cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web dispatcher configuration for backend system with F5 front end

former_member790760
Explorer

on ‎02-16-2022 1:47 PM

0 Kudos

We have a request to configure the web dispatcher for backend systems with F5/load balancer as customer facing. We have F5/load balancer as frontend which is connected 2 web dispatcher (SID- WD1 & WD2) in HA setup and backend in the end. We have enabled below parameters in web dispatcher for backend Abap system(ECQ).

#-----------------------------------------------------------------------

# Back-end system configuration

#-----------------------------------------------------------------------

wdisp/system_0 = SID=MIP, MSHOST=cd4-mip-scs, MSPORT=8101, SRCSRV=*:44300, SSL_ENCRYPT=0

#-----ECQ Back-end System----

wdisp/system_1 = SID=ECQ, MSHOST=cd4ecqas1.xxxx.com, MSPORT=8144, SRCSRV=*:44344, SSL_ENCRYPT=0

icm/HTTP/redirect_1 = PREFIX=/, FOR=sapeccqa.xxxx.com, TO=/sap/bc/gui/sap/its/webgui

wdisp/system_conflict_resolution = 1

# SAP Web Dispatcher Ports

#-----------------------------------------------------------------------

icm/server_port_0 = PROT=HTTPS,PORT=44300

icm/server_port_1 = PROT=HTTP,PORT=8000

icm/server_port_2 = PROT=HTTPS,PORT=44344

Customer try to access to backend using VIP url sapeccqa.xxxx.com which is configured at F5 end on port 44344 to web dispacther.

Java backend system (MIP) is working fine but we are facing issue with Abap (ECQ). When customer access the above url and give user/psswd the login page doesn't move any further.

Below is the error at F5 level when testing the port linked to ECQ for MIP the output is different as same is working:

port 44344 sapeccqa[root@xxcxx:Peer Time Out of Sync:In Sync] config # curl -vk https://10.136.28.68:44344
* Rebuilt URL to: https://10.136.28.68:44344/
* Trying 10.136.28.68...
* Connected to 10.136.28.68 (10.136.28.68) port 44344 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=cd4wd1.xxx.com
* start date: Mar 4 00:22:21 2021 GMT
* expire date: Jan 1 00:00:01 2038 GMT
* issuer: CN=cd4wd1.xxx.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x1630150)
> GET / HTTP/1.1
> Host: 10.136.28.68:44344
> User-Agent: curl/7.47.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2.0 404
< content-type:text/html; charset=utf-8
< content-length:1622
< sap-server:true
< sap-perf-fesrec:7925.000000
<
<!DOCTYPE html PUBLIC"-//W3C//DTD HTML 4.01Transitional//EN"><html><head><title>Logon Error Message</title><META http-equiv="Content-Type" content="text/html;charset=UTF-8"><style type="text/css">body { font-family:tahoma,helvetica,sans-serif;color:#333333;background-color:#FFFFFF; }td { font-family:tahoma,helvetica,sans-serif;font-size:70%;color:#333333; }h1 { font-family:tahoma,helvetica,sans-serif;font-size:160%;font-weight:bold;margin-top:15px;margin-bottom:3px;color:#003366; }h2 { font-family:verdana,helvetica,sans-serif;font-size:120%;font-style:italic;font-weight:bold;margin-top:6px;margin-bottom:6px;color:#999900; }p { font-family:tahoma,helvetica,sans-serif;color:#333333;margin-top:4px;margin-bottom:4px; }ul { font-family:tahoma,helvetica,sans-serif;color:#333333;list-style-type:square;margin-top:8px;margin-bottom:8px; }li { font-family:tahoma,helvetica,sans-serif;color:#33333;margin-top:4px; }.emphasize { color:#333333;background-color:#C8E3FF;padding:5px;}.note { color:#CC6600; }a { font-family:tah* Connection #0 to host 10.136.28.68 left intact
oma,helvetica,sans-serif;text-decoration:underline;color:#336699; }a:visited { color:#001166; }a:hover { text-decoration:none; }</style></head><body><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td><h1>Service nicht erreichbar</h1><br><h2>Was ist passiert ?</h2><p></p></td></tr><tr><td> </td></tr><tr><td class="emphasize"><strong>Note</strong><br></td></tr><tr><td> </td></tr><tr><td><p><h2>Was können Sie tun ?</h2></ul><br/><p class="note"></p><br/><p>HTTP 404 - Not found<br><p> Ihr SAP Internet Communication Framework Team</p></td></tr></table></body></html>

port 44300 cd4lb1[root@xcxc:Peer Time Out of Sync:In Sync] config # curl -vk https://10.136.28.68:44300
* Rebuilt URL to: https://10.136.28.68:44300/
* Trying 10.136.28.68...
* Connected to 10.136.28.68 (10.136.28.68) port 44300 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=cd4wd1.xxxx.com
* start date: Mar 4 00:22:21 2021 GMT
* expire date: Jan 1 00:00:01 2038 GMT
* issuer: CN=cd4wd1.xxxx.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x232c150)
> GET / HTTP/1.1
> Host: 10.136.28.68:44300
> User-Agent: curl/7.47.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2.0 302
< location:https://10.136.28.68:44300/index.jsp
< server:SAP NetWeaver Application Server 7.53 / AS Java 7.50
< content-length:0
< date:Thu, 10 Feb 2022 16:53:04 GMT
<
* Connection #0 to host 10.136.28.68 left intact*****

