Backend server in CSS

Similar Messages

• How do i temporarily disable TLS/SSL port 443 going to server on CSS

  We are having issues with truncating packets that go through the CSS
  I did a capture after the CSS and there is truncation............however i cant read it before the since everything is encrypted.
  They hit vip address 172.20.120.16. on the CSS and get redirected to 2 servers depening on what the url says
  They server team would like to turn it off just to test..i tried removing
  "add service ARR-public-ssl" from the contetn below and we lost http and https to the server
  so in essence i want to try and turn the 443 connection to a port 80---than it goes to port 7777 backend to 172.20.212.6
  content BYE-WEB-SSL
     vip address 172.20.120.16
     protocol tcp
     port 443
     advanced-balance ssl
     application ssl
     add service ARR-public-ssl
     active
  ssl-server 40
  ssl-server 40 rsacert byetest
  ssl-server 40 vip address 172.20.120.16
  ssl-server 40 cipher rsa-with-rc4-128-sha 172.20.120.17 80
  ssl-server 40 cipher rsa-with-rc4-128-md5 172.20.120.17 80
  ssl-server 40 urlrewrite 1 *
  ssl-server 40 cipher rsa-with-3des-ede-cbc-sha 172.20.120.17 80
  ssl-server 40 rsakey byekey
  backend-server 50
  backend-server 50 type initiation
  backend-server 50 server-ip 69.xxx.xxx.xxx
  backend-server 50 ip address 69.xxx.181.xxx
  backend-server 50 rsacert byetest
  backend-server 50 rsakey byekey
  active
  !************************** SERVICE **************************
  service TIE-SSLINIT
    protocol tcp
    ip address 69.xxx.xxx.xxx
    keepalive type tcp
    keepalive port 443
    slot 2
    type ssl-init
    add ssl-proxy-list HR-SSL
    active
  owner PublicBYE
    content BYE-WEB-ARRR
      vip address 172.20.120.17
      protocol tcp
      port 80
      url "/arr*"
      advanced-balance arrowpoint-cookie
      balance aca
      arpt-lct http-100-reinsert
      add service BYE-ods-web1
      active
    content BY-WEB-TIX
      protocol tcp
      port 80
      url "/tix*"
      advanced-balance arrowpoint-cookie
      balance aca
      arpt-lct http-100-reinsert
      add service BYE-ods-web2
      vip address 172.20.120.17
      active
    content BYE-WEB-TIX-CLEARTEXT
      add service TIX-SSLINIT
      vip address 172.20.120.19
      protocol tcp
      port 80
      active
  content BYE-WEB-Nav
    vip address 172.20.120.17
    protocol tcp
    port 80
    url "/na*"
    balance aca
    arpt-lct http-100-reinsert
    add service BYE-ods-web1
    active
  content BYE-WEB-SSL
    vip address 172.20.120.16
    protocol tcp
    port 443
    advanced-balance ssl
    application ssl
    add service ARR-public-ssl
    active
  service BYE-ds-web1-ssl
    ip address 172.20.212.5
    port 443
    keepalive type ssl
    active
  service BYE-ds-web2
    ip address 172.20.212.6
    port 7777
    keepalive port 7777
    keepalive type tcp
    active
  service BYE-ds-web2
    ip address 172.20.212.6
    port 7777
    keepalive port 7777
    keepalive type tcp
    active
  service BYEos-web2-ssl
    ip address 172.20.212.6
    port 443
    keepalive type ssl
    active

  CSS11506# sh ver
  Version:               sg0810205 (08.10.2.05)
  Flash (Locked):        08.10.1.06
  Flash (Operational):   08.10.2.05
  Type:                  PRIMARY
  Licensed Cmd Set(s):   Standard Feature Set
                         Secure Management
  Yeah..if done a packet trace before it hits the CSS and after......the only issue is that everything is engrypted before it hits the LB so i cant really read anythign....i did a pacet trace after the LB and on the Server itself its seems we get this
  I thought i saw some bug info from cisco but i cant tell if its related
  CSCsx05640—When you configure the CSS for a Layer 5 (L5) content rule and it receives an HTTP method POST with the HTTP header in one packet that is quickly followed by many packets of POST data or payload, it could fail to deliver all the data to the back-end server. The CSS Flow Manager (FM) application could incorrectly handle the POST and the data packet as a spanned content request and could cause the data to be mishandled. Workaround: Use less than 1-Gb connections in the network; a 100-Mb link does not exhibit this issue.
  As you can see after the content-length..........nothing comes across........sometimes addtional stuff will come in ...but usually nothing
  Is there a bug related to this on the CSS?
  POST /TIXX/DocumentRepository_Service HTTP/1.1
  Accept-Encoding: gzip,deflate
  Content-Type: application/soap+xml;charset=UTF-8;action="urn:ihe:iti:2007:ProvideAndRegisterDocumentSet-b"
  User-Agent: Jakarta Commons-HttpClient/3.1
  Host: www.xxxxxxxxxxxx.net
  Content-Length: 9044

