Backend server in CSS
Hi
I am doing configuration for backend ssl, but it does not work.
When I config backend ssl, does the local server need config as ssl server? So they should install a certificate, and my CSS do not need a certificate?
Please advice if my understanding is correct?
Any comments will be appreciate
Thanks in advance
I think I have understood about question.
However, I have another problem now:
I have configured two backend services, one is alive and one is down. I believe both services are configured same.
the configuration is:
ssl-proxy-list ssl-slot3
backend-server 10
backend-server 10 ip address 10.1.1.51
backend-server 10 port 81
backend-server 10 server-ip 10.1.1.51
backend-server 10 cipher rsa-with-rc4-128-sha
backend-server 11
backend-server 11 ip address 10.1.1.52
backend-server 11 port 81
backend-server 11 server-ip 10.1.1.52
backend-server 11 cipher rsa-with-rc4-128-sha
service ssl-backend10
type ssl-accel-backend
protocol tcp
port 81
add ssl-proxy-list ssl-slot3
keepalive type ssl
keepalive port 443
ip address 10.1.1.51
active
service ssl-backend11
type ssl-accel-backend
protocol tcp
port 81
add ssl-proxy-list ssl-slot3
keepalive type ssl
keepalive port 443
ip address 10.1.1.52
active
# sh service summary | grep back
ssl-backend10 Alive 0 1 2 2
ssl-backend11 Down 0 1 255 0
I have checked both local servers, and port 443 for both of them are openned.
Could anyone advice me what problem it is? How to fix it?
For your information, I have configured content as:
content ssl-back
vip address 10.1.2.43
protocol tcp
port 81
url "/*"
add service ssl-backend10
add service ssl-backend11
balance leastconn
active
Any comments will be apprecited
Thanks in advance
Similar Messages
-
How do i temporarily disable TLS/SSL port 443 going to server on CSS
We are having issues with truncating packets that go through the CSS
I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
They server team would like to turn it off just to test..i tried removing
"add service ARR-public-ssl" from the contetn below and we lost http and https to the server
so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
ssl-server 40
ssl-server 40 rsacert byetest
ssl-server 40 vip address 172.20.120.16
ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
ssl-server 40 urlrewrite 1 *
ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
ssl-server 40 rsakey byekey
backend-server 50
backend-server 50 type initiation
backend-server 50 server-ip 69.xxx.xxx.xxx
backend-server 50 ip address 69.xxx.181.xxx
backend-server 50 rsacert byetest
backend-server 50 rsakey byekey
active
!************************** SERVICE **************************
service TIE-SSLINIT
protocol tcp
ip address 69.xxx.xxx.xxx
keepalive type tcp
keepalive port 443
slot 2
type ssl-init
add ssl-proxy-list HR-SSL
active
owner PublicBYE
content BYE-WEB-ARRR
vip address 172.20.120.17
protocol tcp
port 80
url "/arr*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BY-WEB-TIX
protocol tcp
port 80
url "/tix*"
advanced-balance arrowpoint-cookie
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web2
vip address 172.20.120.17
active
content BYE-WEB-TIX-CLEARTEXT
add service TIX-SSLINIT
vip address 172.20.120.19
protocol tcp
port 80
active
content BYE-WEB-Nav
vip address 172.20.120.17
protocol tcp
port 80
url "/na*"
balance aca
arpt-lct http-100-reinsert
add service BYE-ods-web1
active
content BYE-WEB-SSL
vip address 172.20.120.16
protocol tcp
port 443
advanced-balance ssl
application ssl
add service ARR-public-ssl
active
service BYE-ds-web1-ssl
ip address 172.20.212.5
port 443
keepalive type ssl
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYE-ds-web2
ip address 172.20.212.6
port 7777
keepalive port 7777
keepalive type tcp
active
service BYEos-web2-ssl
ip address 172.20.212.6
port 443
keepalive type ssl
activeCSS11506# sh ver
Version: sg0810205 (08.10.2.05)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.10.2.05
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
Secure Management
Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
I thought i saw some bug info from cisco but i cant tell if its related
CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
Is there a bug related to this on the CSS?
POST /TIXX/DocumentRepository_Service HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: www.xxxxxxxxxxxx.net
Content-Length: 9044 -
Failure of server APACHE bridge::No backend server available for connection
All,
I have an env: Browser -> OHS -> WLS(Apex Listener) -> Oracle DB.
