ProxySG- TCP_NC_MISS- cannot access the application

I need a solution

Hi Team,

When we are accessing the lsapl application (https://egs-lsapl-02.singaporeair.com.sg) we are getting error.

While we are checking those error we found below logs:

PROXIED “none” – 200  TCP_NC_MISS POST  https://egs-lsapl-02.singaporeair.com.sg 8443/ SMTSERVERweb/post services …….

Please find the attached error screenshot for reference.

We have checke below KB articles but we are not sure that the issue related to this(in KB the error for 404 code but in our case its 200)

https://support.symantec.com/en_US/article.TECH242…

Below defined the code:

TCP-NC_miss: The object returned from the origin server was noncacheable

Proxy version: 6.2.15.6

Please advice to proceed further.

Thanks,

Ram.

0

Related:

  • No Related Posts

ProxySG | If access first page https website cannot access internet

I need a solution

Dear All

   My Customer connect proxy type Transparent and not intercept SSL  Authentication with IWA BCAAA

i have issue about if client access to internet first page is HTTPS cannot access internet because cannot authen but if client access first page  is Http  will be fine normal to acess internet

i know this issue it happen because not intercept SSL.

   if cannot intercept ssl who have work around for this issue please recommend.

Thank you so much for your help.

Best Regards,

Chakuttha R.

0

1527475810

Related:

  • No Related Posts

7022987: Error 4701 “Server services not running”

This document (7022987) is provided subject to the disclaimer at the end of this document.

Environment

Verastream Host Integrator

Situation

  • Connection attempts by a remote client fail with error ID 4701 “Server services not running.”
  • Session server log (viewed in Administrative Console; see also KB 7021303) contains error MessageID 3152 “Allocated session timed out waiting for client connection.”
  • Local connections on the server (such as with SOAP Services tester) work fine.
  • Firewall or device with Network Address Translation (NAT) may be between the server and client, or the server’s machine name may not be resolvable from the client system.

Resolution

With version VHI 7.5 or higher:
  1. Temporarily stop the session server service. (See also KB 7021352.)
  2. Manually edit the %VHI_ROOT%/etc/sesssrvr.config file in a text editor to set the ApptrieveServer > Server property to the fully qualified host name or IP address as the server is known on the client’s side of the network.
  3. Save the edited file and start the session server service.

Cause

The client connector is able to establish the initial connection to the session server to request the session, and the server readies the session and tells the client the address to connect to it, but the client fails to make the secondary connection. That is, the client can’t connect to the address the server told it to use. The session server must be configured to tell clients (connectors, Design Tool, and model deployment utilities) to use a different address.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

Re: Re: Change Password for Access Key by Object User

If you have configured the AD authentication provider correctly in ECS, any AD user within the search base should be able to authenticate into the management API and obtain a X-SDS-AUTH-TOKEN token.

curl -L –location-trusted -k https://10.247.100.247:4443/login -u “my_ad_user@domain.com:ChangeMe” -v

The curl command above will work without my_ad_user@domain.com existing as a local object user in ECS. This will at least confirm if you have AD configured correctly in ECS. If you can’t get the X-SDS-AUTH-TOKEN, you likely have something configured incorrectly in the AD Auth Provider within ECS.

Once you have a token, you can attempt to generate a secret key. However, you first need to configure the domain portion of a namespace so that when my_ad_user@domain.comgenerates a secret key, ECS can map them to your desired namespace and insert them as a local object user.

Have a look here at example of what the curl commands would look like using an AD user and obtaining a secret key: https://130820690509421904.public.ecstestdrive.com/share/BagOfTricks-CurlWithLDAPUsers.docx

Related:

  • No Related Posts

SEPM certificate replacement

I need a solution

Hello,

Long story short despite my previous post and thoughts about traffic over HTTP/HTTPS. Is it possible to replace SEPM certificate having only one port (443 in this case) open from client servers to SEPM? Theoretically should be possible as apache accepts custom ports but anyone here tried that? 

Best regards

0

Related:

  • No Related Posts

Accesslog analysis query

I need a solution

Hi Team,

One of our customer looking for the accesslog information (each section). We couldnt find any document related to this.

please help us to understand each section of the accesslogs.

=======================================================================================================================================

We configured the Bluecoat to send log to Reporter and the log format should be  ‘bcreportermain_v1’ , below is its log format while it seems doesn’t match with the log entry.

Many field contain IP/URL information (e.g. cs_Referer, cs_host, dest, dest_host, http_referrer, s_supplier_ip, s_supplier_name, url, etc.), I want to know the meaning of each field.

