Cisco ACE and IIS Virtual Directories

Similar Messages

• Exchange 2013 Autodiscover and Webservices virtual directories with wrong address

  Hey people,
  I have 3 2013 Servers
  Server 1 CAS
  Server 2 & 3 MBX
  having a bit of trouble here - everything was working fine after migration (about 6months ago), and now mac users can't access e-mail.
   If I try to access EWS page (https://webmail.domain.co.ao/EWS/exchange.asmx) , i get
  Service
  You have created a service.
  To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:
  svcutil.exe https://SERVER2.domain.int:444/EWS/Services.wsdl
  If I try to access the autodiscover webpage, i get
  <?xml version="1.0" encoding="UTF-8"?>
  -<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">-<Response>-<Error Id="1286627925" Time="17:58:59.7730521"><ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData/></Error></Response></Autodiscover>
  When testing outlook web services, i get the following error
  [PS] C:\Windows\system32>Test-OutlookWebServices
  Source ServiceEndpoint Scenario Result Latency
  (MS)
  SERVER2.domain.int webmail.domain.co.ao Autodiscover: Outlook Provider Failure 64
  SERVER2.domain.int Exchange Web Services Skipped 0
  SERVER2.domain.int Availability Service Skipped 0
  SERVER2.domain.int Offline Address Book Skipped 0
  if i run
  [PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory | fl
  Creating a new session for implicit remoting of "Get-AutodiscoverVirtualDirectory" command...
  RunspaceId : 9f23dad1-7806-42a6-8545-89b66847a359
  Name : Autodiscover (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
  ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity, OAuth}
  LiveIdNegotiateAuthentication : False
  WSSecurityAuthentication : True
  LiveIdBasicAuthentication : False
  BasicAuthentication : True
  DigestAuthentication : False
  WindowsAuthentication : True
  OAuthAuthentication : True
  AdfsAuthentication : False
  MetabasePath : IIS://SERVER1.domain.int/W3SVC/1/ROOT/Autodiscover
  Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\Autodiscover
  ExtendedProtectionTokenChecking : None
  ExtendedProtectionFlags : {}
  ExtendedProtectionSPNList : {}
  AdminDisplayVersion : Version 15.0 (Build 775.38)
  Server : SERVER1
  InternalUrl : https://webmail.domain.co.ao/autodiscover/autodiscover.xml
  ExternalUrl : https://webmail.domain.co.ao/autodiscover/autodiscover.xml
  AdminDisplayName :
  ExchangeVersion : 0.10 (14.0.100.0)
  DistinguishedName : CN=Autodiscover (Default Web
  Site),CN=HTTP,CN=Protocols,CN=SERVER1A,CN=Servers,CN=Exchange Administrative
  Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=DOMAIN,CN=Microsoft
  Exchange,CN=Services,CN=Configuration,DC=domain,DC=int
  Identity : SERVERONE\Autodiscover (Default Web Site)
  Guid : fbed978f-7442-46ac-bb3c-53d9d7995507
  ObjectCategory : domain.int/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
  ObjectClass : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
  WhenChanged : 12/19/2013 10:30:26 AM
  WhenCreated : 12/19/2013 10:30:26 AM
  WhenChangedUTC : 12/19/2013 9:30:26 AM
  WhenCreatedUTC : 12/19/2013 9:30:26 AM
  OrganizationId :
  OriginatingServer : DC2.domain.int
  IsValid : True
  ObjectState : Changed
  and run
  [PS] C:\Windows\system32>Get-WebServicesVirtualDirectory | fl
  RunspaceId : 9f23dad1-7806-42a6-8545-89b66847a359
  CertificateAuthentication :
  InternalNLBBypassUrl :
  GzipLevel : High
  MRSProxyEnabled : False
  Name : EWS (Default Web Site)
  InternalAuthenticationMethods : {Basic, Digest}
  ExternalAuthenticationMethods : {Basic, Digest}
  LiveIdNegotiateAuthentication :
  WSSecurityAuthentication : False
  LiveIdBasicAuthentication : False
  BasicAuthentication : True
  DigestAuthentication : True
  WindowsAuthentication : False
  OAuthAuthentication : False
  AdfsAuthentication : False
  MetabasePath : IIS://SERVER1.domain.int/W3SVC/1/ROOT/EWS
  Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\EWS
  ExtendedProtectionTokenChecking : None
  ExtendedProtectionFlags : {}
  ExtendedProtectionSPNList : {}
  AdminDisplayVersion : Version 15.0 (Build 775.38)
  Server : SERVER1
  InternalUrl : https://webmail.domain.co.ao/EWS/exchange.asmx
  ExternalUrl : https://webmail.domain.co.ao/EWS/exchange.asmx
  AdminDisplayName :
  ExchangeVersion : 0.10 (14.0.100.0)
  DistinguishedName : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,CN=SERVRE1,CN=Servers,CN=Exchange
  Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
  Groups,CN=DOMAINL,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domainl,DC=int
  Identity : SERVER1\EWS (Default Web Site)
  Guid : cbdd447b-54f8-4bba-9834-6c28b807711e
  ObjectCategory : domain.int/Configuration/Schema/ms-Exch-Web-Services-Virtual-Directory
  ObjectClass : {top, msExchVirtualDirectory, msExchWebServicesVirtualDirectory}
  WhenChanged : 12/19/2013 9:31:11 AM
  WhenCreated : 12/19/2013 9:31:11 AM
  WhenChangedUTC : 12/19/2013 8:31:11 AM
  WhenCreatedUTC : 12/19/2013 8:31:11 AM
  OrganizationId :
  OriginatingServer : DC2.domain.int
  IsValid : True
  ObjectState : Changed
  Summarizing:
  webmail.domain.co.ao maps to server1
  Autodiscover and exchange web services point out to server1 (CAS), but when openning the respective webpages, the result is an error.
  I have already deleted and recreated the autodiscover and EWS virtual directories but with no success.
  Help anyone?
  Many thanks,
  Andrey

