Local GSLB site show "remote site MEP down" and remote GSLB site not responding to 3009 MEP connection's SYN packet in nstrace

Local GSLB site show "remote site MEP down" and remote GSLB site not responding to 3009 MEP connection's SYN packet in nstrace

book

Article ID: CTX308990

calendar_today

Updated On:

Description

GSLB remote site MEP status DOWN.
GSLB remote Service status DOWN.
From nstrace, Remote site doesn't respond TCP 3009 MEP connection SYN packet.

Resolution


1: Disable local GSLB site MEP and re-enable MEP again. 

set gslb site <siteName> [-metricExchange ( ENABLED | DISABLED )]
For more details, refer to: https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/gslb/gslb-site/

2: Check the internal service(nshttps-127.0.0.1-443) status is UP.
    If not. then click Edit button-->Click Certificate tab--->link "ns-server-certificate" to this internal service.


 

Problem Cause

Cause 1: local site sending MEP connection 3009 request with NSIP instead of SNIP.  Remote site will ONLY listen on NSIP's connection and block all others

Cause 2: The internal service(nshttps-127.0.0.1-443) status is DOWN due to "ns-server-certificate" link missing. The certificate is mandatory for secure MEP connection to encrypt message.

Powered by Wolken Software