• Failure of server APACHE bridge::No backend server available for connection

  All,
  I have an env: Browser -> OHS -> WLS(Apex Listener) -> Oracle DB.
  If any SQL run for more than 5 mins, i get the below error.
  Failure of server APACHE bridge:
  No backend server available for connection: timed out after 10 seconds or idempotent set to OFF or method not idempotent.The only error i get is from the OHS's log
  [2013-04-03T06:45:57.2946-05:00] [OHS] [ERROR:32] [] [core.c] [host_id: aa050] [host_addr: 121.146.60.102] [tid: 1260554560] [user: oracle] [ecid: 004qNDJn1du7m3KaETn3ES0004Ll00001T] [rid: 0] [VirtualHost: my.team.com:443]  ap_proxy: trying POST /pls/apex/wwv_flow.show at backend host 127.0.0.1/7003; got exception 'Backend Server not responding'; state: reading status line or response headers from WLS (wrote? Y read? N); not failing over because method not idempotent, referer: https://my.team.com/pls/apex/f?p=4500:1003:16571271664493::NO:::Is there a timeout variable other than the below in WLS?
  Session Timeout (in seconds): 3600 .
  TIA,
  JJ

  Regardless of the version, this is not exactly a "Forms" failure. This is an issue between OHS and WLS. Basically it means that OHS (via mod_wl_ohs) was unable to communicate with WLS_FORMS (or whichever managed server you are trying to access). Most often this means the managed server is not running or not responding. If you believe it is running and is responsive (test by hitting it directly) then the problem is probably related to your installation. Generally, if you have not properly configured your networking before you installed WLS and FMw, then this can occur. For example, on Windows machine which do not have static IP addresses, the Installation Guide instructs you to install the Windows loopback adapter and configure it. If you did not do this, OHS likely will not be able to contact WLS_FORMS.
  You can test what I have described above by attempting to access WLS_FORMS directly. For example:
  http://yourHost:9001/forms/frmservlet
  If that works, the issue is probably related to a net config issue.
  If you have access to MyOracle Support, refer to these notes:
  <blockquote><li>Failure Of Server APACHE Bridge After Running Report From Forms 11gR2 on Windows 64-bit platform (Doc ID 1457845.1)
  <li>Oracle Fusion Middleware 11g - Troubleshooting the Error "Failure of server APACHE bridge" (Doc ID 1304095.1)</blockquote>
  The product Documentation Library can be found here:
  http://docs.oracle.com/cd/E24269_01/index.htm