If any SQL run for more than 5 mins, i get the below error.
Failure of server APACHE bridge:
No backend server available for connection: timed out after 10 seconds or idempotent set to OFF or method not idempotent.The only error i get is from the OHS's log
[2013-04-03T06:45:57.2946-05:00] [OHS] [ERROR:32] [] [core.c] [host_id: aa050] [host_addr: 121.146.60.102] [tid: 1260554560] [user: oracle] [ecid: 004qNDJn1du7m3KaETn3ES0004Ll00001T] [rid: 0] [VirtualHost: my.team.com:443] ap_proxy: trying POST /pls/apex/wwv_flow.show at backend host 127.0.0.1/7003; got exception 'Backend Server not responding'; state: reading status line or response headers from WLS (wrote? Y read? N); not failing over because method not idempotent, referer: https://my.team.com/pls/apex/f?p=4500:1003:16571271664493::NO:::Is there a timeout variable other than the below in WLS?
Session Timeout (in seconds): 3600 .
TIA,
JJRegardless of the version, this is not exactly a "Forms" failure. This is an issue between OHS and WLS. Basically it means that OHS (via mod_wl_ohs) was unable to communicate with WLS_FORMS (or whichever managed server you are trying to access). Most often this means the managed server is not running or not responding. If you believe it is running and is responsive (test by hitting it directly) then the problem is probably related to your installation. Generally, if you have not properly configured your networking before you installed WLS and FMw, then this can occur. For example, on Windows machine which do not have static IP addresses, the Installation Guide instructs you to install the Windows loopback adapter and configure it. If you did not do this, OHS likely will not be able to contact WLS_FORMS.
You can test what I have described above by attempting to access WLS_FORMS directly. For example:
http://yourHost:9001/forms/frmservlet
If that works, the issue is probably related to a net config issue.
If you have access to MyOracle Support, refer to these notes:
<blockquote><li>Failure Of Server APACHE Bridge After Running Report From Forms 11gR2 on Windows 64-bit platform (Doc ID 1457845.1)
<li>Oracle Fusion Middleware 11g - Troubleshooting the Error "Failure of server APACHE bridge" (Doc ID 1304095.1)</blockquote>
The product Documentation Library can be found here:
http://docs.oracle.com/cd/E24269_01/index.htm -
Unable to read SEARCH response from backend server
Currently we have problem when searching huge amounts of users against new SunOne Directory Server v6.3
in production and acceptance.
[17:12:43] root@ecdiala03-2[!]# /opt/app/sun/ds6/bin/dsadm -V
[dsadm]
dsadm : 6.3 B2008.0311.0058 NAT
[slapd 64-bit]
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.3 B2008.0311.0058 64-bit
ns-slapd : 6.3 B2008.0311.0058 NAT
Slapd Library : 6.3 B2008.0311.0058
Front-End Library : 6.3_MTR_5087249_1_20081209 B2008.1210.1821
==============================================================
Its not working while searching huge amounts of users against DPS.However, Its working while searching huge amounts of users against DS.
Below is the error from access log of DPS when the problem occurred.
==================================
31/Mar/2009:14:08:17 +0200] - CONNECT - INFO - conn=4565433 client=153.88.247.15:2719 server=ecdiala03-1:389 protocol=LDAP
[31/Mar/2009:14:08:17 +0200] - PROFILE - INFO - conn=4565433 assigned to connection handler cn=default connection handler, cn=connection handlers, cn=config
[31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=0 BIND dn="uid=itimadm1,ou=system accounts,o=ericsson" method="SIMPLE" version=3
[31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=0 BIND dn="uid=ITIMADM1,ou=system accounts,o=Ericsson" method="SIMPLE"" version=3 s_msgid=17 s_conn=ecditna03-2:72725
[31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=0 BIND RESPONSE err=0 msg="" s_conn=ecditna03-2:72725
[31/Mar/2009:14:08:17 +0200] - PROFILE - INFO - conn=4565433 assigned to connection handler cn=BindDone,cn=connection handlers,cn=config
[31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=0 BIND RESPONSE err=0 msg="" etime=0
[31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=1 msgid=2 SEARCH base="ou=External,o=Ericsson" scope=2 filter="(objectclass=inetorgperson)" attrs="*"
[31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=1 SEARCH base="ou=external,o=ericsson" scope=2 filter="(objectclass=inetorgperson)" attrs="*" s_msgid=18 s_conn=ecditna03-2:72725
[31/Mar/2009:14:12:25 +0200] - OPERATION - INFO - conn=4565433 op=1 SEARCH RESPONSE err=1 msg="Unable to read SEARCH response from backend server : Timeout when waiting to read from input stream" nentries=33959 etime=248309
[31/Mar/2009:14:17:25 +0200] - DISCONNECT - INFO - conn=4565433 reason="other" msg="Exception caught while polling client connection LDAP.153.88.247.15.2719 -- java.io.IOException: Connection reset by peer"
================================
>>
> > [15:12:29] root@ecdiala03-1[!]# ./dpadm -V
> >
> > [dpadm]
> >
> > dpadm :
> >
6.3_PD_COMBO_CUMULATIVE_VIRTUAL_15112008_ED2.0+6774589+6780423+6778308+6782659_2
> > B2008.1212.0459 NAT
> >
> >
> >
> > [DPS]
> >
> > Sun Microsystems, Inc.
