Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Issue with Mobile devices using APM. Getting "Connection Reset / Lost"

I am experiencing an issue with accessing our APM with a mobile device. Initially, I thought it was only on Apple products but have since been able to recreate it on Android consistently. What happens is when you attempt to access our APM for SAML auth from a mobile device, it gives a Connection error. Then, when you refresh the mobile browser, the webtop is displayed properly or SAML is passed. On Android devices you get "ERR_CONNECTION_RESET", on Apple devices you get "Network connection was lost".

So it goes like this: Start a session by going to https://sso.mycompany.com and get presented with logon screen. Image Text

Log in successfully and on the APM side, it's just standard AD Authentication, but it gives "Connection lost" screen. The logs also do not show it presenting the Webtop. Image Text

Then if you hit the refresh button, everything shows properly. Image Text

Any ideas would be greatly appreciated.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The first thing to do when troubleshooting APM session issues like this is to examine the log messages in /var/log/apm. Do this and look for errors that occur that may correspond to the client problems.

SAML errors, from a client perspective, usually result in a "RST" or similar behavior and are only visible on the BIG-IP log files. The logging is quite comprehensive though and usually reveals the source of the problem.

0
Comments on this Answer
Comment made 14-Mar-2016 by mike.drennen 268
Thanks for the reply. That's what has me confused, the logs really don't show a whole lot. It seems on mobile, both iOS and Android, if I clear browsing history, it will work perfectly the first time, then start with the connection issue every time afterward. here is logs when it works: 2016-03-14 08:26:13 Received User-Agent header: Mozilla%2f5.0%20(Linux%3b%20Android%205.0.2%3b%20STUDIO%20ENERGY%20Build%2fLRX21M)%20AppleWebKit%2f537.36%20(KHTML%2c%20like%20Gecko)%20Chrome%2f47.0.2526.83%20Mobile%20Safari%2f537.36. 2016-03-14 08:26:13 Received client info - Type: Safari Version: 1 Platform: Android CPU: unknown UI Mode: Mobile Smart Phone Javascript Support: 1 ActiveX Support: 0 Plugin Support: 0 2016-03-14 08:26:13 New session from client IP 166.171.58.82 (ST=Maryland/CC=US/C=NA) at VIP 208.84.9.37 Listener /Common/MRC_O365.app/MRC_O365_vs (Reputation=Unknown) 2016-03-14 08:26:30 Connectivity resource '/Common/MRC_O365.app/MRC_O365_apm_saml_resource_sso' assigned 2016-03-14 08:26:30 Connectivity resource '/Common/Novatus' assigned 2016-03-14 08:26:30 Connectivity resource '/Common/Workfront' assigned 2016-03-14 08:26:30 Webtop '/Common/MRC_O365.app/MRC_O365_apm_webtop' assigned 2016-03-14 08:26:30 Following rule 'fallback' from item 'Advanced Resource Assign' to ending 'Allow' 2016-03-14 08:26:30 Access policy result: Full 2016-03-14 08:26:30 Username 'mike.drennen' Here are logs when it does the connection drop: 2016-03-14 07:40:01 Received User-Agent header: Mozilla%2f5.0%20(iPhone%3b%20CPU%20iPhone%20OS%209_2_1%20like%20Mac%20OS%20X)%20AppleWebKit%2f601.1.46%20(KHTML%2c%20like%20Gecko)%20Mobile%2f13D15. 2016-03-14 07:40:01 Received client info - Type: Safari Version: 1 Platform: iOS CPU: unknown UI Mode: Mobile Smart Phone Javascript Support: 1 ActiveX Support: 0 Plugin Support: 0 2016-03-14 07:40:01 New session from client IP 166.170.29.152 (ST=Maryland/CC=US/C=NA) at VIP 208.84.9.37 Listener /Common/MRC_O365.app/MRC_O365_vs (Reputation=Unknown) 2016-03-14 07:40:16 Username 'jr.foster' 2016-03-14 07:45:30 \N: Session deleted due to user inactivity or errors. 2016-03-14 07:46:11 Session statistics - bytes in: 4772, bytes out: 1695
0
Comment made 14-Mar-2016 by mike.drennen 268
Sorry, i tried twice to fix the formatting of that comment.
0
Comment made 14-Mar-2016 by Lucas Thompson
To post logs you can just enclose in the HTML "pre" tag.
0
Comment made 22-Mar-2016 by mike.drennen 268
So i found that the issue is in the Office365 iApp irule for "encode". I downloaded the newest version of the iApp and that iRule is still the same. Without the iRule, it passes through every time, but break O365 authentication. With the iRule, it passes through once without issue, then breaks every subsequent time.
0
Comment made 22-Mar-2016 by Nathaneil0227 410
I also have issue with iRules using iApps Cas, Activesync. Try to remove http profile and irule it is working.
0