• Unable to read SEARCH response from backend server

  Currently we have problem when searching huge amounts of users against new SunOne Directory Server v6.3
  in production and acceptance.
  [17:12:43] root@ecdiala03-2[!]# /opt/app/sun/ds6/bin/dsadm -V
  [dsadm]
  dsadm : 6.3 B2008.0311.0058 NAT
  [slapd 64-bit]
  Sun Microsystems, Inc.
  Sun-Java(tm)-System-Directory/6.3 B2008.0311.0058 64-bit
  ns-slapd : 6.3 B2008.0311.0058 NAT
  Slapd Library : 6.3 B2008.0311.0058
  Front-End Library : 6.3_MTR_5087249_1_20081209 B2008.1210.1821
  ==============================================================
  It’s not working while searching huge amounts of users against DPS.However, It’s working while searching huge amounts of users against DS.
  Below is the error from access log of DPS when the problem occurred.
  ==================================
  31/Mar/2009:14:08:17 +0200] - CONNECT - INFO - conn=4565433 client=153.88.247.15:2719 server=ecdiala03-1:389 protocol=LDAP
  [31/Mar/2009:14:08:17 +0200] - PROFILE - INFO - conn=4565433 assigned to connection handler cn=default connection handler, cn=connection handlers, cn=config
  [31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=0 BIND dn="uid=itimadm1,ou=system accounts,o=ericsson" method="SIMPLE" version=3
  [31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=0 BIND dn="uid=ITIMADM1,ou=system accounts,o=Ericsson" method="SIMPLE"" version=3 s_msgid=17 s_conn=ecditna03-2:72725
  [31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=0 BIND RESPONSE err=0 msg="" s_conn=ecditna03-2:72725
  [31/Mar/2009:14:08:17 +0200] - PROFILE - INFO - conn=4565433 assigned to connection handler cn=BindDone,cn=connection handlers,cn=config
  [31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=0 BIND RESPONSE err=0 msg="" etime=0
  [31/Mar/2009:14:08:17 +0200] - OPERATION - INFO - conn=4565433 op=1 msgid=2 SEARCH base="ou=External,o=Ericsson" scope=2 filter="(objectclass=inetorgperson)" attrs="*"
  [31/Mar/2009:14:08:17 +0200] - SERVER_OP - INFO - conn=4565433 op=1 SEARCH base="ou=external,o=ericsson" scope=2 filter="(objectclass=inetorgperson)" attrs="*" s_msgid=18 s_conn=ecditna03-2:72725
  [31/Mar/2009:14:12:25 +0200] - OPERATION - INFO - conn=4565433 op=1 SEARCH RESPONSE err=1 msg="Unable to read SEARCH response from backend server : Timeout when waiting to read from input stream" nentries=33959 etime=248309
  [31/Mar/2009:14:17:25 +0200] - DISCONNECT - INFO - conn=4565433 reason="other" msg="Exception caught while polling client connection LDAP.153.88.247.15.2719 -- java.io.IOException: Connection reset by peer"
  ================================
  >>
  > > [15:12:29] root@ecdiala03-1[!]# ./dpadm -V
  > >
  > > [dpadm]
  > >
  > > dpadm :
  > >
  6.3_PD_COMBO_CUMULATIVE_VIRTUAL_15112008_ED2.0+6774589+6780423+6778308+6782659_2
  > > B2008.1212.0459 NAT
  > >
  > >
  > >
  > > [DPS]
  > >
  > > Sun Microsystems, Inc.
  > >
  > >
  Sun-Java(tm)-System-Directory-Proxy-Server/6.3_PD_COMBO_CUMULATIVE_VIRTUAL_15112008_ED2.0+6774589+6780423+6778308+6782659_2
  > > B2008.1212.0436
  > >
  > > =================

  We have changed the value of data-source-read-timeout in DPS from 20s to 30m.As per application test, the "time out" error has gone, but we get a new error as following.
  ==========================
  [27/Apr/2009:05:28:36 +0200] - SERVER_OP - INFO - conn=209469 op=8 SEARCH base="ou=internal,o=ericsson" scope=2 filter="(objectclass=ericssonInternal)" attrs="EriCA-AttesterNL EriCA-EmploymentForm EriCA-KeyRecoveryNL-Auth EriCA-NL-Auth EriCA-NLOTP-Admin EriCA-NLOTP-User EriCA-accountExpires c cn departmentNumber description displayName eriCompanySynch eriCountry eriCountryCode eriEmployeeStatus eriExpired eriIsManager eriMasterDomain eriOpOrgUnitAbbreviation eriOpOrgUnitIdentifier eriOpOrgUnitName eriOperationalManager eriPartner eriPartnerTrigram eriPwSynchDate eriSignType eriSignum eriSignumStatus facsimileTelephoneNumber givenName isMemberOf l mail memberOf mobile objectClass ou sametimebrowseldap sametimehomeserver sametimeuser smChallResp smDisabled smXauthRADIUSServer sn telephoneNumber title uid uidNumber " s_msgid=27 s_conn=ecditna03-2:8645
  [27/Apr/2009:06:06:23 +0200] - SERVER_OP - INFO - conn=209469 op=8 SEARCH RESPONSE err=0 msg="" nentries=236367 s_conn=ecditna03-2:8645
  [27/Apr/2009:06:06:23 +0200] - OPERATION - INFO - conn=209469 op=8 SEARCH RESPONSE err=0 msg="" nentries=236367 etime=2266483
  [27/Apr/2009:06:11:27 +0200] - DISCONNECT - INFO - conn=209469 reason="other" msg="Exception caught while polling client connection LDAP.153.88.247.15.4862 -- java.io.IOException: Connection reset by peer"
  ================
  Each time while application client (153.88.247.15) connecting DPS to read, they will exit with “connection reset” error.
  Could you please kindly give us some suggestion if this error is realted to the DPS?