  Hi Andrey,
  Exchange Web Service in Exchange server configuration is working for all users in your Exchange environment, not just for one specific user. If you want to double make sure the EWS service in client side, we can directly access the EWS URL in IE of your
  Windows machine, and see whether a proper XML file is returned. If so, then we can safely ignore the web service test result.
  As for automatic signature application, do you mean
  Add a signature automatically to every message? Please try to remove the signature and reset it again to check whether the issue persists.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Sccm 2012 DP failed to create iis virtual directories

  I am trying to install a branch server as Sccm 2012 DP.
  I already installed around 15 branch servers without any problems.
  The problem I have is that the branch server failed to create iis virtual directories.
  In my console under Monitoring, component status It writes that Distribution Manager successfully installed iis component of operating system to distribution point ""
  Next it writes error to send packages to that branch server.
  The site server distmgr.log shows the error below:
  Failed to start primary service wdsserver
  Microsoft Sql Server Native Client 11.0 login failed for user "xxx"
  Failed to connect to the sql server connection type : SMS ACCESS
  for Display = \\myserver\mswnet: sms_site= XXX  failed to get master SCF.
   Currently site xxx is initializing site control data. Cant get Master SCF from database at this time. will try later.
  DPConnection;;;; ConnectWMI() failed to connect to branch server.
  I try to remove the dp role, leave it for 12 hours reboot the server and assign the role again but same problem. 
  Any idea ?
  Nikkoscy

  Hi,
  Have you installed all features required?
  Technet prerequisite list for site system roles:
  http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SiteSystemRolePrereqs
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Urgent!!! Cisco ACE and asymetric routing assistance needed

