CSS11503 - balance ACA
How can you check if balance ACA is enabled in CSS11503? How can you see also if the content switch(CSS11503) is load balancing using balance ACA? "show load" command does not show it.
xxxxxx# show load
Global load information:
Reporting:Enabled
Calculation method:Relative
Step Size:Dynamic Configured:10 Actual:1280
Threshold:254 Ageout-Timer:60
Teardown-timer: Configured:20 Actual:20
Service load information:
Average Average Peak Average
Service Name Load Number ResponseTime Response Time
DNS1 4 8999 33972
DNS2 4 8884 28254
SSH-WPHGT11 2 0 87509
WPHGT11 2 0 0
def-gwy-server 255 0 0
fe1-gw1-radius1 2 0 0
fe1-gw1-radius2 2 0 0
fe1-gw1-wap-8799 8 15344 662337
fe1-gw1-wap-9200 2 0 23751
fe1-gw1-wap-9201 19 30815 1060772
fe1-gw1-wap-9202 2 3442 20998
fe1-gw1-wap-9203 2 0 601421
fe1-gw2-radius1 2 0 0
fe1-gw2-radius2 2 0 0
fe1-gw2-wap-8799 6 13041 704099
fe1-gw2-wap-9200 2 3182 14139
fe1-gw2-wap-9201 43 60856 1065916
fe1-gw2-wap-9202 2 0 20879
fe1-gw2-wap-9203 2 0 506349
fe1-gw3-radius1 2 0 0
fe1-gw3-radius2 2 0 0
fe1-gw3-wap-8799 4 10212 1092052
fe1-gw3-wap-9200 2 0 21320
fe1-gw3-wap-9201 20 29867 1023362
fe1-gw3-wap-9202 2 8490 51904
fe1-gw3-wap-9203 2 0 734375
fe2-gw1-radius1 2 0 0
fe2-gw1-radius2 2 0 0
fe2-gw1-wap-8799 3 7877 853708
fe2-gw1-wap-9200 2 0 10895
fe2-gw1-wap-9201 79 107955 1040622
fe2-gw1-wap-9202 2 0 34262
fe2-gw1-wap-9203 29 35629 605709
fe2-gw2-radius1 2 0 0
fe2-gw2-radius2 2 0 0
fe2-gw2-wap-8799 4 11740 887388
fe2-gw2-wap-9200 2 0 13231
fe2-gw2-wap-9201 78 104708 917860
fe2-gw2-wap-9202 2 0 24661
fe2-gw2-wap-9203 2 0 589902
hsp1-ppg1 2 140 31000
hsp2-ppg1 2 96 31036
hsp3-ppg1 255 0 0
pmaster 2 0 1999716
serverchat 255 0 0
serverchat2 255 0 0
smaster 2 0 1934905
You can use the show rule {owner name} . It gives you an output like this;
Name: fXXXX Owner: XXXXXX
State: Active Type: HTTP
Balance: ACA Failover: N/A
Persistence: Enabled Param-Bypass: Disabled
Session Redundancy: Disabled
IP Redundancy: Not Redundant
L3: X.X.X.X
L4: TCP/80
Url: /*
Redirect: ""
TCP RST client if service unreachable: Disabled
Rule Services & Weights:
1: XXX-Alive, S-1
Cesar R
Similar Messages
-
Hi Gilles,
balance aca and adavance-balance sticky srcip under the same content
content 1
port 1111
advance-balance sticky srcip
balance aca
add service s1
add service s2
vip address 1.1.1.1
active
Is the above configuration adviceble.I never advice ACA. leastconn gives good result but with sticky-srcip it is preferable to use roundrobin.
Giles. -
Load balancing sftp servers on css11503
I have an 11503 and I am trying to load balance sftp servers behind it. not sure why it's not working.
here is the content rule:
content test_sftp
add service www1_sftp
add service www2_sftp
port 22
protocol tcp
balance aca
advanced-balance sticky-srcip
vip address 172.17.0.248
active
here are the service rules:
service www1_sftp
ip address 172.17.0.27
protocol tcp
keepalive port 22
keepalive type tcp
active
service www2_sftp
ip address 172.17.0.25
protocol tcp
keepalive port 22
keepalive type tcp
active
couple of questions:
1) do I need to set up a source group like I would have to for ftp? Does the return traffic from the servers need to be NAT'd back out as the VIP?
