Message Log

January 25, 2009, 6:50 pm

I recently updated my Kemp 2500 load balancer to the latest firmware hoping that would fix some of the problems. Yes, it did fix most of the problems but I still have these errors or warnings popping out on the message logs.

from the System Message file:
Jan 24 02:36:31 NAXOSLB01 kernel: Kernel logging (proc) stopped.
Jan 24 02:36:31 NAXOSLB01 kernel: Kernel log daemon terminating.
Jan 24 02:36:32 NAXOSLB01 exiting on signal 15
Jan 24 10:36:32 NAXOSLB01 syslogd 1.3-3: restart.
Jan 24 10:36:37 NAXOSLB01 kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jan 24 10:36:37 NAXOSLB01 kernel: Cannot find map file.
Jan 24 10:36:37 NAXOSLB01 kernel: No module symbols loaded - kernel modules not enabled.
Jan 24 10:36:37 NAXOSLB01 kernel: Cannot build symbol table - disabling symbol lookups
....
Jan 24 02:59:01 NAXOSLB01 /usr/sbin/cron[19918]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)

from the Warning Message file:
Jan 24 10:36:37 NAXOSLB01 kernel: Cannot find map file.
Jan 24 10:36:37 NAXOSLB01 kernel: Cannot build symbol table - disabling symbol lookups
Jan 24 10:54:46 NAXOSLB01 kernel: printk: 2 messages suppressed.
Jan 24 10:57:46 NAXOSLB01 kernel: printk: 1 messages suppressed.
Jan 24 10:58:09 NAXOSLB01 kernel: printk: 1 messages suppressed.

What are these things? Am I suppose to ignore them? These are linux errors I think. Any suggestion or tweaks I should do on the box? Or another update perhaps? What's a symbol table?

↧

Load Master Login

January 30, 2009, 11:14 am

≫ Next: Failed SSL Negotiation

≪ Previous: Message Log

I logged in to Load Master this morning and nothing is coming up on page.
I am able to login but and I see Kemp Logo but nothing else.

↧

Failed SSL Negotiation

March 8, 2011, 1:23 am

≫ Next: Exchange 2010 Microsoft-Server-ActiveSync does not work

≪ Previous: Load Master Login

Hi,
We need some help because our Kemp 2500 is giving errors continuously about ssl negotiation.
We test de Cert in VeriSign SSL Certificate Installation Checker and the results are Ok:

eliteweb.infonis.com is successfully secured by an SSL certificate. The following certificates are correctly installed: ------Certificate 1------ --Issued To-- Organization: INFONIS S.L. Organizational Unit: Member,, VeriSign Trust Network Organizational Unit 2: Authenticated by VeriSign Organizational Unit 3: Terms of use at www.verisign.es/rpa (c)05 Organizational Unit 4: INFONIS S.L. Common Name: eliteweb.infonis.com Locale: MADRID, MADRID Country: ES --Issued By-- Organization: VeriSign Trust Network Organizational Unit: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Organizational Unit 2: VeriSign International Server CA - Class 3 Organizational Unit 3: VeriSign,, Inc. Valid from Wed May 20 02:00:00 CEST 2009 to Wed Jun 13 01:59:59 CEST 2012 Serial Number (hex): 5b1e57bca2b4dadfd6b5419aa65ee381 ------------------------- ------Certificate 2------ --Issued To-- Organization: VeriSign Trust Network Organizational Unit: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Organizational Unit 2: VeriSign International Server CA - Class 3 Organizational Unit 3: VeriSign,, Inc. --Issued By-- Organization: VeriSign,, Inc. Organizational Unit: Class 3 Public Primary Certification Authority Country: US Valid from Thu Apr 17 02:00:00 CEST 1997 to Tue Oct 25 01:59:59 CEST 2016 Serial Number (hex): 46fcebbab4d02f0f926098233f93078f

We have the eliteweb.infonis.com as 3rd party certificate as .pem but get the following errors:

Mar 8 12:10:56 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:10:59 kemp2 last message repeated 3 times
Mar 8 12:11:03 kemp2 vsslproxy: Client 85.136.36.31 failed SSL negotiation!
Mar 8 12:11:04 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:11:05 kemp2 last message repeated 2 times
Mar 8 12:11:06 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:11:06 kemp2 kernel: L7: Connection timed out
Mar 8 12:11:06 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:11:09 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:11:13 kemp2 vsslproxy: Client 85.136.36.31 failed SSL negotiation!
Mar 8 12:11:17 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:11:18 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:11:24 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:11:36 kemp2 last message repeated 2 times
Mar 8 12:11:39 kemp2 vsslproxy: Client 62.14.234.1 failed SSL negotiation!
Mar 8 12:11:47 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:11:47 kemp2 kernel: L7: Connection timed out
Mar 8 12:12:10 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:12:20 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:12:21 kemp2 vsslproxy: Client 62.14.234.1 failed SSL negotiation!
Mar 8 12:12:28 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:12:31 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:12:31 kemp2 vsslproxy: Client <62.14.234.1 - port scan?> failed SSL negotiation!
Mar 8 12:12:31 kemp2 vsslproxy: Client 62.14.234.1 failed SSL negotiation!
Mar 8 12:12:32 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:12:36 kemp2 last message repeated 4 times
Mar 8 12:12:41 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:12:42 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:12:42 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:12:49 kemp2 kernel: L7: Connection timed out
Mar 8 12:12:50 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:12:51 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:12:54 kemp2 vsslproxy: Client 194.59.172.128 failed SSL negotiation!
Mar 8 12:12:57 kemp2 vsslproxy: Client 80.26.9.131 failed SSL negotiation!
Mar 8 12:12:58 kemp2 last message repeated 5 times
Mar 8 12:13:02 kemp2 kernel: L7: Connection timed out
Mar 8 12:13:02 kemp2 kernel: L7: Connection timed out
............
Mar 8 12:21:43 kemp2 vsslproxy: Client <77.208.158.192 - port scan?> failed SSL negotiation!

Is all time the same.Could you help us with any idea???
Best regards

↧

Exchange 2010 Microsoft-Server-ActiveSync does not work

January 23, 2012, 6:27 am

≫ Next: Two gateways?

≪ Previous: Failed SSL Negotiation

we are using a Virtual Service for HTTPS-based services (with SSL Offload). EAS via the Kemp does not work, it returns nothing. A direct connection works ok. Command used is FolderSync, which takes a while.

Trace:

Jan 23 14:45:16 LM-1 kernel: L7: ffff880139ec9680: Created (ffff88013b642a80)
Jan 23 14:45:16 LM-1 kernel: L7: ffff880139ec9680: SSL accept on 134.76.9.199:443 from 207.46.14.52:50633 (0/0)
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Extract: Didn't find Cookie 'email443'
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: finished
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: request: OPTIONS /Microsoft-Server-ActiveSync/
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: find persist returns ffff88013694cbc0
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Connecting from 134.76.9.199:3365 to 134.76.9.201:80
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: locally saving pkey '' 0
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: updating persist 0 1
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: client_read: goto got_a_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: client_read: got_a_header 1 1
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Extract: Didn't find Cookie 'email443'
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: finished
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: add_header Request: OPTIONS /Microsoft-Server-ActiveSync/
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: l7_mangle_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: l7_mangle_(replace)header failed '/Microsoft-Server-ActiveSync/'
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: locally saving pkey '873344719.51653.915721152.3015935336' 36
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: updating persist 1 1
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Extract: Didn't find Cookie 'email443'
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: finished
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: HTTP/1.1 request2: OPTIONS /Microsoft-Server-ActiveSync/
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: staying with the current destination
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: client_read: got_a_header 1 0
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: l7_mangle_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: l7_mangle_(replace)header failed '/Microsoft-Server-ActiveSync/'
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: Expect-100
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Extract: Didn't find Cookie 'email443'
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: finished
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: HTTP/1.1 request2: POST /Microsoft-Server-ActiveSync/
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: staying with the current destination
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: client_read: got_a_header 1 0
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: l7_mangle_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: l7_mangle_(replace)header failed '/Microsoft-Server-ActiveSync/?Cmd=FolderSync&User=XXXXXX&DeviceId=1415860015&DeviceType=TestActiveSyncConnectivity'
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: post_await 401
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: no data
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: no data
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header
Jan 23 14:45:17 LM-1 kernel: L7: ffff880139ec9680: Parse_http_header: no data

