Access Gateway Web server health check reporting green despite web server being down

  • 7015918
  • 24-Nov-2014
  • 24-Nov-2014

Environment

NetIQ Access Manager 4.0
NetIQ Access Manager 4.0 Support Pack 1 applied
NetIQ Access Gateway Appliance and Service

Situation

Access Manager setup and working well where users could access protected resources behind Access Gateway (AG) after having successfully authenticated to the Identity (IDP) server. One of the Web server applications is downed for maintenance purposes and some test users correctly get 504 HTTP status errors accessing these resources via the AG. The problem is that the healthcheck status on the Admin Console for the web server is GREEN, when the application itself is down.

Looking at the JCC Log file on the AG, we can clearly see that the status is reported as passed, when an error exists ...

<exServiceHealth exHealthStatus="Passed" exServiceName="Reverse Proxy - balancer://bal_firsttimeuseridchange"><exDescription exHealthStatus="Passed">
 
Worker can currently connect to Webserver: 172.17.19.78:35780 Status: INITIALIZED; IN_ERROR;
Time of last error: "16:38:52 Monday 24 November 2014"
        Retries: 1
        Load balance factor: 1
        Number of times elected: 2
        Number of bytes written: 0
        Number of bytes read: 0
      </exDescription>
      </exDescription>
    </exServiceHealth>

Resolution

Apply NAM 4.0 SP1 HF2 or greater.

A bug existed where the AG health check performed against webservers shows a green status when webserver is not listening on standard TCP port (80/443).

Feedback service temporarily unavailable. For content questions or problems, please contact Support.