2) the content rule and service rules are all set for port 22 only....is that enough ports open for the control and data channels? I think sftp uses port 22 for both.
Any assistance would be greatly appreciated.
Thanks!
SandeepYou definitely need a group to nat the data-channel.
But I'm not even sure that will make it work.
You can give it a try so.
Gilles. -
Monitoring a CSS11503 sticky decision
Hi everybody,
we want to see and log (best would be to syslog) why the CSS takes a loadbalancing decision on stickiness. Is this possible and how should this be configured?
Our current problem is the following. We got a CSS11503 pair in box redundancy. They are loadbalancing https traffic to two SUN iPlanet instances using SSLv3. The rule is the following:
content https
protocol tcp
port 443
application ssl
balance aca
add service service1_https
add service service2_https
vip address 10.1.1.1
advanced-balance ssl
active
what we see is that some client gets forwarded to the second server during a session although it was directed to the first one before. And this leads to an 'authorization required' error in the client application. We can trace this in the iPlanet logs.
When using src-sticky, everything works fine, so this leads to the conclusion that it has to do with SSL loadbalancing.
Of course the application guys now blame the CSS for not working correctly, but I think (as a CSS guy) that the application is doing something wrong. So, I need to trace the sticky decision on the CSS.
Any ideas are welcome.
-AlexHi Alex,
(I'm a CSS guy too!)
Have you investigated the actual SSL session ID's being used for that particular client when this error occurs?
We had a problem with very similar symptoms and had to use a Sniffer in order to find the root cause.
Our servers (I think they were IPlanet too, running on Linux) were not handling the SSL session-id "re-use" option properly. They were instead providing a bran new SSL session-id each time the client would send a SSL "re-negotiation handshake" (I'm not sure about terminology here!). In our case, we saw this happenning every 90 seconds, causing the clients to bounce from server to server because the CSS would not find a match in its SSL-sticky table and load-balancing would therefore take effect and cause the client to end up on a different server (similar to what you are reporting).
Unfortunately, in our case (also) we were unable to resolve this server issue and we resorted to src-sticky.
Good luck!
Dan -
CSS Troubleshooting "advanced-balance url" based on string-range
Hi together,
a questions for troubleshooting "string range stickyness".
I configured a content rule:
content L5_HTTP_81
vip address 192.168.1.1
balance aca
no persistent
protocol tcp
port 81
url "/*"
advanced-balance url
add service service1 weight 1
add service service2 weight 1
string range 30 to 255
string eos-char "_"
string prefix "shopId="
active
service service1
ip address 10.1.128.23
keepalive maxfailure 2
protocol tcp
redundant-index 2102
keepalive frequency 15
keepalive retryperiod 10
keepalive type http
keepalive port 80
keepalive method get
keepalive uri "/admin/Ping.simple"
string 148.49
port 80
active
service service2
ip address 10.1.128.22
keepalive maxfailure 2
protocol tcp
redundant-index 2101
keepalive type http
keepalive method get
keepalive frequency 15
keepalive retryperiod 10
keepalive port 80
keepalive uri "/admin/Ping.simple"
string 148.48
port 80
active
1. I take a string from the 30rd to 255 character out of the URL starting at "/".
2. Now I search for a string between "shop_Id=" and "_", on which the stickyness is based.
3. string "148.49" is allocated to service1, string "148.48" is allocated to service2.
Is there any possibillity to view or debug the handling, how the string is matched in the http request and on which service the request is forwarded ?
thanks in advance
saschaHere is the command reference. take a look at the available commands.
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_710/cmdrefgd/index.htm -
Load Balance AJP13 on CSS 11501
We are trying to load balance AJP13 protocol using port 8009 between Apache servers and JBOSS application servers.
We are getting Page cannot be found in the browser.
Content rule used:
content webdev_ajp13_8009
add service dil01
add service dil02
vip address 192.168.x.x
balance aca
no persistent
protocol tcp
port 8009
url "/*"
active
Has anyone come across the problem before and what was the solution.
Thanks in advance.