ICM logs at ECQ end :

HttpPlugInHandleNetData(rqid=32/382250/1): role: Server(1), status: 1
[Thr 139844849501952] content-length: 0/0, buf_len: 2663, buf_offset: 0, buf_status: 0
[Thr 139844849501952] HTTP_TIMER: 0, pfclock: 3554745169
[Thr 139844849501952] ICT: IctIHttpOpenMessage: 7f2ff4020a90 typ=1
[Thr 139844849501952] IctCheckIfValidHostname: Check [sapeccqa.xxx.com] len 21
[Thr 139844849501952] HttpParseRequestHeader: content length: 488
[Thr 139844849501952] HttpParseRequestHeader: no transfer-encoding set
[Thr 139844849501952] HttpParseRequestHeader: Version: 1001
[Thr 139844849501952] HttpParseRequestHeader: Keep-Alive: 1
[Thr 139844849501952] HttpParseRequestHeader: no server port set
[Thr 139844849501952] HttpHandleCertificate: do not accept forwarded cert via HTTP
[Thr 139844849501952] HTTP request (raw) [32/382250/1]:
[Thr 139844849501952] POST /sap/bc/gui/sap/its/webgui HTTP/1.1
[Thr 139844849501952] host: sapeccqa.xxx.com
[Thr 139844849501952] connection: keep-alive
[Thr 139844849501952] content-length: 488
[Thr 139844849501952] cache-control: max-age=0
[Thr 139844849501952] sec-ch-ua: " Not;A Brand";v="99", "Microsoft Edge";v="97", "Chromium";v="97"
[Thr 139844849501952] sec-ch-ua-mobile: ?0
[Thr 139844849501952] sec-ch-ua-platform: "Windows"
[Thr 139844849501952] origin: https://sapeccqa.xxx.com
[Thr 139844849501952] upgrade-insecure-requests: 1
[Thr 139844849501952] dnt: 1
[Thr 139844849501952] content-type: application/x-www-form-urlencoded
[Thr 139844849501952] user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.469
[Thr 139844849501952] accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/si
[Thr 139844849501952] sec-fetch-site: same-origin
[Thr 139844849501952] sec-fetch-mode: navigate
[Thr 139844849501952] sec-fetch-user: ?1
[Thr 139844849501952] sec-fetch-dest: document
[Thr 139844849501952] referer: https://sapeccqa.xxx.com/sap/bc/gui/sap/its/webgui
[Thr 139844849501952] accept-encoding: gzip, deflate, br
[Thr 139844849501952] accept-language: fr-CA,fr;q=0.9,fr-FR;q=0.8,en-CA;q=0.7,en;q=0.6,en-US;q=0.5,en-GB;q=0.4
[Thr 139844849501952] cookie: _hjSessionUser_2571840=eyJpZCI6IjBjMmU0YzgwLTgzMzQtNTFiYi05NzE3LTkxNTBlMDZkYTNiNSIsImNyZWF0ZWQiOjE2M
[Thr 139844849501952] x-forwarded-proto: https
[Thr 139844849501952] clientprotocol: https
[Thr 139844849501952] ssl_cipher_usekeysize: 128
[Thr 139844849501952] ssl_cipher_suite: c02f
[Thr 139844849501952] Connection Info: role=Server, local=cd4ecqas1.xxx.com:80, peer=10.136.28.68, protocol=HTTP
[Thr 139844849501952] Fri Feb 4 13:30:28:308 2022
[Thr 139844849501952] IcmPlSetIsBrowser: IsBrowser flag successfully set to 1
[Thr 139844849501952] sap-cancel-on-close not found
[Thr 139844849501952] DpPlgGetVirtHost: search virt host for 1/sapeccqa.xxx.com/80
[Thr 139844849501952] DpPlgGetVirtHost: no server defined, use default
[Thr 139844849501952] HttpGetVirtHost: use virt_host_idx 0 for sapeccqa.xxx.com:80
[Thr 139844849501952] HttpSrvHdlRequest: method: 2; path: /sap/bc/gui/sap/its/webgui
[Thr 139844849501952] Handler 0: HttpLogHandler matches url: /sap/bc/gui/sap/its/webgui
[Thr 139844849501952] Handler 1: HttpAuthHandler matches url: /sap/bc/gui/sap/its/webgui
[Thr 139844849501952] Handler 2: HttpModHandler matches url: /sap/bc/gui/sap/its/webgui
[Thr 139844849501952] Handler 3: HttpCacheHandler matches url: /sap/bc/gui/sap/its/webgui
[Thr 139844849501952] Handler 9: HttpSAPR3Handler matches url: /sap/bc/gui/sap/its/webgui

Thanks,

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (0)

Ask a Question