Any ideas? Bodo

↧

Two gateways?

February 13, 2012, 8:54 am

≫ Next: VS Down - Statistics

≪ Previous: Exchange 2010 Microsoft-Server-ActiveSync does not work

We have two Internet gateways at our company. Physically they are at different sites, however the two sites operate as a single network and therefore both can be used.

Site A has a 192.168.0.1 address for its gateway.

Site B has a 192.168.0.11 address for its gateway.

Inbound email and webmail access used to come in at either location however the load balancers have to point to a single gateway which has meant a single point of failure for us.

Is it possible to configure the LM-Exchange balancers to use two gateways?

↧

VS Down - Statistics

April 5, 2012, 6:40 am

≫ Next: Virtual Service with a WAN IP address and RealServers with LAN IP addresses

≪ Previous: Two gateways?

Hi @ all,

I`ve got an HA pair of VLM - One arm configuration. There are some VS created for Exchange server. At "statistics" are 3 sections: Global, Real Servers, Virtual Services. Under "Virtual Services" all VS have the status down but in "virtual Services" --> View/Modify the status is up. What does this mean? Does anybody known this?

Thx

mwerner

↧

Virtual Service with a WAN IP address and RealServers with LAN IP addresses

May 14, 2012, 2:48 am

≫ Next: Help me access to webserver after setup HA & Loablancing

≪ Previous: VS Down - Statistics

Hey guys, good morning.

I have been trying to get the LM-2200 to work in a situation described in the title "Virtual Service with a WAN IP address and RealServers with LAN IP addresses".

So for example:

Web Traffic comes in to the LM at VirtualService 85.75.65.55:80 and sends it to RealServers with a local IP of 172.23.0.10:80 and 172.23.0.20:80.

Now the problem i am having is, that it freezes when i try to connect (browser), however, when i telnet to the VS, i get connected, but i get a Timeout.

So checking the log file i see Connection Timeouts, which i don't understand or at least i can't seem the feel what the problem is, since the interfaces are configured correctly (or at least i think they are) and when i view the VS, it is giving me Green for both the RealServers.

Anyone know what i am missing?

↧

Help me access to webserver after setup HA & Loablancing

June 6, 2012, 7:56 pm

≫ Next: VS has no MAC address

≪ Previous: Virtual Service with a WAN IP address and RealServers with LAN IP addresses

I user other Pc (192.168.0.x/24) access to 192.168.0.150 , but i don't access to my website ?

I can access to internet from my webservers

How i can fix it ?

↧

VS has no MAC address

June 11, 2012, 6:42 am

≫ Next: Automated Backups

≪ Previous: Help me access to webserver after setup HA & Loablancing

Is there a way to allow a Virtual Service to have a MAC address. I've created a virtual service that is not accessible from the same Subnet unless I manually add a route to the host. The route statements tells the host to go to the load balancer if is need to get to the VS I.P. Address (via the load balancer shared address). If the VS had a MAC Address, then the VS would show up in the ARP table, and I wouldn't have to do this. Microsoft NLB in windows automatically assigns a MAC address to the cluster address.

↧

Automated Backups

June 13, 2012, 3:42 am

≫ Next: Filename of automated FTP backups contains colon that produces error on windows systems

≪ Previous: VS has no MAC address

Hello,

Sorry for my English ...

I'm testing the automated backups system in Kemp.

I have installed a FTP server. I set my Kemp to connect and deploy my conf file to this ftp server.