> >
> >
Sun-Java(tm)-System-Directory-Proxy-Server/6.3_PD_COMBO_CUMULATIVE_VIRTUAL_15112008_ED2.0+6774589+6780423+6778308+6782659_2
> > B2008.1212.0436
> >
> > =================We have changed the value of data-source-read-timeout in DPS from 20s to 30m.As per application test, the "time out" error has gone, but we get a new error as following.
==========================
[27/Apr/2009:05:28:36 +0200] - SERVER_OP - INFO - conn=209469 op=8 SEARCH base="ou=internal,o=ericsson" scope=2 filter="(objectclass=ericssonInternal)" attrs="EriCA-AttesterNL EriCA-EmploymentForm EriCA-KeyRecoveryNL-Auth EriCA-NL-Auth EriCA-NLOTP-Admin EriCA-NLOTP-User EriCA-accountExpires c cn departmentNumber description displayName eriCompanySynch eriCountry eriCountryCode eriEmployeeStatus eriExpired eriIsManager eriMasterDomain eriOpOrgUnitAbbreviation eriOpOrgUnitIdentifier eriOpOrgUnitName eriOperationalManager eriPartner eriPartnerTrigram eriPwSynchDate eriSignType eriSignum eriSignumStatus facsimileTelephoneNumber givenName isMemberOf l mail memberOf mobile objectClass ou sametimebrowseldap sametimehomeserver sametimeuser smChallResp smDisabled smXauthRADIUSServer sn telephoneNumber title uid uidNumber " s_msgid=27 s_conn=ecditna03-2:8645
[27/Apr/2009:06:06:23 +0200] - SERVER_OP - INFO - conn=209469 op=8 SEARCH RESPONSE err=0 msg="" nentries=236367 s_conn=ecditna03-2:8645
[27/Apr/2009:06:06:23 +0200] - OPERATION - INFO - conn=209469 op=8 SEARCH RESPONSE err=0 msg="" nentries=236367 etime=2266483
[27/Apr/2009:06:11:27 +0200] - DISCONNECT - INFO - conn=209469 reason="other" msg="Exception caught while polling client connection LDAP.153.88.247.15.4862 -- java.io.IOException: Connection reset by peer"
================
Each time while application client (153.88.247.15) connecting DPS to read, they will exit with connection reset error.
Could you please kindly give us some suggestion if this error is realted to the DPS? -
HTTPS redirect from server on CSS 11501
Hi,
I make HTTPS request to server via CSS and now my question is can i get the response from the server in HTTP mode due to redirect function. I want to put it in HTTPS is this possible???
Regards
SaraAre you offloading SSL on CSS and sending clear traffic to servers and servers and sending back redirects using http? If thats the issue and you want clients to get redirects with https Use urlrewrite feature on CSS
details at
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/terminat.html#wp999332
Syed Iftekhar Ahmed -
Outlook integration backend server based outlook integration
Hello ,
we are usering CRM 7.0 with backend server based outlook integration. We are using the 'Customer and Contact ' subscription.
The business partner is not assigned to the zip code subscribed , but when the user is main person responsible on an activity the activity is distributed. WHY ? What table is used ? Why only the main person responsible and not all person responsible ?