Log format of ‘bcreportermain_v1’,

date time time-taken c-ip cs-username cs-auth-group x-exception-id scfilter-

result cs-categories cs(Referer) sc-status s-action cs-method

rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uriquery

cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virusid

An example for a log entry,

2018-05-09 02:20:13 68 186.16.184.5 – – pagead2.googlesyndication.com 172.217.25.2 None – – OBSERVED “Web Ads/Analytics” http://hk.on.cc/hk/bkn/cnt/finance/20180503/bkn-20180503090146024-0503_00842_001.html  204 TCP_NC_MISS GET text/html;%20charset=UTF-8 http pagead2.googlesyndication.com 80 /pagead/gen_204 ?id=vpaid_adapter_js&event=init&vps=0.795292869681004&wt=1525832413389&sdkv=h.3.208.0&xai=AKAOjssa_ds3QNpTUO-AJjPRcwucQ-8xb1g3aRKck52RZ6sqxa4CMJXuV0cP5aocBZJS15HzjqBIFRWNkD0GXSsLK7F2EXO0Ll9J0CvewoiXAmGYkHgMng4GjxCys4r6f6v8NBeKPgrrpqXgoHWW8TSdfEbgKnzkGwBFpWmBL5icTJcGkYLHvWBe-3S1izhq2B2clj1ovZd2LM8iOrdcEWhv04Dsxcx3y8mVl3R4LZCp4DgfSfihv_4TjsBiQNTktUmdPT7HVln1tpBewdK1kXFUX6s_MY3qr81AP5Wri0TmwvcAFfRXuU_Wva1NMcXrpKKMX7lerIFiQtjyDNZ0ozuM_Fmo0EH1s42hzHyOxRNc4K-vwRP0pnalG3MR-CwNtS_teVd0aYlrTQH39Hteb5tGj4zuIBGHnxXmc9Z69pRjCfe4Eb_BlBabzxiIS7LHQ7OK5tp8FBHt899zxICfYCgxX1MZbmzzoUeCYxa8hpvQREHg8tQSWyOeJLcl41hmSV5gOmHO3Fl0069_YoUFYPbqHXxie_8UstobRw49LsYAyqFuCBsp8BdJeElp3OF-tHOZP77hZVICyQDeaf1c3byv8OKZfpCKlXqZg773mu-NkGHG54jkj4KtmOeLOGyL2NcBXixeJF_JwgHIMRmfV1U6SHiTUoU0lY09q5cK-b30lL_SqrW8jQG7WkrJaQBdk7oIBjqyIh2iBESOgE9PmgC3b5_AwzoJcVFHnj8fTSJacfDg-Wsio2_hYLJo_dNwW8ZftJAcdibVl3GhEAyAasvjdeigWHG-DidYKkkh&url=2,http://hk.on.cc/hk/bkn/cnt/finance/20180503/bkn-20180503090146024-0503_00842_001.html$0 – “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36” 186.16.216.1 496 1569 – “unavailable” “unavailable” unavailable 213cfd70961615d9-00000000bafc0d97-000000005af25add – –

========================================================================================================================================================

Thanks,

Ram.

0

Related:

  • No Related Posts

Re: Is it possible to upgrade Avamar clients to 7.5.1 prior to upgrading the server to get a head start?

Yes, this is possible, providing that the Avamar client release is compatible with the Avamar server version.

Check the compatibility guide and select the report for Server/Client/Replication Compatibility

You can then refer to the following document

https://support.emc.com/docu8622_Avamar-Client-Only-System-Upgrades-Technical-Note.pdf?language=en_US

Further information and links to the client download packages themselves are available in KB 336028 – FTP Links to the latestclientAVPpackages



This is intended to be a customer administration activity so the above links should all be reachable and the procedure is quite straightforward.

Related:

  • No Related Posts

NetScaler Integrated Caching Counters

This article contains information about the newnslog Integrated Caching counters, their SNMP counterpart, and a brief description of the counters.

Using the Counters

Log on to the NetScaler using an SSH client, change to SHELL, navigate to the /var/nslog directory, and then use the ‘nsconmsg’ command to see comprehensive statistics using the different counters available. For the detailed procedure refer to Citrix Blog – NetScaler ‘Counters’ Grab-Bag!.

The newnslog Integrated Caching counters

The following table lists the different newnslog Integrated Caching counters, a brief description of the counter, and the matching SNMP object name.

newnslog Counter

SNMP OID

Description

cac_tot_req

cacheTotRequests

Total cache hits plus the total cache misses.

cac_cur_pcb_hit

cacheCurHits

This number should be close to the number of hits being served currently.

cac_tot_non304_hit

cacheTotNon304Hits

Total number of full (non-304) responses served from the cache. A 304 status code indicates that a response has not been modified since the last time it was served.

cac_tot_304_hit

cacheTot304Hits

Object not modified responses served from the cache.