AnthonyHi Zach,
Just to let you know that we have run extensive tests and found that if the URL uses the workers file to reference the AJP13 protocol, traffic goes from the Apache servers to the Content Switch VIP but does not forward the traffic onto the servers. TCP packets are detected on the sniffer but once the AJP13 protocol is detected then an error occurs, ERROR AJP13 unassembled packet. If we however use the URL with the parameter :8009 then the traffic passes from the content switch VIP to the JBOSS servers.
We have decided to use AJP13 Mod_jk so only HTTP and HTTPS traffic will be passed between all the servers.
Thanks for your assistance in this matter.
Regards
Anthony -
Load balance LDAP with the CSS 501
I'm trying to setup a content rule to test load balancing LDAP traffic via the CSS but it doesn't seem to be working. Here's my configuration:
service 10.125.5.56:389
ip address 10.125.5.56
protocol tcp
port 389
keepalive type script ap-kal-ldap "10.125.5.56"
active
content test-ldap:389
vip address 10.124.155.50
add service 10.125.5.56:389
protocol tcp
balance aca
port 389
advanced-balance sticky-srcip-dstport
active
Anything I'm doing wrong? I see somebody posted a similar issue but doesn't seem like a solution was provided (see below):
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&topicID=.ee7814f&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dda3585/2What's the issue ?
Get a sniffer trace simultanously on client and server and see what's going on.
G. -
Terminal Server Farm balancing with down server
I have an 11501 that is balancing connections between my 10 terminal servers.
We are using roundrobin because we were told by TAC that leastconn and ACA do not work well with terminal server environment.
The problem is that whenever a server goes down and comes back up that server is not first inline for people reconnecting. I need help finding a way, once the down server comes back online, to make this server have a higher weight until its connections are about equal to what the other server loads are.
Any help would be greatly appreciated.Hi,
in my pinion balance leastconn should the job as it only counts the number of connections see :
http://www.cisco.com/en/US/customer/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a008029c621.html#wp1038118:
balance leastconn - Least connection algorithm. This balance method chooses a running service that has the fewest number of connections.
We do not recommend that you use UDP content rules with the balance leastconn load-balancing algorithm. The service connection counters do not increment and remain at 0 because UDP is a connectionless protocol. Because the counters remain at 0, the CSS will give inconsistent results.
So if your terminal service is a running via UDP you are having a problem but in any other case it should do the job from the description given above.
The balance aca will fail due to the fact that the first and keepalive is very fast and so it can not determin the real load what you already found out.
Which method did you use balance aca or balance leastconn?
Cheers,
Joerg -
How do you specify a string with advanced-balance url?
I am trying to configure a CSS 11501 to send requests with a specific string in the URL to a specific server. How and where I would specify the string? The documentation, as far as I can tell, mentions that it can be done but does not show how. Any input is greatly appreciated.
Thanks again, Syed. Now it makes sense, but I was digging more into the documentation and found a simpler way to accomplish this.
service webServer1
ip address 10.1.1.1
keepalive type http
active
service webServer2
ip address 10.1.1.2
keepalive type http
active
content webServers
add service webServer1
add service webServer2
balance aca
vip address 10.2.2.1
protocol tcp
active
content fileServer
add service webServer1
vip address 10.2.2.1
protocol tcp
url â/files/*â
active
The idea being that most requests will get load-balanced between both web servers, but if the URL starts with "/files/", then only webServer1 will receive the requests. -
Hello all,
my CSS 11150 with WebNS 5.00 does excessive arp requests on its interfaces (up to 100 arps per second). The box seems to arp EVERYTHING especially in the 10.147.0.0 /16 subnet even if it is not used at all. My config is as follows:
ip no-implicit-service
ip opportunistic disable
ip route 0.0.0.0 0.0.0.0 10.147.1.1 1
circuit VLAN1
ip address 10.147.248.10 255.255.0.0
circuit VLAN2
ip address 10.145.45.254 255.255.255.128
service sunbl3s6-443
ip address 10.145.45.136
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
service sunbl3s6-80
ip address 10.145.45.136
protocol tcp
port 80
keepalive type tcp
keepalive port 80
active
service sunbl3s7-443
ip address 10.145.45.137
protocol tcp
port 443
keepalive type tcp
keepalive port 443
active
service sunbl3s7-80
ip address 10.145.45.137
protocol tcp
port 80
keepalive type tcp
keepalive port 80
active
owner unix-systems
content vrp-test-443
vip address 10.145.45.253
protocol tcp
port 443
balance aca
add service sunbl3s6-443
add service sunbl3s7-443
active
content vrp-test-80
vip address 10.145.45.253
protocol tcp
port 80
balance aca
add service sunbl3s6-80
add service sunbl3s7-80
active
group vrp-test
vip address 10.145.45.253
add destination service sunbl3s6-80
add destination service sunbl3s6-443
add destination service sunbl3s7-80
add destination service sunbl3s7-443
active
Does anybody have any hints?
