clients to test this scenario.
Syed

Excel Interactive View (excel mashup) - Is it out of service?

Hello,
I have an online report based on Excel Interactive View. The last week I noticed that it didn't work. I checked my code looking for bugs, but it is correct.
So, I tried to check the status of the Excel Interactive View in the official site "www.excelmashup.com" but when I clicked on the green button (with the text "Excel Interactive View") I saw the same error message:
"We're sorry. We're having trouble preparing the data right now"
I've been seen this error from 10/10/13, before that day, I remember the interactive view was working fine.
I repeated the test on Chrome v 29.0.1547.76, Mozilla Firefox
24.0 and IE 10.0.9200.16721 with the same results from that date.
To give you more details, if I click in the button "Excel Interactive View" at the site "www.excelmashup.com" using IE10 I see the next log on the browser's console:
Request URL:http://excel.officeapps.live.com/x/16.0.1727.1037/_vti_bin/CrossDomainAjax.ashx/GenerateWorkbookFromHtml
Request Method: POST
Status Code: HTTP/1.1 500 Internal Server Error
Request Headers 15:32:14.000
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Referer: http://www.excelmashup.com/
Pragma: no-cache
Origin: http://www.excelmashup.com
Host: excel.officeapps.live.com
DNT: 1
Content-Type: text/plain; charset=UTF-8
Content-Length: 1451
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Response Headers Δ560ms
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Server: Microsoft-IIS/8.0
Date: Fri, 11 Oct 2013 18:31:52 GMT
Content-Type: text/html
Content-Length: 1208
Cache-Control: private
In order to discard network issues when my browser request to the Office's Webservers (my local tests are made from Buenos Aires, Argentina), I repeated the experience in a server installed on the USA getting the same error.
I guess if the service "GenerateWorkbookFromHtml" is out of service in the Office's Webservers because it is throwing a http error 500.
Can anyone open the example without problems?
Thanks in
advance,

Hi,
Thank you for posting in the MSDN Forum.
Since the issue is more relate to the Excel Interactive View on SharePoint 2013, I'd like to move it to SharePoint 2013 General Discussions and Questions forum.
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.
Thanks for your understanding.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

ACE: VIP Out of service, Still accepts TCP connections

Similar Messages

Maybe you are looking for