(Status code 304 served instead of the full response.)

cache_tot_hits

cacheTotHits

Responses served from the integrated cache. These responses match a policy with a CACHE action.

cache_percent_304_hits

cachePercent304Hits

304 responses as a percentage of all responses that the NetScaler appliance served.

cache_percent_hits

cachePercentHit

Cache hits as percentage of the total number of requests.

cache_recent_percent_304_hits

cacheRecentPercent304Hits

Recently recorded ratio of 304 hits to all hits expressed as percentage

cache_recent_percent_hit

cacheRecentPercentHit

Recently recorded cache hit ratio expressed as percentage.

cac_cur_pcb_miss

cacheCurMisses

Responses fetched from the origin and served from the cache. Should approximate storable misses. Does not include non-storable misses.

cache_tot_misses

cacheTotMisses

Intercepted HTTP requests requiring fetches from origin server.

cache_tot_storable_misses

cacheTotStoreAbleMisses

Cache misses for which the fetched response is stored in the cache before serving it to the client. Storable misses conform to a built-in or user-defined caching policy that contains a CACHE action.

cache_tot_non_storable_misses

cacheTotNonStoreAbleMisses

Cache misses for which the fetched response is not stored in the cache. These responses match policies with a NOCACHE action or are affected by Poll Every Time.

cache_tot_revalidation_misses

cacheTotRevalidationMiss

Responses that an intervening cache revalidated with the integrated cache before serving, as determined by a Cache-Control: Max-Age header configurable in the integrated cache.

cache_tot_full_to_conditional_request

cacheTotFullToConditionalRequest

Number of user-agent requests for a cached Poll Every Time (PET) response that were sent to the origin server as conditional requests.

cache_percent_storable_miss

cachePercentStoreAbleMiss

Responses that were fetched from the origin, stored in the cache, and then served to the client, as a percentage of all cache misses.

cache_recent_percent_storable_miss

cacheRecentPercentStoreAbleMiss

Recently recorded ratio of storable misses to all misses expressed as percentage.

cache_percent_successful_reval

cachePercentSuccessfulRevalidation

Percentage of times stored content was successfully revalidated by a 304 (Object Not Modified) response rather than by a full response

cache_recent_percent_successful

_reval

cacheRecentPercentSuccessful

Revalidation

Recently recorded percentage of times stored content was successfully revalidated by a 304 response rather than by a full response

cache_tot_successful_revalidation

cacheTotSuccessfulRevalidation

Total number of times stored content was successfully revalidated by a 304 Not Modified response from the origin.

cache_percent_byte_hit

cachePercentByteHit

Bytes served from the cache divided by total bytes served to the client. If compression is On in the NetScaler, this ratio might not reflect the bytes served by the compression module. If the compression is Off, this ratio is the same as cachePercentOriginBandwidthSaved.

cache_recent_percent_byte_hit

cacheRecentPercentByteHit

Recently recorded cache byte hit ratio expressed as percentage. Here we define byte hit ratio as ((number of bytes served from the cache)/(total number of bytes served to the client)). This is the standard definition of Byte Hit Ratio. If the compression is turned ON in the NetScaler appliance, then this ratio does not mean much. This might under or overestimate the origin-to-cache bandwidth saving depending upon whether bytes served by CMP in NetScaler are more or less than compressed bytes served from the cache. If CMP is turned OFF in the NetScaler appliance, then this ratio is the same as cacheRecentPercentOriginBandwidthSaved.

cactor_max32_res_so_far

cacheLargestResponseReceived

Size, in bytes, of largest response sent to client from the cache or the origin server.

cache_tot_resp_bytes

cacheTotResponseBytes

Total number of HTTP response bytes served by the NetScaler appliance from both the origin and the cache.

cache_bytes_served

cacheBytesServed

Total number of bytes served from the Integrated Cache.

cache_comp_bytes_served

cacheCompressedBytesServed

Number of compressed bytes served from the cache.

cac_tot_parameterized_inval_req

cacheTotParameterizedInvalidation

Requests

Requests matching a policy with an invalidation (INVAL) action and a content group that uses an invalidation selector or parameters.

cac_tot_non_parameterized

_inval_req

cacheTotNonParameterized

InvalidationRequests

Requests that match an invalidation policy where the invalid Groups parameter is configured and expires one or more content groups.

cac_tot_inval_nostore_miss

cacheTotInvalidationRequests

Requests that match an invalidation policy and result in expiration of specific cached responses or entire content groups.