Many thanks in advance
UliHi,
I did a software upgrade yesterday and put ap0610405.adi.gz on the box. But the behaviour didn't change. We also checked the cabling for loops, that's also fine.
We have observed some further things:
The broadcasts are only on the 10.147.0.0 /16 subnet. As this is our local lan backbone we can't change it, I could only shift the frontend into another subnet and route it towards the backbone.
We have another two boxes (CSS11503 with 7.4) with a similar configuration - they also do excessive arp requests in the same subnet, the primary as well as the secondary. But the addresses being arped for are not necessarily the same.
I took some packet traces looking for broadcasts and multicasts that could inspire the boxes to arp for every address they see - nothing, the addresses being arped for are not seen in the seconds before the CSS arp request.
What could trigger arp requests for machines which never accessed or used the CSS services / rules??? I've never seen such a behaviour before...
Best Regards
Uli -
Help to move a simple CSS design to an ACE
Hi, I have a production system on a CSS11503, and the service will be moving to an ACE shortly. I'm nost sure how to convert a couple of "features" of the CSS configuration.
1. WebDAV support: I had to add the extra HTTP methods;
http-method parse RFC2518-methods
http-method parse user-defined-method POLL
http-method parse user-defined-method SEARCH
http-method parse user-defined-method SUBSCRIBE
http-method parse user-defined-method BMOVE
http-method parse user-defined-method BCOPY
http-method parse user-defined-method BDELETE
http-method parse user-defined-method BPROPPATCH
Do I still need to and how do I?
2. The stickiness: It is done with an arrowpoint thingy.
content HTTP-80
add service Online-1-80
add service Online-2-80
add service Online-3-80
add service Online-4-80
protocol tcp
port 80
vip address x.x.x.x
advanced-balance arrowpoint-cookie
balance aca
active
How do I acheive the same with the ACE.
I also intend to use HTTPS in the front, talking to HTTP backend. The balancing should not be affected by this, as the ACE can see the cookies etc.
Anyone able to guide me on this setup.
Thanks.1. not required with ACE
2. The equivalent of arrowpoint-cookie in ACE is cookie insert.
More info on the cookie insert @
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_command_reference_chapter09186a0080685364.html
Finally for SSL termination look @
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a008068816c.html
If you need additional help, do not hesitate.
Gilles. -
Https front end and http backend
Hi there....I am having a small issue....I have a web app that is https based....I have installed the cert on the CSS, and DNS for this app points to the VIP....the client is wanting to have an https front end, and then load balance in http to the backend servers....the issue I am running into is that this only works if I have an active port 80 rule on that same VIP....if I suspend the port 80 rule and only leave the port 443 rule active on that VIP, it doesn't work....please see appropriate config portions below....Thanks in advance!
Sandeep
ANy suggestions? I have been trying this for a couple of days now...it works fine if the backend sessions are also https, but the client has changed their requirement....