• HTTPS redirect from server on CSS 11501

  Hi,
  I make HTTPS request to server via CSS and now my question is can i get the response from the server in HTTP mode due to redirect function. I want to put it in HTTPS is this possible???
  Regards
  Sara

  Are you offloading SSL on CSS and sending clear traffic to servers and servers and sending back redirects using http? If thats the issue and you want clients to get redirects with https Use urlrewrite feature on CSS
  details at
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/terminat.html#wp999332
  Syed Iftekhar Ahmed

• Outlook integration backend server based outlook integration

  Hello ,
  we are usering CRM 7.0 with backend server based outlook integration.  We are using the  'Customer and Contact ' subscription.
  The business partner is not assigned to the zip code subscribed , but when the user is main person responsible on an activity the activity is distributed. WHY ?  What table is used ? Why only the main person responsible and not all person responsible ?
  Has anyone a more detailed debugging docu for this area  ?
  thanks
  Juergen Ritz

  Kiran,
  The answer to your question, is you need to follow the groupware integration guides for CRM 40 as the instructions are the same.  The only thing that changes is the mapbox is now an ABAP program, so you can ignore the mapbox configuration steps in those documents(but still excute the customizing downloads).
  Look at OSS Note 1156271 for more details.  I just finished up doing groupware integration with Notes, but the general steps are the same, minus the notes/exchange specific steps which are detailed in the standard documentation.
  Take care,
  Stephen

• Error message displays backend server name : Reverse Proxy

  Hi Experts,
  We are using Apache 2.2.16  for reverse proxy.Below is the  scenario.
  browser -
  >Apache server -
  >SAP Web Dispatcher -
  >SAP SRM Portal---->SAP SRM ( backend )
  Now https://apache_server_host:443/irj  works fine. but whenever we select one iview , there is dump in backend system & error message at portal displays backend server.
  e.g
  Error application is coming up.
  20101012
  BASIS
  074335
  srmhost
  http://srmhost.xyz.com8000/sap/bc/webdynpro/sapsrm/wda_l_fpm_oif/
  RAISE_EXCEPTION
  Exception condition "PURCHORG_NOT_FOUND" raised.
  Now can we hide , srmhost ( backend ) or can we replace srmhost with Apache host name.
  I am trying mod_substitute but it is not doing anything .
  Best Regards,
  Tushar.

  Solved by
  AddOutputFilterByType SUBSTITUTE text/html
  Substitute "s|http://srmhost:8000|https://apache_host|ni"

• SNTP Server - Cisco CSS

  I´m found in web site Cisco this note.
  "Before you synchronize the CSS with an SNTP server, make sure you configure the proper time zone for the CSS (for example, to EST). Also make sure the time difference between the CSS internal clock and the SNTP server clock is less than 24 hours. Otherwise, the CSS will not synchronize its clock with the SNTP server"

  The CSS supports sntp which is a simple version of NTP.
  Therefore there are some restrictions and what you read is correct.
  Gilles.

• "function is not supported by the current version of the backend server"

  Hi,
  I just updated SAP business one with latest 8.81 patch 10 and related integration component. However, when I try to add a sales order using new 1.5 version of the mobile app, it give the following error:
  "Note that this function is not supported by the current version of the backend server".
  Any idea what this means?  Do I need to update the integration component with a different version?
  Thanks

  Hi Jose,
  please refer to this SAP Note [1602674 - SAP Business One for iPhone and iPad - Troubleshooting Guide|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3030303136303236373426]
  Note: you need to use your S-Account to access this note.
  regards,
  Fidel

• How to set up load balancing with overload server on css

  can anyone tell me how to set up a load balancing config on css that will enable me to LB proxy caches and when they have too many connections then LB against an overload proxy-cache.
  Such that when the normal proxy-cache farm is under the ceiling of max connections then the overload server is not used ?
  I don't think redirect or sorry server will do this ?

  see the below configuration,any question,just tell me.
  service proxy-1
  ! below is the real ip of server
  ip address 10.1.1.1
  keepalive type icmp
  active
  service proxy-2
  ip address 10.1.1.2
  keepalive type icmp
  active
  ! enter owner config-mode
  owner proxy
  ! define a content rule,match what you want to load balancing
  content rule-proxy
  ! below is virtual ip,it can be another ip segment
  vip address 10.1.1.50
  add service proxy-1
  add service proxy-2
  protocol any
  advanced-balance sticky-srcip
  active

