Oscar Moyano Gomariz
-
Posts
16 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Oscar Moyano Gomariz
-
-
45 minutes ago, Manoj Rana said:
What is your netscaler build number ? in case any bug in the build.
NS12.0.56.20.nc
I don't know...but I have problema with storefront monitor too. (finally I use https-ecv) and exchange owa monitor for the moment not work.....i'm balancing my exchange servers by dns round robin
-
27 minutes ago, Manoj Rana said:
have you tried to restart the IIS services? and I hope you are using HTTPS monitor.
Thanks
Manoj
Yes of course!
https monitor and I tried to restart IIS etc.
-
42 minutes ago, Manoj Rana said:
I am sure you have already checked and install the SSL certificate on all of your backend server.
Yes, the certificates are installed
-
20 hours ago, Todd Harrington said:
You could be comparing apples to oranges in the above example, but it could also be related. Let's narrow the focus.
If you are using a monitor type of "Storefront" that specific monitor type is scripted and is running a script attempting to check the services on the back end server specific to Storefront.
Do you get the same failure message "Probe Failed" on your OWA monitors?
error message:
Failure - Time out during SSL handshake stage
if I change the monitor to "no secure" so the error message is: Failure - TCP connection successful, but application timed out
-
I tried the same with storefront server and same problem...
Netscaler 12 new deployement...
Monitor Name: StoreFront State: DOWN Passive: 0
Probes: 30 Failed [Total: 30 Current: 30]
Last response: Failure - Probe failed.
-
Updates..
After check it yesterday and this morning....same problem.
OWA does't work......I dont find the problem...
-
My ssl parameters:
-
7 minutes ago, Carl Stalhood1709151912 said:
Your SSL Service Group should have a Cipher section. Remove the current ciphers and then bind the new cipher group.
I normally enable default SSL Profile, which affects all SSL vServers and Service Groups.
Yes..I enabled ssl default profile and now in all the vserves and service groups are:
SSL Profile
SSL Profilens_default_ssl_profile_frontend
It's done...bind my group cipher group with TLS1.2 to my owa service group....
But anything change......red.
thanks Carl!
-
28 minutes ago, Carl Stalhood1709151912 said:
I don't see any TLS 1.2 ciphers in that list. Create a new Cipher Group with TLS 1.2 ciphers and bind it to your service groups.
Or I think newer builds of NetScaler 12.0 or 12.1 add the missing TLS 1.2 ciphers.
I created the new cipher group. How I can bind it to the service group?
For the default SSL profile . Is enabled. It's ok ?
-
38 minutes ago, Carl Stalhood1709151912 said:
Is TLS 1.0 disabled on the Exchange servers? I wonder if your ADC is missing the TLS 1.2 ciphers in the default backend cipher group. Is the default SSL profile enabled on your appliance? If so, you can add ciphers to the default backend profile.
Hi!
Yes TLS 1.0 and TLS 1.1 disabled on both servers. TLS 1.2 active.
My NS default cipher (image)
What another feateure or configuration can I check it?
Thanks a lot Carl
-
I've configured load balancing for SMTP and works OK but OWA,rpc doesnt work
- Exchange 2019
- NetScaler VPX version 12.05620nc (Express license)
My configuration is:
#Create servers
add server EXCHVTX01. 10.1.0.60
add server EXCHVTX02. 10.1.0.61
#Create monitors
add lb monitor mon_smtp SMTP
add lb monitor mon_owa HTTP-ECV -send "GET /owa/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor mon_activesync HTTP-ECV -send "GET /Microsoft-Server-ActiveSync/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
add lb monitor mon_rpc HTTP-ECV -send "GET /rpc/healthcheck.htm" recv 200 -LRTM DISABLED -secure YES
...
