Local GSLB site show "remote site MEP down" and remote GSLB site not responding to 3009 MEP connection's SYN packet in nstrace

book

Article ID: CTX308990

calendar_today

Updated On:

Description

GSLB remote site MEP status DOWN.
GSLB remote Service status DOWN.
From nstrace, Remote site doesn't respond TCP 3009 MEP connection SYN packet.

Resolution

1: Disable local GSLB site MEP and re-enable MEP again.

set gslb site <siteName> [-metricExchange ( ENABLED | DISABLED )]
For more details, refer to: https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/gslb/gslb-site/

2: Check the internal service(nshttps-127.0.0.1-443) status is UP.
If not. then click Edit button-->Click Certificate tab--->link "ns-server-certificate" to this internal service.

Problem Cause

Cause 1: local site sending MEP connection 3009 request with NSIP instead of SNIP. Remote site will ONLY listen on NSIP's connection and block all others

Cause 2: The internal service(nshttps-127.0.0.1-443) status is DOWN due to "ns-server-certificate" link missing. The certificate is mandatory for secure MEP connection to encrypt message.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"