  I am wondering if someone can give me pointers on the cisco ACE
  and asymetric routes. I've attached the diagram:
  -Cisco IOS IP address is 192.168.15.4/24 and 4.1.1.4/24
  -Firewall External interface is 192.168.15.1/24,
  -Firewall Internal interface is 192.168.192.1/24,
  -F5_BigIP External interface is 192.168.192.4/24,
  -F5_BigIP Internal interface is 192.168.196.1/24 and 192.168.197.1/24,
  -host_y has IP addresses of 192.168.196.10/24 and 192.168.197.10/24,
  -Checkpoint has static route for 192.168.196.0/24 and 192.168.197.0/24
  pointing to the F5_BigIP,
  -host_y is dual-home to both VLAN_A and VLAN_B with the default
  gateway on host_y pointing to VLAN_A which is 192.168.196.1,
  -host_x CAN ssh/telnet/http/https to both of host_y IP addresses
  of 192.168.196.10 and 192.168.197.10.
  In other words, from host_x, when I try to connect to host_y
  via IP address of 192.168.197.10, the traffics will go through VLAN_B
  but the return traffics will go through VLAN_A. Everything
  is working perfectly for me so far.
  Now customer just replaces the F5_BigIP with Cisco ACE. Now,
  I could not get it to work with Asymetric route with Cisco ACE. In
  other words, from host_x, I can no longer ssh or telnet to host_y
  via IP address of 192.168.197.10.
  Anyone knows how to get asymetric route to work on Cisco ACE?
  Thanks in advance.

  That won't work because ACE uses the vlan id to distinguish between flows.
  So when the response comes back on a different vlan, ACE can't find the flow it belongs to and it drops it.
  Even if we could force it to accept the packet, ACE would then try to create a new flow for this packet and it will collide with the flow already existing on the frontend.
  You would need to force your host to respond on the same vlan the traffic came in.
  This could be done with client nat on ACE using different nat pool.
  Gilles.

• Windows IIS virtual directories

  I'm setting up CPS and Contribute 3 on a large site. Users in
  different departments have access to specific folders that contain
  their pages. What I can't seem to be able to do is to add virtual
  directories to the users' list of folders to edit (though I really
  just want them to be able to link to files in those virtual
  directories). The virtual directories contain document libraries
  (agendas, minutes, reports, media releases) that are maintained by
  another system, so it seemed like a good idea to keep those folders
  out of the root folder of the site that the CPS manages. But those
  virtual directories don't show up in the list of folders to allow
  users to edit. Has anyone run into this problem and found a way
  around it? I could just drop the virtual directory idea if that's
  the only way.
  Tom Benjamin
  Web Development Analyst
  Capital Regional District, Victoria, BC, Canada

  Hi,
  If NDES is the only CA role service on this server, this problem is expected. Because NDES requires the installation of the Certification Authority Web Enrollment role service on the same Server.
  The Certificate Authority Web Enrollment pages are needed since the NDES IIS application is a virtual directory underneath the Web Enrollment pages (CertSrv).
  Hope this helps.
  Regards,
  Bruce
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
  Who is VERY strange is that (in the "Thomas Larsen" configuration so without installing the "Web
  Enrollment pages") ... we can access to the admin page with the url http://serveurNdes/certsrv/mscep_admin" !!! How is it possible !!

• MP Related Logs and IIS Virtual directory not created After re_installation of SCCM 2007

  Hi
  We have re-installed the IIS and SCCM secondary site. tried to intsall the MP role and DP role but it has not created any logs or IIS virtual directory in the secondary site server which is in WAN link.
  Trouble shooting:
  - checked the ports 443,445 and 80
  - Disabled symantec
  - exchanged the public key ( still it is in progress in Despooler log)
  - checked the site to site permission and added the accounts.
  please suggest further.