ssl-proxy-list SSL1
ssl-server 1
ssl-server 1 rsakey app1-test
ssl-server 1 rsacert app1-test
ssl-server 1 vip address 10.19.55.10
ssl-server 1 cipher rsa-with-rc4-128-md5 10.19.55.10 81
backend-server 1
backend-server 1 port 81
backend-server 1 server-ip 10.19.55.132
backend-server 1 ip address 10.19.55.132
backend-server 2
backend-server 2 port 81
backend-server 2 server-ip 10.19.55.133
backend-server 2 ip address 10.19.55.133
backend-server 3
backend-server 3 port 83
backend-server 3 server-ip 10.19.55.132
backend-server 3 ip address 10.19.55.132
backend-server 4
backend-server 4 port 83
backend-server 4 server-ip 10.19.55.133
backend-server 4 ip address 10.19.55.133
backend-server 5
backend-server 5 port 85
backend-server 5 server-ip 10.19.55.132
backend-server 5 ip address 10.19.55.132
backend-server 6
backend-server 6 port 85
backend-server 6 server-ip 10.19.55.133
backend-server 6 ip address 10.19.55.133
active
service webserver002:81
ip address 10.19.55.132
port 81
keepalive port 2199
keepalive type tcp
protocol tcp
active
service webserver003:81
ip address 10.19.55.133
port 81
keepalive port 2199
keepalive type tcp
protocol tcp
add ssl-proxy-list SSL1
active
service webserver002:83
ip address 10.19.55.132
port 83
add ssl-proxy-list SSL1
keepalive port 2399
keepalive type tcp
protocol tcp
active
service webserver003:83
ip address 10.19.55.133
port 83
keepalive port 2399
keepalive type tcp
protocol tcp
add ssl-proxy-list SSL1
active
service webserver002:85
ip address 10.19.55.132
port 85
add ssl-proxy-list SSL1
keepalive port 2599
keepalive type tcp
protocol tcp
active
service webserver003:85
ip address 10.19.55.133
port 85
keepalive port 2599
keepalive type tcp
protocol tcp
add ssl-proxy-list SSL1
active
service SSL_Front
slot 2
type ssl-accel
keepalive type none
add ssl-proxy-list SSL1
active
owner app1-test
content app-test_back
vip address 10.19.55.10
add service webserver002:81
add service webserver003:81
add service webserver002:83
add service webserver003:83
add service webserver002:85
add service webserver003:85
balance aca
protocol tcp
port 81
active
content app1-test_front
vip address 10.19.55.10
application ssl
add service SSL_Front
protocol tcp
port 443
advanced-balance ssl
balance aca
activeThanks for the quick reply....there is another port 80 rule setup for that vip....I was using that to test with the app until I got the front end https rules working....
my port 80 rules just says listen to 10.19.55.10 on port 80 and load balance btwn the webervers on port 8x in the back end...
I am trying to do https front end and http backend....
no where in my SSL config have I configured port 80....but when I suspend that rule it all fails....
I am wondering if the backend server sessions are happening properly?
I don't fully get what you mean by "You need to have the rule in port 443 to match traffic coming from the client and the clear text rule (port 81) to match traffic already decrypted coming from the SSL module"
Haven'tI done that?
Thanks again!
Sandeep -
How can I keepalive for 2 different applications without using script?
Have a CSS with 2 web server loadbalanced. Initially the keepalive was set to ssl but now the client would like to add another keepalive type http. How can i do this without writing script. Though there is quite number of example in the forum but I'm still confused. Is there any clear and complete sample config for this type of installation.
Below is the example of working config of my client.
service server1
ip address 10.150.1.10
keepalive type ssl
active
service server2
ip address 10.150.1.11
keepalive type ssl
active
Owner Layer3
content Layer3_a
add service server1
add service server2
vip address 10.150.1.12
balance aca
advance-balance sticky-srcipIf you want to use multiple keepalives for a service, you must use a script. The alternative would be to create 2 content rules, and 2 sets of services, one for port 80 (or whatever) and one for port 443 (or whatever), and use http for one and ssl for the other.
Michael Voight
CSE -
Hi,
I have a CSS11501 running 8.10.0.02 software. I have 2 windows 2003 web servers that connect to a backend database. I am recieving complaints that intermittently the end user is getting a session timeout.
I set the flow multiple to 2700 so the flow would be active for 12 hours, but when I issue the show flows command I see flow disappearing after just a few minutes.
Is this normal behavior?
Does my config look correct otherwise?
service A
ip address 192.168.248.17
keepalive type http
active
service B
keepalive type http
ip address 192.168.248.18
active
!*************************** OWNER ***************************
owner test1
content web
port 80
protocol tcp
add service A
add service B
vip address 192.168.248.16
balance aca
advanced-balance sticky-srcip
sticky-inact-timeout 720
flow-timeout-multiplier 2700
active
Thanks
FrankFrank,
if the client or the server closed the connection, it will disappear.
Sniff the traffic on both side of the css and see which device is closing the connection.