Has anyone a more detailed debugging docu for this area ?
thanks
Juergen RitzKiran,
The answer to your question, is you need to follow the groupware integration guides for CRM 40 as the instructions are the same. The only thing that changes is the mapbox is now an ABAP program, so you can ignore the mapbox configuration steps in those documents(but still excute the customizing downloads).
Look at OSS Note 1156271 for more details. I just finished up doing groupware integration with Notes, but the general steps are the same, minus the notes/exchange specific steps which are detailed in the standard documentation.
Take care,
Stephen -
Error message displays backend server name : Reverse Proxy
Hi Experts,
We are using Apache 2.2.16 for reverse proxy.Below is the scenario.
browser -
>Apache server -
>SAP Web Dispatcher -
>SAP SRM Portal---->SAP SRM ( backend )
Now https://apache_server_host:443/irj works fine. but whenever we select one iview , there is dump in backend system & error message at portal displays backend server.
e.g
Error application is coming up.
20101012
BASIS
074335
srmhost
http://srmhost.xyz.com8000/sap/bc/webdynpro/sapsrm/wda_l_fpm_oif/
RAISE_EXCEPTION
Exception condition "PURCHORG_NOT_FOUND" raised.
Now can we hide , srmhost ( backend ) or can we replace srmhost with Apache host name.
I am trying mod_substitute but it is not doing anything .
Best Regards,
Tushar.Solved by
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://srmhost:8000|https://apache_host|ni" -
I´m found in web site Cisco this note.
"Before you synchronize the CSS with an SNTP server, make sure you configure the proper time zone for the CSS (for example, to EST). Also make sure the time difference between the CSS internal clock and the SNTP server clock is less than 24 hours. Otherwise, the CSS will not synchronize its clock with the SNTP server"The CSS supports sntp which is a simple version of NTP.
Therefore there are some restrictions and what you read is correct.
Gilles. -
"function is not supported by the current version of the backend server"
Hi,
I just updated SAP business one with latest 8.81 patch 10 and related integration component. However, when I try to add a sales order using new 1.5 version of the mobile app, it give the following error:
"Note that this function is not supported by the current version of the backend server".
Any idea what this means? Do I need to update the integration component with a different version?
ThanksHi Jose,
please refer to this SAP Note [1602674 - SAP Business One for iPhone and iPad - Troubleshooting Guide|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3030303136303236373426]
Note: you need to use your S-Account to access this note.
regards,
Fidel -
How to set up load balancing with overload server on css
can anyone tell me how to set up a load balancing config on css that will enable me to LB proxy caches and when they have too many connections then LB against an overload proxy-cache.
Such that when the normal proxy-cache farm is under the ceiling of max connections then the overload server is not used ?
I don't think redirect or sorry server will do this ?see the below configuration,any question,just tell me.
service proxy-1
! below is the real ip of server
ip address 10.1.1.1
keepalive type icmp
active
service proxy-2
ip address 10.1.1.2
keepalive type icmp
active
! enter owner config-mode
owner proxy
! define a content rule,match what you want to load balancing
content rule-proxy
! below is virtual ip,it can be another ip segment
vip address 10.1.1.50
add service proxy-1
add service proxy-2
protocol any
advanced-balance sticky-srcip
active -
Processed Dimension IDs not saving in the backend server
Hi Experts,
After successfully processing dimensions, the newly added dimension IDs or the changed dimensions are not reflecting in the backend BI server. And naturally not in the Office client.
I have checked logs in SLG1, couldnt find issue. Checked dumps, nothing particular found.
Checked the .NET server as well, no problems.
We are on SAP BPC 7.5 NW SP09.
Any idea why this could be happening?
Best Regards,
SayanHi Sabine,
I checked the log files earlier itself on the server but they didnot help. Last updates in the files were from November.
What i have found today is, after i tried to process the dimensions for mutiple times, they finally got processed in the backend as well. I was checking in SM66, every time processes were triggered for BPC_ADMIN in the backend, when i started processing.
But when i went to SLG1, there were entries with grey status (not processed) for same master data object and subobject 'master data update'. Since they are dialog process i could not any further entry from where i could find why they were not processing.
Any idea? Thanks again for your patience with the responses
Best Regards,
Sayan -
Using KAL to monitor app server behind CSS
We have had issues in the past where the app server has crashed and the CSS would keep sending connections to the front end webserver.