  Yes, I know this is an old post, but I’m trying to clean them up.
  What error(s) are you getting within the logs? Without these details there isn’t much anyone can do to help you.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• TWO IIS virtual directories for TWO WebLogic Instances

  I have an IIS website with one IIS virtual directory which is using iisproxy.dll
  to redirect the request to a weblogic instance.
  Now, I would like to create another virtual directory which has to redirect to
  another weblogic instance (with different port). How can I do that? I have tried
  to create another copy of iisproxy.dll & iisproxy.ini but that new website still
  forward the request to the old website. Please advice.
  Many thanks.
  Ronald

  Hi Ronald
  This is not possible with existing weblogic releases.
  However There are couple of workarounds for this.
  1. Setup two IIS Sites forwarding requests to two weblogic servers.
  Make sure The IIS sites are running with Application Protection of
  High(Isolated).
  Make sure the iisproxy.ini and iisproxy.dll for theses different sites
  are in different
  diectories and configure the sites and iisproxy.ini files appropriately.
  - This, i tries and works great.
  2. Let All the requests go to one weblogic server. Register a servlet
  with you'r second virtual directory name as a proxy servlet proxying to
  the second
  weblogic server.
  - This might work. But you have to remeber the performance impact of
  proxying twice.
  Hope this helps
  vijay
  "Ronald" <[email protected]> wrote in message
  news:3aff5049$[email protected]..
  >
  I have an IIS website with one IIS virtual directory which is usingiisproxy.dll
  to redirect the request to a weblogic instance.
  Now, I would like to create another virtual directory which has toredirect to
  another weblogic instance (with different port). How can I do that? I havetried
  to create another copy of iisproxy.dll & iisproxy.ini but that new websitestill
  forward the request to the old website. Please advice.
  Many thanks.
  Ronald

• VPC / Cisco ACE and the Nexus 2K and 5K

  Hi all,
  So we have a test environment that looks like the following. We have 2 5K's switch 1 and switch 2. Switch 1 has two 10gb connections downstream to a 2K and switch 2 has two 10Gb connections downstream to the other 2K. We have a few servers that are multi-homed with LACP and VPC via the 2Ks and it works a treat.
  We have our Cisco ACE 01, ports 1 and 2 going to one of the 2K's and we have ports 3 and 4 going to the other 2K, ACE02 ports 1 and 2 going to one of the 2K's and we have ports 3 and 4 going to the other 2K. If i enable VPC and none LACP based etherchannel i cannot get the ACE's talking to each other, but looking at the VPC status its all healthy and up.
  Has anyone managed to multi-home the ACE between two 2K's with VPC successfully? 
  If I disable the links so each ACE only has links upstream in a traditional port-channel and not cross connected, the ACE's can see each other with no issues.
  Cheers

  Doh.. so we had a cable patching issue in the end. Let this be a lesson to all networking chaps - always check the basics first! Now we have patched the cables as per design the VPC has been established and works.
  Now we  have VPC is working we are simulating link failures. When we restore a shutdown physical port within the port-channel/VPC that sits between the 2K and ACE (simulating a port failure) the ACE's lose sight of each other for about 10 seconds and causes an short outage until the port is up and up. The logs on the ACE show 'the Peer x.x.x.x is not reachable. Error: Heartbeat stopped. No alternate interface configured' but the VLAN for the FT interface is carried over all four ACE NIC's that are multi-homed to two 2K's... very strange, i would not expect this, it's like the MAC addresses for the FT interface are waiting to be timed out on the 2K until they are switched on another interface within the port-channel and VPC.
  Anyone seen this before?

• Exchange Server IIS Virtual Directories

  Hi Guys,
  I need to remove all the directories from Exchange CAS Server except the directories are required for ActiveSync. can someone give me the direction about the directories are not required for ActiveSync.
  Thanks in Advance.
  Regards
  Rishi Aggarwal
  Regards Rishi Aggarwal

  my client made a decision about removing external OWA but ActiveSync. so looking what are the Exact directories are required for ActiveSync so except that i can remove every directory. 
  Hi,
  OWA works only internally,
  ActiveSync works both internally and externally, right?
  I would suggest to create a new website with a unique IP in IIS and only adding ActiveSync to that website using a cmdlet. That would give us a website hosted on the box that served the ActiveSync devices but nothing else, leaving the OWA open for internal
  access. The firewall would point to this website/IP on the CAS. We could also create a virtual directory under there for /OWA and /Exchange which would serve up the generic “this service is no longer available, please contact the help desk” message as the
  default webpage. This makes it easy to manage, monitor, and control traffic to.
  Command to create a new Active Virtual directory:
  New-ActiveSyncVirtualDirectory -WebSiteName "domain.com"
  Best Regards.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Lynn-Li
  TechNet Community Support