I have used this setting:

Enable Automated Backups ==> OK

When to perform backup ==> "in 2 minutes" ; daily

Remote User ==> "myUser"

Remote password==> "myPass"

Remote host ==> "myHost"

Remote Pathname ==> "myPath"

I wait 2 minutes but I have no connection to my FTP server.

I test a TCP dump to my ftp address,Port 21 and I have no data in my TCP dump.

Do you have a solution ?

Thanks for your help.

↧

Filename of automated FTP backups contains colon that produces error on windows systems

June 29, 2012, 7:28 am

≫ Next: Outlook Folder Sync Issue

≪ Previous: Automated Backups

Hi,

the FTP filename of the backup file contains a ":" from the backup time. A ":" is not allowed on our FTP server as filename character (Windows system). So we are not able to use this function at the moment.

Could you please change this in a future release to filenames without special characters?

Thank you very much.

Best regards,
Thomas Lange
CID GmbH

↧

Outlook Folder Sync Issue

July 2, 2012, 9:01 am

≫ Next: Content switching

≪ Previous: Filename of automated FTP backups contains colon that produces error on windows systems

Hi Guys,

last week I implemented LM within an Exchange organisation and CAS-array. Mostly everything works fine until little issues. One of them is an sync issue:

14:29:24 Hierarchie
wird synchronisiert

14:29:56
Fehler bei der Synchronisierung des Ordners.
14:29:56
[8004011D-526-80040115-0]
14:29:56 Microsoft Exchange ist nicht
verfügbar. Es bestehen Netzwerkprobleme, oder der Servercomputer mit Exchange
wurde für Wartungsarbeiten heruntergefahren.
14:29:56 Microsoft
Exchange-Informationsspeicher
14:29:56 Weitere Informationen zu diesem
Fehler erhalten Sie unter der folgenden URL:
14:29:56 http://www.microsoft.com/support/prodredirect/outlook2000_us.asp?err=8004011d-526-80040115-0

Another one is an Outlook popup:

"Microsoft Exchange administrator has made a change that requires you quit and restart Outlook."

Pressing OK button and Outlook works fine but it is annoying and certainly not right.
Without CAS-array it works like a charme.

Does anybody have an suggestion?

Thanks a lot
mwerner

↧

Content switching

July 5, 2012, 8:09 am

≫ Next: Basic One-armed load balancing setup issues

≪ Previous: Outlook Folder Sync Issue

Hi,

I need to switch URLs using the content filter so that every request to go to nlvsrv-xxx/tfs, gets replaced to server.hostname/tfs

replace haeder

I have the header field set to nlvsrv-xxx

Matching string *nlvsrv-xxx/tfs*

value of header server.hostname/tfs

I have enbled this in the virtual service and set to enabled but it does not do any URTL switching? Any ideas on what I am doing wrong? The client is hitting the LB

Thanks

Geraint

↧

Basic One-armed load balancing setup issues

August 1, 2012, 3:25 pm

≫ Next: Requests to external services reset, resulting in connection timeouts/refused

≪ Previous: Content switching

Hello all,

Today I have been working on setting up a very basic load balancing solution, but I have hit some issues on this setup.

My network setup consists of the load balancer and three computers all being in the same internal network/ subnet, and only 1 NIC is being used on the load balancer. There are three servers included in the virtual service, all with the NAT routing method.
I have this all set up, and there are no errors or warning messages about this virtual service in the log files, but the webpage is never returned to the browser.

In the Statistics section of the web interface it shows that number of connections is increasing every time that I refresh the page that requests the virtual IP (and it also is being load balanced correctly), but the page times out in the browser.
If I request the actual IP-address of the servers that are being load-balanced the website is returned quickly.

When I check the logs of one of my CentOS servers that is is being sent the request it does appear to be attempting to access my machine, as there are requests from the load-balancer's IP, however I'm not sure what else this line in the log file means:

10.200.120.210 - - [01/Aug/2012:14:49:40 -0700] "HEAD / HTTP/1.0" 200 - "-" "-"

Does anyone have any idea what I'm doing wrong?

