Connectivity Verifier for the Web Servers in the Web Farm shows “ERROR” in the Farm Monitor Status in Web Monitor on the Forefront Unified Access Gateway Server


 

 

Introduction

It is a very common scenario where we have multiple internal web servers published through UAG. And these web servers are hosting the same service so they need to be load balanced. And we use the “Web Farm” Feature of UAG to Publish these web servers. And when we use a “Web Farm”, we also create a ‘Connectivity Verifier” which keeps on checking the connectivity to the Servers in the Web Farm, using one of the three methods mentioned below:

1) GET Request.

2) PING

3) TCP Connection on the Port the Web Servers are listening

Scenario

In this particular case we were using the GET Request method to check the Connectivity to the Web Servers. And when we went to the Web Monitor and checked the Status of the Farm under the “Farm Monitor”, it was showing Errors there:

image

 

 

Troubleshooting

As we had Port 443 configured on the internal web servers, so, we will be trying to send the GET request in the Connectivity Verifier. We gathered a Network trace on the UAG server while trying to refresh the Farm Monitor status, and we could see in the trace that the SSL Handshake was not getting completed successfully.

For more information on the process of SSL Handshake please follow the Article below:

http://support.microsoft.com/kb/257591

Then we started investigating it from the Certificate angle. We checked the Certificate on the Web Server and checked its Root CA Certificate. Ideally that Root CA Certificate should have been there on the UAG server, so that it can Trust the Web Server’s Certificate.

But when we checked that Root CA certificate in the “Trusted Root Certification Authorities” Store on the UAG server, it was not there.

We exported the Root CA Certificate from the Web Server and Imported it in the “Trusted Root Certification Authorities” store on the UAG server.

And immediately after we could see that the “Connectivity Status" in the Farm Monitor in Web Monitor changed from Error to Success.

 

CONCLUSION

Even when we are just checking the connectivity to the web servers, through the Automated verification method, Certificates still play an Important Role as in a normal SSL connection scenario.

 

 

Blog Written By

NITIN SINGH

SUPPORT ESCALATION ENGINEER, FOREFRONT EDGE SECURITY, MICROSOFT


Skip to main content