• Cisco ACE and firewall design

  Guys,
  If I have servers protected behind a firewall and I need to load balance some servers , where should I place the ACE?
  Sent from Cisco Technical Support iPad App

  Hi,
  With one-arm i believe the question is where you want to place the firwall. As long as the client is able to reach the VIP and server replies back to ACE i dont see any problem with this design.
  Firewall ---------Switch ---------------- Load Balancer ---
  As you know with one-arm requires a source NAT and might not be a good fit for application that are using the source IP address to track client usage patterns. PBR avoids this problem but adds other considerations, such as routing complexity, asymmetrical routing for non-load-balanced flows, and VRF support; PBR is not available on VRFs.
  Regards,
  Siva

• Cisco ACE and license upgrades

  Hi,
  So we have a virtual ACE carved into Contexts with 0.5 Gb license.
  I'm planning on taking this up to a 1Gb license but I’m concerned regarding the resource-class allocations.      
  I currently allocate a gold class of 20% for customers that require 100mb of through put which works quite well. So 20% of 500mb is 100mb.
  When I upgrade to a 1Gb license the resource-class's will need changing right? So gold becomes 10%, with 10% of 1000Mb is a 100Mb.
  Is how you normally tackle the license upgrades in a virtualised environment.
  Any comments would be appreciated
  Cheers

  Once you upgrade the license, of course the capacity of device increases and hence you can tweak the resource allocation as per your requirement. It should be simple:)

• Cisco VPN and Microsoft Virtual PC (xp mode under Windows 7)

  I've installed XP under my users Windows 7 64 bit Enterprise.  Unfortunately I set up networking for DHCP so that the host and guest (too much vmware :) )  get two different IP's.
  So with Cisco anyconnect, I can't get the guest (i.e. the Win xp vm) to connect correctly.  I want to change networking back to bridged and try that, but for the life of me I can't find where the settings are.  I'm thinking that bridged (where
  I don't have to try the Cisco client in the vm might work better)
  But I"m in the US
  My users in Australia
  and right now I can't get remote tools to work on the host and talking this guy through it on the phone is not pleasant.
  Are there instructions somewhere, and where is the full downloadable documentation for this product. I can find online, can't find a full downloadable copy

  On Thu, 2 Sep 2010 14:34:57 +0000, Jim_St wrote:
  I've installed XP under my users Windows 7 64 bit Enterprise.=A0=20
  Unfortunately I set up networking for DHCP so that the host and guest=20
  (too much vmware :) )=A0 get two different IP's.
  So with Cisco anyconnect, I can't get the guest (i.e. the Win xp vm) to=20
  connect correctly.=A0 I want to change networking back to bridged and =
  try=20
  that, but for the life of me I can't find where the settings are.=A0 I'm=
  =20
  thinking that bridged (where I don't have to try the Cisco client in=20
  the vm might work better)
  But I"m in the US
  My users in Australia
  and right now I can't get remote tools to work on the host and talking=20
  this guy through it on the phone is not pleasant.
  Are there instructions somewhere, and where is the full downloadable=20
  documentation for this product. I can find online, can't find a full=20
  downloadable copy
  Bridged networking is what VMWare calls it and it works basically the
  same as the way you don't like here. The guest will interact with the
  NIC on the host and from the outsie it will present a second channel
  with a different MAC address. This channel will acquire an IP address
  of its own from the DHCP server.
  But no matter what you do, the host and guest will NEVER EVER get the
  same IP address!
  Additionally, Cisco VPN by design will shut down ALL other network
  interfaces when it connects the tunnel so the computer running Cisco
  VPN will be effectively disconnected from the local network and
  INSTEAD connected to the remote network. You cannot share this VPN
  tunnel to another local computer and this includes the host.
  Bo Berglund