My load balancer version is 4.3-48.20090306-1537.

↧

Requests to external services reset, resulting in connection timeouts/refused

August 28, 2012, 2:25 pm

≫ Next: Create Backup File does not work with IE9

≪ Previous: Basic One-armed load balancing setup issues

Situation:

We have many servers behind a Load Master on a single Virtual IP
Four of these servers make long requests (20-30 seconds) to a third-party service
When all four servers are allowed to make the requests, we get regular (50%) connection timeouts or refused errors
When we route all of such requests through a single server, we have 100% successes, zero failures
Ideally, all servers should be able to communicate with the third-party with no dropped connections

The initial thought is that some TCP packets are routing to the incorrect machine when coming back through the firewall and LB to the originating server. When enough of the packets don't get ACK'd, then the third-party resets the connection and the communications fail.

Investigations have been focused on configuring the real servers to ignore ARP replies and create a loopback device for the VIP. (Per Appendix F of the Load Master documentation), but as yet we have been unsuccessful in completing this configuration and are not positive it is the issue overall. (When we try to configure the loopback, the LB stops sending all requests to those servers).

Any help or ideas would be appreciated!

Thanks!

(All servers running Ubuntu 12.04)

↧

Create Backup File does not work with IE9

August 27, 2012, 9:13 am

≫ Next: Load balancers no longer routing traffic

≪ Previous: Requests to external services reset, resulting in connection timeouts/refused

I tried "regular" and "compatibility"mode. Works fine with Firefox.

↧

Load balancers no longer routing traffic

September 7, 2012, 12:20 pm

≫ Next: LM2600 - Outllok via VPN

≪ Previous: Create Backup File does not work with IE9

We have two view managers load balanced using Kemp LB's. The system has been up for ~2 years. On our two view manager servers the shared LB IP is set as the gateway. For some reason the LB's are no longer routing traffic. We've contacted our VAR but they haven't got very far resolving the issue. We change the gateway on the VM servers and users can now get to their desktop but we're not operating in our normal HA/LB configuration. Any assistance would be appreciated. Thanks

↧

LM2600 - Outllok via VPN

September 10, 2012, 2:17 am

≫ Next: LM 2600 VS for Exchange (MAPI & HTPPS) Stops working

≪ Previous: Load balancers no longer routing traffic

Hi we have 2 LM2600 in HA mode (one armed) internal Outlook Clients connecting without any problems.
If users connect through VPN the Clients can not connect to exchange (direct connetion to the exchange server works fine).

VPM connection through microsoft TMG

any ideas?

↧

LM 2600 VS for Exchange (MAPI & HTPPS) Stops working

July 12, 2012, 5:52 am

≫ Next: Connect fail

≪ Previous: LM2600 - Outllok via VPN

Hello I have a problem with the LM2600, I have VS configured for MAPI and HTTPS.
After a short time the VS isn´t responding to the clients and the otlook connection gets lost (ping is possible)

can anyone help me what can be?

LM and CAS server are in the same vlan

(sorry for bad english)

↧

Connect fail

September 16, 2012, 10:46 pm

≫ Next: bad ip address for Eth0

≪ Previous: LM 2600 VS for Exchange (MAPI & HTPPS) Stops working

I have a
one armed configuration Exchange 2010 with 2 CAS servers on same subnet, and
default gateway is set to the loadmaster´s management IP on CAS servers. They
go green when I enable them and mail traffic is working. Failover
works with either of the host´s shutdown.

But one of the
cas the server´s does seems to have a problem that I can´t find the source to, I
get this repeatedly in my loggfiles. And this one seems to get far less
connections.

KEMP2
kernel: L7: Real Server Connect failed (172.16.254.218:*->172.16.254.205:*)

They are completely
identical except hostname and ip off course. Any thoughts
what to look for?

Best regards

Conny

↧