I am trying to find a way to monitor/keepalive based on the availability of an app server. The webserver is acting as a database app server front end.
I would like to be able to use the CSS to send a fixed set of (form style or XML) input to the ASP webserver so that it will return an expected output (from the app server) that can be hashed. The GET hash comparison will tell the CSS that the app server is correctly responding to the input.
Any one have any experience with things like this?
CarlThanks Steve,
I created a script that I think will do what I want, but I am not really clear on a couple of points.
I could not find anything to expand on the syntax for the socket send command. I noticed that some scripts that were posted used what seems like a directive to use the GET method but did not include any input.
socket send ${SOCKET} "GET ${webpage} http1.0\n\n"
It seems there may be some undocumented arguments to the socket commands. How do I find them?
I need to send an XML query as if it came from a form so the webserver will return the webpage I expect it to. The script I have so far is;
! Filename: ap-kal-dbstat
! Parameters: None - must be coded in script
! Description:
! This script will attempt to connect to a web server
! front end to a database host and
! "GET" an html page with dynamic content. The "sendstring"
! is some XML query which should return an expected output.
! The script checks the contents of the page for the returnstring.
! If found, the script passes.
! Failure Upon:
! 1. The correct arguments are not supplied.
! 2. The CSS is unable to connect to the host.
! 3. The string is not found in the return page.
no echo
if ${ARGS}[#] "LT" "5"
echo "Usage: ap-kal-dbstat \'Hostname Port Page Sendstring Returnstring\'"
echo "Example: ap-kal-dbstat \'10.1.1.1 80 webpage.asp XML=string form-element\'"
exit script 1
endbranch
set host "${ARGS}[1]"
set port "${ARGS}[2]"
set page "${ARGS}[3]"
set sendstring "${ARGS}[4]"
set returnstring "${ARGS}[5]"
set EXIT_MSG "Host ${host} not responding on TCP port ${port}."
socket connect host ${host} port ${port} tcp session
set EXIT_MSG "Socket string: String sent."
socket send ${SOCKET} "GET ${webpage} ${sendstring}"
set EXIT_MSG "Socket->Waitfor returnstring not found or timed out waiting."
socket waitfor ${SOCKET} "${returnstring}" 500
set EXIT_MSG "Socket: disconnected"
socket disconnect ${SOCKET}
echo "String ${returnstring} was found."
no set EXIT_MSG
exit script 0
Does this look like it will achieve my objective?
Carl -
Can I restrict a specific subnet/host to specific server in CSS?
I would like to restrict a specific subnet/host to access the same server. Can I do that?
ThanksHi,
You can configure an ACL on the CSS. This should achieve what you are trying to do.
For more details, check
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/security/guide/Access.html#wp1133930
I hope this helps
Daniel -
NTP Server behind CSS / Responses from outside don't get through
I have a CSS and behind it an NTP-Server (simulated for this posting by the ntpdate-command:
First, when I use ntpdate -q 128.130.2.7 (with the -q parameter a source-port >1024 is used) all wents fine, I get a response and the flow trace-ip shows:
JAN 20 10:12:15 1/1 1187 FLOWMGR-4: UDP in 192.168.7.73:35700->128.130.2.7:123
JAN 20 10:12:15 1/1 1188 FLOWMGR-4: UDP out 128.131.2.73:4724->128.130.2.7:123
JAN 20 10:12:15 1/1 1189 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:4724
JAN 20 10:12:15 1/1 1190 FLOWMGR-4: UDP out 128.130.2.7:123->192.168.7.73:35700
But when I now use ntpdate 128.130.2.7 without the -q option, i.e. well known Source Port 123 is used, no response come through and the trace-ip shows:
JAN 20 10:13:20 1/1 1194 FLOWMGR-4: UDP in 192.168.7.73:123->128.130.2.7:123
JAN 20 10:13:20 1/1 1195 FLOWMGR-4: UDP out 128.131.2.73:123->128.130.2.7:123
JAN 20 10:13:20 1/1 1196 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
JAN 20 10:13:21 1/1 1197 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
JAN 20 10:13:22 1/1 1198 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
JAN 20 10:13:23 1/1 1199 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
i.e. 128.130.2.7 sends the response to the vip-address and the css receives it, but does not send it to the requesting server.