• Processed Dimension IDs not saving in the backend server

  Hi Experts,
  After successfully processing dimensions, the newly added dimension IDs or the changed dimensions are not reflecting in the backend BI server. And naturally not in the Office client.
  I have checked logs in SLG1, couldnt find issue. Checked dumps, nothing particular found.
  Checked the .NET server as well, no problems.
  We are on SAP BPC 7.5 NW SP09.
  Any idea why this could be happening?
  Best Regards,
  Sayan

  Hi Sabine,
  I checked the log files earlier itself on the server but they didnot help. Last updates in the files were from November.
  What i have found today is, after i tried to process the dimensions for mutiple times, they finally got processed in the backend as well. I was checking in SM66, every time processes were triggered for BPC_ADMIN in the backend, when i started processing.
  But when i went to SLG1, there were entries with grey status (not processed) for same master data object and subobject 'master data update'. Since they are dialog process i could not any further entry from where i could find why they were not processing.
  Any idea? Thanks again for your patience with the responses
  Best Regards,
  Sayan

• Using KAL to monitor app server behind CSS

  We have had issues in the past where the app server has crashed and the CSS would keep sending connections to the front end webserver.
  I am trying to find a way to monitor/keepalive based on the availability of an app server. The webserver is acting as a database app server front end.
  I would like to be able to use the CSS to send a fixed set of (form style or XML) input to the ASP webserver so that it will return an expected output (from the app server) that can be hashed. The GET hash comparison will tell the CSS that the app server is correctly responding to the input.
  Any one have any experience with things like this?
  Carl

  Thanks Steve,
  I created a script that I think will do what I want, but I am not really clear on a couple of points.
  I could not find anything to expand on the syntax for the socket send command. I noticed that some scripts that were posted used what seems like a directive to use the GET method but did not include any input.
  socket send ${SOCKET} "GET ${webpage} http1.0\n\n"
  It seems there may be some undocumented arguments to the socket commands. How do I find them?
  I need to send an XML query as if it came from a form so the webserver will return the webpage I expect it to. The script I have so far is;
  ! Filename: ap-kal-dbstat
  ! Parameters: None - must be coded in script
  ! Description:
  ! This script will attempt to connect to a web server
  ! front end to a database host and
  ! "GET" an html page with dynamic content. The "sendstring"
  ! is some XML query which should return an expected output.
  ! The script checks the contents of the page for the returnstring.
  ! If found, the script passes.
  ! Failure Upon:
  ! 1. The correct arguments are not supplied.
  ! 2. The CSS is unable to connect to the host.
  ! 3. The string is not found in the return page.
  no echo
  if ${ARGS}[#] "LT" "5"
  echo "Usage: ap-kal-dbstat \'Hostname Port Page Sendstring Returnstring\'"
  echo "Example: ap-kal-dbstat \'10.1.1.1 80 webpage.asp XML=string form-element\'"
  exit script 1
  endbranch
  set host "${ARGS}[1]"
  set port "${ARGS}[2]"
  set page "${ARGS}[3]"
  set sendstring "${ARGS}[4]"
  set returnstring "${ARGS}[5]"
  set EXIT_MSG "Host ${host} not responding on TCP port ${port}."
  socket connect host ${host} port ${port} tcp session
  set EXIT_MSG "Socket string: String sent."
  socket send ${SOCKET} "GET ${webpage} ${sendstring}"
  set EXIT_MSG "Socket->Waitfor returnstring not found or timed out waiting."
  socket waitfor ${SOCKET} "${returnstring}" 500
  set EXIT_MSG "Socket: disconnected"
  socket disconnect ${SOCKET}
  echo "String ${returnstring} was found."
  no set EXIT_MSG
  exit script 0
  Does this look like it will achieve my objective?
  Carl

• Can I restrict a specific subnet/host to specific server in CSS?

