HTTPS monitoring against IIS 10 (resolved)

Question

We are migrating our applications to Windows Server 2016 / IIS 10 and are having trouble getting monitoring to work against these new servers (sites set up as HTTPS using SNI in IIS). I have tested connectivity to the sites between servers (basic test in a web browser) and we have ensured that the required SSL protocol and ciphers are configured on the server to allow access from the monitor (which, incidentally, is using TLS 1.2).The connection from the monitor just fails, and nothing is logged on the web server. We thought the issue might be SNI related so configured a default site in IIS without SNI, but this did not resolve the issue.We have the same type of monitoring working against applications on servers running IIS 8.5 (Windows Server 2012 R2), there are no obvious differences between server configurations or monitoring configuration.Version in use is 12.1.2 and monitor send/receive strings look roughly like this:send- GET /test.html HTTP/1.0
Host:x.co.uk

receive- HTTP/1.1 200 OKHas anyone seen similar issues with IIS 10?

sharptooth · Answer

We have been able to resolve this. The SSL certificates used in IIS were created using ECDH ciphers and the big-ip configuration was expecting RSA. We therefore changed the cipher configuration from DEFAULT to HIGH and this then fixed the issue.

Forum Discussion

HTTPS monitoring against IIS 10 (resolved)

1 Reply

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

Resolve Citrix Secure Ticket Authority (STA)

DNS Resolution with the RESOLVER::name_lookup Command

Health monitor question

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

Abusing Open Resolvers