The relevant configuration parts are (currently ACL is disabled!):
!************************** CIRCUIT **************************
circuit VLAN602
ip address 128.131.2.101 255.255.255.0
ip virtual-router 102 priority 254 preempt
ip redundant-vip 102 128.131.2.72 shared
ip redundant-vip 102 128.131.2.73 shared
ip redundant-vip 102 128.131.2.3 shared
ip critical-service 102 gw-128.131.2
!*************************** GROUP ***************************
group ogawa2
add service ogawa2i
vip address 128.131.2.73
active
!************************** SERVICE **************************
service ogawa2i
ip address 192.168.7.73
active
It looks like, that the response does not comes through, if the source-port of the requesting server uses a port <1024.
Any ideas ??There are some ports for which we do not maitain flow information but 123 should not be one of them.
What software version are you using ?
A workaround could be to create the following content rules :
owner TEST
content NTP
vip address 128.131.2.73
protocol udp
port 123
add service ogawa2i
active
Let me know if this works.
Gilles. -
Hi,
I have a question regarding sorry server configuration on the CSS 11500 series.
Is there a way for the sorry server to ignore the URL path and always send the user traffic to the "root" page (e.g. index.html) of the sorry server web server?
The problem I have is the redirection of the "root" page (url "/") that is configured for the normal traffic is causing the sorry page not to work since the URL path ("/psp/CUSTOMER1/?cmd=login") does not exist on the sorry page web server:
service Sorry-Server
protocol tcp
port 8000
keepalive type tcp
ip address 192.168.2.254
active
service server1
ip address 192.168.2.101
protocol tcp
keepalive type tcp
port 8080
active
service server2
ip address 192.168.2.102
protocol tcp
keepalive type tcp
port 8080
active
owner Customer1
content Content1
vip address 192.168.1.101
port 80
protocol tcp
url "/*"
balance aca
advanced-balance arrowpoint-cookie
flow-timeout-multiplier 6
add service server1
add service server2
primarySorryServer Sorry-Server
active
content Content1-Redirect
redirect "/psp/CUSTOMER1/?cmd=login"
vip address 192.168.1.101
port 80
protocol tcp
url "/"
active
Thanks in advance for your help!
Best regards,
HarryHi again,
During a maintenance window I made the following change and that made things a bit better:
service Sorry-Server
type redirect
keepalive type none
redirect-string "192.168.2.254:8000"
active
However, since the redirect string points to a private address, Internet users are not able to access the URL.
As a work-around I sent the redirect to a new content rule with a public address and then configured a second sorry page server:
service Sorry-Server
type redirect
keepalive type none
redirect-string "sorry.example.com:8000"
active
service Sorry-Server-2
ip address 192.168.2.254
protocol tcp
port 8000
keepalive type tcp
active
owner Customer1
content Content2
vip address x.x.x.x
add service Sorry-Server-2
port 8000
protocol tcp
active
Is there a better way to do this?
Best regards,
Harry
Maybe you are looking for
-
Validation for text field: Null and contains no spaces
Currently on APEX 3.2 I want to check 1 text field and 2 text areas to ensure they are not null and blank (hitting the space bar in the field) before submitting the page. How do I do both validations for on each field?
-
MBP running hot, full fans and sluggish with both Safari and Firefox
Hi guya, Im having problems with my kate 2007 MBP. Im sure lately it seems to be running slower and slower and more and more sluggish - I was hoping my Mac wouldn't be subject to "slowdown" like every PC ive ever owned has. The biggest problem is tha
-
Help with French Accent Characters Corrupted
Hi, All. I am developing a Flex Front end connect with Java back-end. The back-end sends data retrieved from XML file to the Flex front-end; displays it in an TextArea, and allow user to change. After user changes the data, hit "Save" button, then Fl
-
Display error messag in partner funcation tab in Vd02 useEXIT_SAPMF02D_001
Hi, There is a requirement to display a error message in vd02 for partner function tab when ship to party is exist in LFA1-KUNNR's . I am using the User exit EXIT_SAPMF02D_001 to dispaly error message . The problem is the message is displaying in dif
-
I can't get my itunes to connect to the remote speakers via airport express anymore - I did not change any settings - but did update iTunes to 10.2.2 and now things are not working and I get his message - "An error occurred while connecting to the r