  I would like to restrict a specific subnet/host to access the same server. Can I do that?
  Thanks

  Hi,
  You can configure an ACL on the CSS. This should achieve what you are trying to do.
  For more details, check
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/security/guide/Access.html#wp1133930
  I hope this helps
  Daniel

• NTP Server behind CSS / Responses from outside don't get through

  I have a CSS and behind it an NTP-Server (simulated for this posting by the ntpdate-command:
  First, when I use ntpdate -q 128.130.2.7 (with the -q parameter a source-port >1024 is used) all wents fine, I get a response and the flow trace-ip shows:
  JAN 20 10:12:15 1/1 1187 FLOWMGR-4: UDP in 192.168.7.73:35700->128.130.2.7:123
  JAN 20 10:12:15 1/1 1188 FLOWMGR-4: UDP out 128.131.2.73:4724->128.130.2.7:123
  JAN 20 10:12:15 1/1 1189 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:4724
  JAN 20 10:12:15 1/1 1190 FLOWMGR-4: UDP out 128.130.2.7:123->192.168.7.73:35700
  But when I now use ntpdate 128.130.2.7 without the -q option, i.e. well known Source Port 123 is used, no response come through and the trace-ip shows:
  JAN 20 10:13:20 1/1 1194 FLOWMGR-4: UDP in 192.168.7.73:123->128.130.2.7:123
  JAN 20 10:13:20 1/1 1195 FLOWMGR-4: UDP out 128.131.2.73:123->128.130.2.7:123
  JAN 20 10:13:20 1/1 1196 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
  JAN 20 10:13:21 1/1 1197 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
  JAN 20 10:13:22 1/1 1198 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
  JAN 20 10:13:23 1/1 1199 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
  i.e. 128.130.2.7 sends the response to the vip-address and the css receives it, but does not send it to the requesting server.
  The relevant configuration parts are (currently ACL is disabled!):
  !************************** CIRCUIT **************************
  circuit VLAN602
  ip address 128.131.2.101 255.255.255.0
  ip virtual-router 102 priority 254 preempt
  ip redundant-vip 102 128.131.2.72 shared
  ip redundant-vip 102 128.131.2.73 shared
  ip redundant-vip 102 128.131.2.3 shared
  ip critical-service 102 gw-128.131.2
  !*************************** GROUP ***************************
  group ogawa2
  add service ogawa2i
  vip address 128.131.2.73
  active
  !************************** SERVICE **************************
  service ogawa2i
  ip address 192.168.7.73
  active
  It looks like, that the response does not comes through, if the source-port of the requesting server uses a port <1024.
  Any ideas ??

  There are some ports for which we do not maitain flow information but 123 should not be one of them.
  What software version are you using ?
  A workaround could be to create the following content rules :
  owner TEST
  content NTP
  vip address 128.131.2.73
  protocol udp
  port 123
  add service ogawa2i
  active
  Let me know if this works.
  Gilles.

• Sorry Server for CSS 11500

  Hi,
  I have a question regarding sorry server configuration on the CSS 11500 series.
  Is there a way for the sorry server to ignore the URL path and always send the user traffic to the "root" page (e.g. index.html) of the sorry server web server?
  The problem I have is the redirection of the "root" page (url "/") that is configured for the normal traffic is causing the sorry page not to work since the URL path ("/psp/CUSTOMER1/?cmd=login") does not exist on the sorry page web server:
  service Sorry-Server
    protocol tcp
    port 8000
    keepalive type tcp
    ip address 192.168.2.254
    active
  service server1
    ip address 192.168.2.101
    protocol tcp
    keepalive type tcp
    port 8080
    active
  service server2
    ip address 192.168.2.102
    protocol tcp
    keepalive type tcp
    port 8080
    active
  owner Customer1
    content Content1
      vip address 192.168.1.101
      port 80
      protocol tcp
      url "/*"
      balance aca
      advanced-balance arrowpoint-cookie
      flow-timeout-multiplier 6
      add service server1
      add service server2
      primarySorryServer Sorry-Server
      active
    content Content1-Redirect
      redirect "/psp/CUSTOMER1/?cmd=login"
      vip address 192.168.1.101
      port 80
      protocol tcp
      url "/"
      active
  Thanks in advance for your help!
  Best regards,
  Harry

  Hi again,
  During a maintenance window I made the following change and that made things a bit better:
  service Sorry-Server
    type redirect
    keepalive type none
    redirect-string "192.168.2.254:8000"
    active
  However, since the redirect string points to a private address, Internet users are not able to access the URL.
  As a work-around I sent the redirect to a new content rule with a public address and then configured a second sorry page server:
  service Sorry-Server
    type redirect
    keepalive type none
    redirect-string "sorry.example.com:8000"
    active
  service Sorry-Server-2
    ip address 192.168.2.254
    protocol tcp
    port 8000
    keepalive type tcp
    active
  owner Customer1
    content Content2
      vip address x.x.x.x
      add service Sorry-Server-2
      port 8000
      protocol tcp
      active
  Is there a better way to do this?
  Best regards,
  Harry