Content switching monitor issue

[Manoj Kumar]

Content switching monitor issue

[Manoj Kumar]

Hi,

I am trying to set up ADC in DMZ and customer LAN. There is a content switching service running and working in the LAN but I am trying to connect DMZ ADC LB service on port 443 monitors getting an issue and error " tcp connection successful but application timeout" I have asked the customer firewall rule and confirmed port 443 is allowed to NSIP, SNIP and content switch IP. Not sure what I am missing.

Thanks

Manoj

[Ronan OBrien]

Have you tried this KB article?

https://support.citrix.com/article/CTX215481/error-failure-tcp-connection-successful-but-application-timed-out-on-netscaler

Since NetScaler is a full secure reverse proxy, there are two conversations happening here.

1. Client --> CS or LB VIP
2. NetScaler --> Application Server.

We are troubleshooting stage 2 - so it has nothing to do with the LB VIP or CS VIP

Can you try changing the monitor to a basic TCP monitor? What is the result.

Is there a service running on port 80 on the application server, and is this port open on the internal FW? If so, try creating a service which is port 80, HTTP and see if a HTTP Monitor works.

If you can copy and paste the service configuration here that will also help us.

Reasons for this sometimes is client cert auth turned on the service at the back end, where it is waiting for a certificate from NS, or some other SSL related issue, but first, the steps about should take the FW out of the equation.

Ronan.

[Guest Farhan Ali]

The issue is that you are able to connect on tcp but when ssl handshake is happening its failing. You need to verify that the backend server SSL is working fine and Netscaler is able to trust it and complete the session