New section, new idea for lbdigest. It’s called (creatively) “Ask Tony”. Email me a question, and I’ll answer it on this blog. If you’ve got a question relating to load balancing, SSL acceleration, traffic management, etc., I’ll do my best to answer it, and hopefully the answer will help others as well.
Send an email to tony @ lb digest dot com
Hi Tony,
In one of our projects, we have chnaged from Arrow Point to ACE. After shifting from Arrowpoint to ACE, we been observing “SSL protocol error when attempting to connect to the host ‘xyz.com’” during the load test. Where as the same load test scenario doesnot give this errors for Arrowpoint as load balancers.
When we checked the logs from the load test tool, we observed “SSL protocol error when attempting to connect to the host ‘xyz.com’” as a warning from the begining of the test for every hit made to the server by every user.
Some details about application:
Application built on an architecture that utilizes WebSphere Portal Server (WPS), WebSphere Application Server (WAS), GMI, UDB, & SQL Server.
Technologies utilized are Java, J2EE, portal/portlets, AJAX, Web Services, JMS, & Message Driven Beans.
The Reporting portion of application also utilizes Cognos.
Kindly provide your thoughts on this!
Hello Satish,
Where in the setup is the error coming from? The ACE logs, server logs, load generation log, or other?
-Tony
The network team is not seeing any these errors in their packet/sniffer logs, as well the development guys not seeing in the app/web server logs. I am seeing these messages only in the load test tool log.
One more observation i found from the tool log is that, these errors are started once we connect to the Cognos. In reality Cognos opens a new window from the original application,on clicking the cognos link.
Hrm, that’s a rather ambiguous error, and Google (probably your first look) doesn’t show anything.
Could it be an SSL certificate issue? Perhaps you’re testing with a self-signed, or a hosts entry not updated on the test box, creating a certificate mis-match or non-trusted warning?
Also, if you have OpenSSL (included on virtually all Linux/Unix/BSD boxes, or can be downloaded for Windows), you can run the following command:
openssl s_client -host 192.168.0.200 -port 443
Replace the IP and port of course, and this will initiate a debugging SSL session. You can check that output for very specific errors.
first of all thanks for the info!
Google was my first look..offcourse for evry1
I even suggested that this cld be a certificate issue. basically i am just a performance tester, and my access to everything is very limited.
i will put your words before my team and will update you on the same.
One more question? on which machines do i have to use this command ..loadagent?
Hi Satish,
You can run it on any system that has access to the virtual service on the ACE. It’s a neat little tool, great for troubleshooting SSL connections.