Don't forget that servers also come with an idle timeout which is usually far less than 12 hours.
Gilles. -
CSS and Exchange Mobile ActiveSync not working
I have a question relating to a CSS and Exchange Mobile devices The customer has 2 Exchange Client Access Servers CAS1 and CAS2 and has problems with ActiveSync on mobile devices. (OWA is working fine) I am trying to test Exchange ActiveSync (using the Microsoft test site https://www.testexchangeconnectivity.com) When I perform an ‘Exchange ActiveSync Autodiscover’ it works fine, but when I use the test ‘Exchange ActiveSync’, it fails Has anyone had this problem before or can suggest a fix please http://mobile.thamesriver.co.uk The config is underneath Any help would be appreciated Kind Regards Tony !*********************** SSL PROXY LIST *********************** ssl-proxy-list TRC_List ssl-server 10 ssl-server 10 vip address x.x.x.x ssl-server 10 cipher rsa-with-rc4-128-md5 x.x.x.x 80 ssl-server 10 rsakey myrsakey ssl-server 10 rsacert myrsacert active !************************** SERVICE ************************** service mobile1 ip address 10.1.230.200 keepalive type tcp protocol tcp port 80 active service mobile2 ip address 10.1.230.201 keepalive type tcp protocol tcp port 80 active service CASservice1_HTTP protocol tcp port 80 keepalive type tcp ip address 10.1.230.200 string cashttp1 active service CASservice2_HTTP protocol tcp port 80 keepalive type tcp ip address 10.1.230.201 string cashttp2 active service CASservice1_EPM protocol tcp port 135 keepalive type tcp ip address 10.1.230.200 string EPM1 active service RPC_Address1 port 59533 keepalive type tcp ip address 10.1.230.200 protocol tcp active service RPC_Address2 port 59533 keepalive type tcp ip address 10.1.230.201 protocol tcp active service RPC_Mailbox1 protocol tcp keepalive type tcp ip address 10.1.230.200 port 59532 active service RPC_Mailbox2 protocol tcp keepalive type tcp ip address 10.1.230.201 port 59532 active service ssl_module1 keepalive type none add ssl-proxy-list TRC_List type ssl-accel slot 3 active !*************************** OWNER *************************** owner TRC content AuthHead add service mobile1 add service mobile2 vip address x.x.x.x protocol tcp port 80 url "//mobile.thamesriver.co.uk/Microsoft-Server-ActiveSync" active content EPM balance aca add service CASservice1_EPM add service CASservice2_EPM protocol tcp port 135 url "/*" vip address x.x.x.x advanced-balance sticky-srcip sticky-inact-timeout 1 active content OWA balance aca add service CASservice1_HTTP add service CASservice2_HTTP protocol tcp port 80 url "/*" vip address x.x.x.x advanced-balance sticky-srcip-dstport active content RPC-Address balance aca add service RPC_Address1 add service RPC_Address2 port 59533 protocol tcp advanced-balance sticky-srcip vip address x.x.x.x active content RPC-Mailbox balance aca add service RPC_Mailbox1 add service RPC_Mailbox2 advanced-balance sticky-srcip vip address x.x.x.x port 59532 protocol tcp active content ssl-rule vip address x.x.x.x protocol tcp port 443 add service ssl_module1 active !*************************** GROUP *************************** group RDP add service TSservice1 add service TSservice2 add service TSservice3 add service TSservice4 add service TSservice5 add service TSservice6 add service TSservice7 vip address 172.26.100.190 active group WWW add service CASservice1_HTTP add service CASservice2_HTTP vip address x.x.x.x active TRC_CSS#
duh!
I'll try that again....
I have a question relating to a CSS and Exchange Mobile devices
The customer has 2 Exchange Client Access Servers CAS1 and CAS2 and has problems with ActiveSync on mobile devices.
