HTTPS default health monitor

Question

Hey guys,&nbsp;
What exactly does the default https health monitor preform? We have an application where it uses the default https health monitor but no longer works as its marking the nodes down in the pool, but when I apply the http monitor it marks the nodes up.&nbsp;
The nodes in the pool are using https as the defined ports for the nodes themselves. Both default monitors (http, https) preform a GET /\r/n..not sure what the differences between the strings are as there is none from the looks of it.&nbsp;
Any explanation would be great&nbsp;
Thanks&nbsp;

stephanmanthey · Answer

Hi bigipjr28,
the default "GET /
" may result in an immediate connection reset by the server.  Please try to build a new custom https monitor using the existing https monitor as parent.  The new request string would be as follows:  
GET / HTTP/1.0
Connection: close

You can use cURL on cli to test the server response to figure out a proper receive string:  
curl -I -k https:///

Thanks, Stephan

ahmedmostafa_16 · Answer

I have the same issue
I am using F5 to load balance Exchange 2013 CAS servers.
The Node use the default monitor https_443, &amp; the Node marked down.
I create a new https monitor but when i try to add it to the node by selecting "Node Specific" monitor , i can not see my new created health monitor. &nbsp;
Any idea ?&nbsp;

stephanmanthey · Answer

Hi Ahmed,  
please try to assign the monitor on pool level or on pool member level.  
Be aware, that with adding new pool members by default a member specific monitor would be assigned (and if not it will remain unchecked).  
Make sure to always use the advanced settings when adding a pool member and select the option "monitor: inherit from pool".  
In case you really would like to assign a newly created L4 (and higher) monitor on node level, it will be necessary to specify an "Alias" port in the monitor definition. The "Alias" port specifies the TCP-/UDP-port the monitor should target. (On node-level or with poolmembers configured with a wildcard port the monitoring demon simply doesnt know, where the monitor should connect to. And even it is an SSL-based service it can run on 443, 8443 ... whatever. The http_443 monitor has the "Alias" port already hard coded and that´s why shows up to be selected.)    
The "Alias" setting cannot be changed afterwards. 
It will be necessary to create a new monitor including the "Alias" setting.  
Thanks, Stephan

Forum Discussion

HTTPS default health monitor

3 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Health monitor question

iRule based RADIUS Health Monitor Builder

GTM health Monitoring and Probe

Parameteters in default https monitor

Losing Requests because of health monitoring