cache_percent_origin_

bandwidth_saved

cachePercentOriginBandwidth

Saved

Percentage of origin bandwidth saved, expressed as number of bytes served from the integrated cache divided by all bytes served. The assumption is that all compression is done in the NetScaler appliance.

cache_recent_percent_origin

_bandwidth_saved

cacheRecentPercentOrigin

BandwidthSaved

Bytes served from cache divided by total bytes served to client. This ratio can be greater than 1 because of the assumption that all compression has been done in the NetScaler appliance.

cactor_tot_expire_at_last_byte

cacheTotExpireAtLastByte

Instances of content expiring immediately after receiving the last body byte due to the Expire at Last Byte setting for the content group.

cac_tot_enable_flashcache

cacheTotFlashcacheMisses

Number of requests to a content group with flash cache enabled that were cache misses. Flash cache distributes the response to all the clients in a queue.

cac_tot_delayed_logging

cacheTotFlashcacheHits

Number of requests to a content group with flash cache enabled that were cache hits. The flash cache setting queues requests that arrive simultaneously and distributes the response to all the clients in the queue.

cac_tot_parameterized_non304_hit

cacheTotParameterizedNon304Hits

Parameterized requests resulting in a full response (not status code 304: Object Not Updated) served from the cache.

cactor_tot_parameterized_req

cacheTotParameterizedRequests

Total number of requests where the content group has hit and invalidation parameters or selectors.

cac_tot_parameterized_304_hit

cacheTotParameterized304Hits

Parameterized requests resulting in an object not modified (status code 304) response.

cache_tot_parameterized_hits

cacheTotParameterizedHits

Parameterized requests resulting in either a 304 or non-304 hit.

cache_percent_parameterized

_304_hits

cachePercentParameterized304Hits

Percentage of parameterized 304 hits relative to all parameterized hits.

cache_recent_percent_

parameterized_hits

cacheRecentPercentParameterized

Hits

Recently recorded ratio of parameterized 304 hits to all parameterized hits, expressed as a percentage

cactor_tot_pet_with_nostore_reval

cacheTotPetRequests

Requests that triggered a search of a content group that has Poll Every Time (PET) enabled (always consult the origin server before serving cached data).

cache_tot_pet_hits

cacheTotPetHits

Number of times a cache hit was found during a search of a content group that has Poll Every Time enabled.

cache_percent_pet_hits

cachePercentPetHits

Percentage of cache hits in content groups that have Poll Every Time enabled, relative to all searches of content groups with Poll Every Time enabled.

cache_max_mem

cacheMaxMemoryKB

Largest amount of memory the NetScaler appliance can dedicate to caching, up to 50% of available memory. A 0 value disables caching, but the caching module continues to run.

cache64_max_mem

cache64MaxMemoryKB

Largest amount of memory the NetScaler appliance can dedicate to caching, up to 50% of the available memory. A 0 value disables caching, but the caching module continues to run.

cache_max_mem_active

cacheMaxMemoryActiveKB

Currently active value of maximum memory.

cache_utilized_mem

cacheUtilizedMemoryKB

Amount of memory the integrated cache is currently using.

cactor_cur_hash

cacheNumCached

Responses currently in integrated cache. Includes responses fully downloaded, in the process of being downloaded, and expired or flushed but not yet removed.

cache_cur_marker_cell

cacheNumMarker

Marker objects created when a response exceeds the maximum or minimum size for entries in its content group or has not yet received the minimum number of hits required for items in its content group.

cactor_err_no_buf

cacheErrMemAlloc

Total number of times the cache failed to allocate memory to store responses.

Related:

  • No Related Posts

How to redirect URL in exception.user-defined.my_exception

I need a solution

Hi

I would like to ask about Exception Page with http code 307, I can see that we can config HTTP code but what about another header just like Location on HTTP code 307 could you please advise if we would like to use exception page with HTTP 307 redirection.

Just like in below code if I put “307” instead of “200” where should I config the destination URL to redirect for example redirect to http://www.cnn.com

(exception.user-defined.my_exception
(http
(code “200”) << I put “307” instead of “200”
(format <<–myexception–
–myexception–
)
)
)

================================================================================================

My customer not accept this code look like this 

(exception.user-defined.my_exception

(http

(code “307”)

(format <<–myexception–

<html lang=”en-US”>

    <head>

        <meta charset=”UTF-8″>

        <meta http-equiv=”refresh” content=”1;url=http://www.cnn.com”>

        <script type=”text/javascript”>

            window.location.href = “http://www.cnn.com”

        </script>

        <title>Page Redirection</title>

    </head>   

</html>

–myexception–

)

)

)

)

BR 

PK

0

Related:

  • No Related Posts