• CFGRID not working with IIS Virtual Directories

  I was wondering if anyone else is having this issue?
  Cfgrid works fine outside of the virtual directory. But when
  I put the file in a virtual directory the applet doesn't load.
  Please help
  Thank you
  Jeff S

  Got it working with "nodePath"
  Thanks,
  Ranjith Pillai

• Restore the deleted extended IIS web site into Virtual directories

  Hi,
  i deleted the IIS site from virtual directories and as well from IIS. But still i can see the extended web site zone in the Central administration, General Settings from the remove SharePoint from IIS web site. now question is there any way i can restore
  the deleted iis site zone any how?
  Thanks

  Hi Trevor,
  Thanks for your answer. i need some suggestion regarding on going issue. First i have created a web application at port 80 when it was in singer server and then i extended to 443 and 80 in multi-tier farm as you can see in the below image
  And then i deleted IIS site from IIS itself and from Virtual directories as you can see in the below picture. Then i blinded the "SharePointDemo-80" site with host header at port 443 With default zone AAM. now i can access the site well but problem
  is if i want to deploy any custom solution, getting error "The web.config is invalid on this IIS web site: "C:\inetpub\wwwroot\wss\VirtualDirectories\demoportal.bbcat.local80\web.config. " and also crawler is not crawling any items. my
  understanding is, as there is no IIS site into virtual directories obviously will throwing error. Usually first i create web application at different port (example 8080) and then extend the application to 80 or 443.  As i have already place this web application
  and did customization, what will be the best way to handle this situation?
  Thanks in advanced!!