#Create Service Groups
add serviceGroup svcgrp_ex2019_smtp_25 TCP
add serviceGroup svcgrp_ex2019_smtp_465 TCP
add serviceGroup svcgrp_ex2019_smtp_587 TCP
add serviceGroup svcgrp_ex2019_imap_143 TCP
add serviceGroup svcgrp_ex2019_imap_993 TCP
add serviceGroup svcgrp_ex2019_owa SSL
add serviceGroup svcgrp_ex2019_activesync SSL
add serviceGroup svcgrp_ex2019_rpc SSL
#Bind Service Groups
bind servicegroup svcgrp_ex2019_smtp_25 EXCHVTX01 25
bind servicegroup svcgrp_ex2019_smtp_25 EXCHVTX02 25
bind serviceGroup svcgrp_ex2019_smtp_25 -monitorName mon_smtp
bind servicegroup svcgrp_ex2019_smtp_465 EXCHVTX01465
bind servicegroup svcgrp_ex2019_smtp_465 EXCHVTX02 465
bind serviceGroup svcgrp_ex2019_smtp_465 -monitorName mon_smtp
bind servicegroup svcgrp_ex2019_smtp_587 EXCHVTX01 587
bind servicegroup svcgrp_ex2019_smtp_587 EXCHVTX02 587
bind serviceGroup svcgrp_ex2019_smtp_587 -monitorName mon_smtp
bind servicegroup svcgrp_ex2019_owa EXCHVTX01 443
bind servicegroup svcgrp_ex2019_owa EXCHVTX02 443
bind serviceGroup svcgrp_ex2019_owa -monitorName mon_owa
bind servicegroup svcgrp_ex2019_activesync EXCHVTX01 443
bind servicegroup svcgrp_ex2019_activesync EXCHVTX02 443
bind servicegroup svcgrp_ex2019_activesync -monitorName mon_activesync
bind servicegroup svcgrp_ex2019_rpc EXCHVTX01 443
bind servicegroup svcgrp_ex2019_rpc EXCHVTX02 443
bind servicegroup svcgrp_ex2019_rpc -monitorName mon_rpc
....
The config (image1) with effective status DOWN
Next:
#Create Load Balancer
add lb vserver lb_vsrv_ex2019_smtp_25 TCP 10.1.0.62 25
add lb vserver lb_vsrv_ex2019_smtp_465 TCP 10.1.0.62 465
add lb vserver lb_vsrv_ex2019_smtp_587 TCP 10.1.0.62 587
add lb vserver lb_vsrv_ex2019_imap_143 TCP 10.1.0.62 143
add lb vserver lb_vsrv_ex2019_imap_993 TCP 10.1.0.62 993
add lb vserver lb_vsrv_ex2019_owa SSL 0.0.0.0 0 -persistenceType NONE
add lb vserver lb_vsrv_ex2019_activesync SSL 0.0.0.0 0 -persistenceType SRCIPDESTIP
add lb vserver lb_vsrv_ex2019_rpc SSL 0.0.0.0 0 -persistenceType SOURCEIP -timeout 30
..
#Bind Service Groups to vServer
bind lb vserver lb_vsrv_ex2019_smtp_25 svcgrp_ex2019_smtp_25
bind lb vserver lb_vsrv_ex2019_smtp_465 svcgrp_ex2019_smtp_465
bind lb vserver lb_vsrv_ex2019_smtp_587 svcgrp_ex2019_smtp_587
bind lb vserver lb_vsrv_ex2019_imap_143 svcgrp_ex2019_imap_143
bind lb vserver lb_vsrv_ex2019_imap_993 svcgrp_ex2019_imap_993
bind lb vserver lb_vsrv_ex2019_owa svcgrp_ex2019_owa
bind lb vserver lb_vsrv_ex2019_activesync svcgrp_ex2019_activesync
bind lb vserver lb_vsrv_ex2019_rpc svcgrp_ex2019_rpc
..
#Bind SSL certificate
bind ssl vserver lb_vsrv_ex2019_owa -certkeyName 'MycertWilcard'
bind ssl vserver lb_vsrv_ex2019_activesync -certkeyName 'MycertWilcard'
bind ssl vserver lb_vsrv_ex2019_rpc -certkeyName 'MycertWilcard'
bind ssl vserver lb_vsrv_ex2019_ews -certkeyName 'MycertWilcard'
conf in image2
next Content swith etc but the basic configuration doesn't work
Unlike SMTP - all green lights there - the virtual server and Service Groups for OWA,RCP,Activesync etc has a red light for both Status and Effective Status.
I've changed the DNS entry for "mail" (as in mail.mydomain.net/owa) to point 10.1.0.60 or 10.1.0.61 and all is fine but with the VIP on the NetScaler not.....
I used this guide:
hank you in advance!
Monitoring HTTPS gives error - Time out during SSL handshake stage
in Core ADC use cases
Posted
same problem...
https service to exchange and status down.
I tried all...use tls1.2
disable firewall
some different certificates.
And error : Failure - Time out during SSL handshake stage
I have netscaler NS12.0.56.20.nc and exchange 2016