OWA is working fine
I am trying to test Exchange ActiveSync (using the Microsoft test site https://www.testexchangeconnectivity.com) I perform an ‘Exchange ActiveSync Autodiscover’ it works fine, but when I use the test ‘Exchange ActiveSync’, it fails
When
Has anyone had this problem before or can suggest a fix please
http://mobile.thamesriver.co.uk config is underneath
The
Any help would be appreciated
Kind Regards Tony
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list TRC_List
ssl-server 10
ssl-server 10 vip address x.x.x.x
ssl-server 10 cipher rsa-with-rc4-128-md5 x.x.x.x 80
ssl-server 10 rsakey myrsakey
ssl-server 10 rsacert myrsacert
active
!************************** SERVICE **************************
service mobile1
ip address 10.1.230.200
keepalive type tcp
protocol tcp
port 80
active
service mobile2
ip address 10.1.230.201
keepalive type tcp
protocol tcp
port 80
active
service CASservice1_HTTP
protocol tcp
port 80
keepalive type tcp
ip address 10.1.230.200
string cashttp1
active
service CASservice2_HTTP
protocol tcp
port 80
keepalive type tcp
ip address 10.1.230.201
string cashttp2
active
service CASservice1_EPM
protocol tcp
port 135
keepalive type tcp
ip address 10.1.230.200
string EPM1
active
service RPC_Address1
port 59533
keepalive type tcp
ip address 10.1.230.200
protocol tcp
active
service RPC_Address2
port 59533
keepalive type tcp
ip address 10.1.230.201
protocol tcp
active
service RPC_Mailbox1
protocol tcp
keepalive type tcp
ip address 10.1.230.200
port 59532
active
service RPC_Mailbox2
protocol tcp
keepalive type tcp
ip address 10.1.230.201
port 59532
active
service ssl_module1
keepalive type none
add ssl-proxy-list TRC_List
type ssl-accel
slot 3
active
!*************************** OWNER ***************************
owner TRC
content AuthHead
add service AuthHead1
add service AuthHead2
vip address x.x.x.x
protocol tcp
port 80
url "//mobile.thamesriver.co.uk/Microsoft-Server-ActiveSync"
active
content EPM
balance aca
add service CASservice1_EPM
add service CASservice2_EPM
protocol tcp
port 135
url "/*"
vip address x.x.x.x
advanced-balance sticky-srcip
sticky-inact-timeout 1
active
content OWA
balance aca
add service CASservice1_HTTP
add service CASservice2_HTTP
protocol tcp
port 80
url "/*"
vip address x.x.x.x
advanced-balance sticky-srcip-dstport
active
content RPC-Address
balance aca
add service RPC_Address1
add service RPC_Address2
port 59533
protocol tcp
advanced-balance sticky-srcip
vip address x.x.x.x
active
content RPC-Mailbox
balance aca
add service RPC_Mailbox1
add service RPC_Mailbox2
advanced-balance sticky-srcip
vip address x.x.x.x
port 59532
protocol tcp
active
content ssl-rule
vip address x.x.x.x
protocol tcp
port 443
add service ssl_module1
active
!*************************** GROUP ***************************
group RDP
add service TSservice1
add service TSservice2
add service TSservice3
add service TSservice4
add service TSservice5
add service TSservice6
add service TSservice7
vip address 172.26.100.190
active
group WWW
add service CASservice1_HTTP
add service CASservice2_HTTP
vip address x.x.x.x
active
TRC_CSS#
Maybe you are looking for
-
Lion very slow starting apps with Firewire 800 drive mounted. Any ideas?
Lion very slow starting apps with Firewire 800 drive mounted. When my Firewire 800 drive is in sleep mode, when I start up an app like MS Excel or Addressbook. I get a spining wheel and a delay before the app launches. Any ideas? Never happened in 10
-
Crystal reports free license issue...
One of our customers receives the following error when using our software in a Citrix environment. "A crystal reports job failed because a free license could not be obtained in the time allocated. More licenses can be purchased from Crystal decisions
-
Hi, The SAP system runs with 2 co codes in production under the same controlling area. Now we want to add a new co code and separate controlling area but on the same production client - Same box. As annual clsoing works and production start up wor
-
Used to be able to share a Pages document using the Share button and selecting email, but now I just get a beep and nothing happens. Have to export as a Word doc and then launch Mail and attach. Worked fine until upgraded to Mountain Lion and newest
-
Mountain lion download will not start
Hi I commenced a download of ML last night, but my internet connection was broken about 1/3 into the download. On trying to recommence, I am getting 'waiting' status on the ML icon in Launch Pad. I have restarted my iMac, and attempted a recommencem