GTM https health monitor has never worked
I'm trying to construct a health monitor in GTM 11.5.4 that looks for text on an https web page. I have never been able to get the monitor to go green so I am trying to troubleshoot it.
gtm monitor https mhconnect_https {
cert /Common/default.crt
cipherlist DEFAULT:+SHA:+3DES:+kEDH
compatibility enabled
defaults-from https
description "Look for specific text"
destination *:*
interval 30
key /Common/default.key
probe-timeout 5
recv "Please sign in to begin your secure session."
send "GET /dana-na/auth/url_default/welcome.cgi"
timeout 120
}
The /var/log/gtm log shows this:
011ae0f2:1: Monitor instance /Common/mhconnect_https x.x.x.x:443 UNKNOWN_MONITOR_STATE --> DOWN from x.x.x.x (connect: server error search result false)
From the GTM in question, I can use CURL and see the text in the HTML page that the health monitor keys on:
curl --insecure -v https://x.x.x.x/dana-na/auth/url_default/welcome.cgi
This returns many lines of text, including HTML containing the text I'm looking for.
A telnet test fails:
[root@F5-GTM-MC-01:Active:Standalone] monitors telnet x.x.x.x 443
Trying x.x.x.x...
Connected to x.x.x.x.
Escape character is '^]'.
GET /dana-na/auth/url_default/welcome.cgi
Connection closed by foreign host.
[root@F5-GTM-MC-01:Active:Standalone] monitors
I have also tried using this as the send string, to force HTTP 1.0:
GET /dana-na/auth/url_default/welcome.cgi HTTP/1.0\r\n
..and that doesn't work either. If I open the IP and path () in a web browser, it works fine.
I have used tcpdump to capture the traffic, and I can see the regular health monitor TCP traffic flowing, but the application data is all encrypted so that's been no help. The "011ae0f2:1" error seems to be somewhat well documented but I've seen nothing that relates to my problem.
What should I do next to troubleshoot this?