• Slow connection in one server if accessing through Cisco ACE

  Hi,
  Good day, Can someone help me on my problem? I have 3 servers, server1, server2 and server3. When one pc accessing the server 3 application via Cisco ACE, it experienced a slow connection but when direct access without Cisco Ace, it's fast. The connection of this PC through cisco ace and direct access have no issue.
  What need to do in my configuration? Below is my configuration
  logging enable
  logging timestamp
  logging trap 7
  logging buffered 7
  logging monitor 7
  logging host 167.81.126.5 udp/514
  logging host 137.55.152.147 udp/514
  resource-class SG_01
    limit-resource all minimum 0.00 maximum unlimited
    limit-resource sticky minimum 10.00 maximum equal-to-min
  boot system image:c4710ace-mz.A3_2_0.bin
  login timeout 30
  peer hostname singapore-ace2
  hostname singapore-ace1
  interface gigabitEthernet 1/1
    channel-group 14
    no shutdown
  interface gigabitEthernet 1/2
    channel-group 14
    no shutdown
  interface gigabitEthernet 1/3
    channel-group 14
    no shutdown
  interface gigabitEthernet 1/4
    channel-group 14
    no shutdown
  interface port-channel 14
    description ISOLAN-ACE-TRUNK
    ft-port vlan 99
    switchport trunk native vlan 1
    switchport trunk allowed vlan 12,14,112
    no shutdown
  clock timezone SGT 8 0
  ntp server 137.55.152.1
  context Admin
    member SG_01
  access-list ALL line 8 extended permit ip any any
  access-list ALL line 9 extended permit icmp any any
  ip domain-name ysn.psg.philips.com
  probe http singapore_01
    description This probe used to monitor application url-app-script
    interval 5
    passdetect interval 5
    request method get url /insiteserverstatus/insiteserverstatus.aspx
    expect status 200 200
    open 1
  probe http singapore_02
    description This probe used to monitor IIS-login-page
    interval 5
    passdetect interval 5
    request method get url /InSiteLumiledsApplication/
    expect status 200 200
    open 1
  probe icmp uplink
    description This probe used in conjunction with ft track host
    interval 2
    faildetect 2
    passdetect interval 3
  parameter-map type connection PARAM_L4STICKY-IP
    exceed-mss allow
  rserver host sggysnysn1ms013
    ip address 137.55.152.135
    inservice
  rserver host sggysnysn1ms014
    ip address 137.55.152.136
    inservice
  rserver host sggysnysn1ms018
    ip address 137.55.152.145
    inservice
  serverfarm host PLI9058
    probe singapore_01
    probe singapore_02
    rserver sggysnysn1ms013
      inservice
    rserver sggysnysn1ms014
      inservice
    rserver sggysnysn1ms018
      inservice
  sticky ip-netmask 255.255.255.255 address both SG_GROUP_01
    timeout 720
    replicate sticky
    serverfarm PLI9058
  class-map type management match-any HTTPS-ALLOW_CLASS
  class-map match-all L4STICKY-IP_141:ANY_CLASS
    2 match virtual-address 137.55.152.141 any
  class-map type http loadbalance match-any NO_MS018
    50 match source-address 137.55.155.31 255.255.254.0
  class-map type management match-any SSH-ALLOW_CLASS
    2 match protocol ssh source-address 167.81.124.0 255.255.255.192
    3 match protocol ssh source-address 167.81.126.0 255.255.255.192
  class-map type management match-any remote_access
    2 match protocol xml-https any
    3 match protocol icmp any
    5 match protocol ssh any
    6 match protocol http any
    7 match protocol https any
    8 match protocol snmp any
  policy-map type management first-match remote_mgmt_allow_policy
    class remote_access
      permit
  policy-map type loadbalance first-match L7PLBSF_STICKY-NETMASK_POLICY
    class class-default
      sticky-serverfarm SG_GROUP_01
      insert-http X-Forwarded-For header-value "%is"
  policy-map multi-match PLI9058-VIPs_POLICY
    class L4STICKY-IP_141:ANY_CLASS
      loadbalance vip inservice
      loadbalance policy L7PLBSF_STICKY-NETMASK_POLICY
      loadbalance vip icmp-reply
      connection advanced-options PARAM_L4STICKY-IP
  interface vlan 12
    description Client-side vlan
    bridge-group 1
    no normalization
    mac-sticky enable
    access-group input ALL
    access-group output ALL
    service-policy input PLI9058-VIPs_POLICY
    no shutdown
  interface vlan 14
    ip address 137.55.152.236 255.255.255.248
    peer ip address 137.55.152.237 255.255.255.248
    service-policy input remote_mgmt_allow_policy
    no shutdown
  interface vlan 112
    description Server-side vlan
    bridge-group 1
    no normalization
    access-group input ALL
    access-group output ALL
    nat-pool 1 137.55.152.141 137.55.152.141 netmask 255.255.255.192 pat
    no shutdown
  interface bvi 1
    ip address 137.55.152.189 255.255.255.192
    alias 137.55.152.188 255.255.255.192
    peer ip address 137.55.152.190 255.255.255.192
    description Bridge-Group 1 Virtual Interface
    no shutdown
  ft interface vlan 99
    ip address 192.168.1.1 255.255.255.252
    peer ip address 192.168.1.2 255.255.255.252
    no shutdown
  ft peer 1
    heartbeat interval 100
    heartbeat count 10
    ft-interface vlan 99
  ft group 1
    peer 1
    priority 150
    peer priority 50
    associate-context Admin
    inservice
  ft track host test1
    track-host 137.55.152.234
    peer track-host 137.55.152.235
    peer probe uplink priority 50
    probe uplink priority 50
  ip route 0.0.0.0 0.0.0.0 137.55.152.233

  Hi Earsdale,
  All the three servers are using the same configuration, so, I'm afraid it's not possible to give you a simple answer. You will need more troubleshooting.
  I would recommend you to start by checking the differences between the servers because one of those differences is certainly causing the failure.
  Also, it would be helpful to get traffic captures on the TenGig interface of the ACE to compare the behavior of the connection when going to the different servers, as well as the differences when being load-balanced vs accessing the server directly.
  If you need help with this troubleshooting, you can always open a TAC service request
  Regards
  Daniel