Closed Babaloued closed 1 year ago
Hi, The inconsistency makes it a bit more difficult to diagnose, but it sounds like there's something varying in your environment / processes. Are you using the -SkipCertificateCheck switch when you call Remove-F5Session? Are you possibly using different versions of PowerShell in calling this? Cheers, Joel
Hi,
I do not use the -SkipCertificateCheck switch. Here's how I create a new session and kill it at the end.
$F5Session = New-F5Session -LTMName $F5Name -LTMCredentials $Credentials -PassThru
...
Remove-F5Session -F5Session $F5Session
Both commands are used in the same powershell scope
I do not use different versions of Powershell but I, indeed, launch some remote powershell commands via the Invoke-command cmdlet as jobs
Here's what i do in my script:
Disable multiple servers via job but I need to create a new temporary F5Session called $F5SessionDisable as I cannot pass my primary $F5Session in my function via job
Function Disable-FNACNode {
param (
[Parameter(mandatory = $true)]
[string]$F5Name,
[Parameter(mandatory = $true)]
$Credentials,
[Parameter(mandatory = $true)]
[string]$Partition,
[Parameter(mandatory = $true)]
[string]$Server,
[Parameter(mandatory = $true)]
[string]$PoolName,
[switch]$Force
)
$F5SessionDisableNode = New-F5Session -LTMName $F5Name -LTMCredentials $Credentials -PassThru
Write-Host "Disabling node $Server in pool $PoolName"
Disable-PoolMember -F5Session $F5SessionDisableNode -Partition $Partition -PoolName $PoolName -Name $Server -Force:$Force
Remove-F5Session -F5Session $F5SessionDisableNode
}
####### In main script #########
$InitScriptBlockDisable = [scriptblock]::Create(@" function Disable-FNACNode {${function:Disable-FNACNode}} "@)
Try { $ServerInLoad | ForEach-Object { $ScriptBlock = { param($F5Name, $Credentials, $Partition, $PoolName, $Server, $Force)
Disable-FNACNode -F5Name $F5Name -Credentials $Credentials -Partition $Partition -PoolName $PoolName -Server $Server -Force:$Force
}
Write-Host "[DISABLE]Processing node $($_.Name) in $($_.PoolName)..." -ForegroundColor Yellow
$NodeFullName = ($($_.Name), $($_.Port) -join ":")
Start-Job -Name "$($_.Name) - DISABLE - $($_.PoolName)" -InitializationScript $InitScriptBlockDisable -ScriptBlock $ScriptBlock -ArgumentList $F5Name, $Credentials, $_.Partition, $_.PoolName, $NodeFullName, $Force `
| Out-Null
}
Write-Host ">>> Waiting for DISABLE nodes to finish <<<" -ForegroundColor Cyan
Get-Job | Wait-Job | Out-Null
Write-Host "DISABLE nodes finished`n" -ForegroundColor Green
} catch { $_.Exception.Message }
- Launch remote commands with Invoke-Commands cmdlets via jobs (no F5 actions)
- Enable servers with the same method (jobs, create temporary F5session called $F5SessionEnable and kill it at the end of the fonction)
- Kill the general F5Session
I don't think any step above are the issues because it was working fine before. I am clueless on how to find out the root cause and maybe, what i thought is not the problem, is the problem...
I tried to get some network traces but of course, everything went smoothly, without errors...
I will try again later but any tips is appreciated
Regards
Hi, Have you been able to learn anything new about this? If there's some way to piece together the output from the jobs and the calling general session, so that you can see the events chronologically, that might shed some light when the issue reoccurs.
Hi, Sadly, I did not have time to investigate further about it and the current situation (blackfriday + end of the year) is not the best timing for us to play with our production.
I will post more info as soon as i can
Hi,
Sorry for the very late reply. We finally managed to identified the issue.
As you guessed from your first reply, the issue was coming from the certificate (network team didn't gave us the right URL to connect to the F5...) For whatever reason, and we still don't know why, I couldn't get an error while trying to debug but one of my colleague tried from his side and he managed to always get the error pointing the certificate. As soon as we use the right URL or use the -SkipCertificateCheck switch, everything works well.
Hi,
In our production environnement, we are facing issue when trying to delete an F5 session
VERBOSE: Creating F5Session VERBOSE: POST https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx with -1-byte payload VERBOSE: received 816-byte response of content type application/json; charset=UTF-8 VERBOSE: PATCH https://xxxxxxxxxxxxxxxxxxxx/5XT6DA6AFLKKYJK6JSC5Z3VTBU with -1-byte payload VERBOSE: received 597-byte response of content type application/json; charset=UTF-8 VERBOSE: GET https://xxxxxxxxxxxxxxxxxxxxxxxxxxx/mgmt/tm/sys/version/ with 0-byte payload VERBOSE: received 427-byte response of content type application/json; charset=UTF-8 VERBOSE: F5 Session created
Doing some actions like disable pool members, enable pool members...
VERBOSE: DELETE https://xxxxxxxxxxxxxxxxxxxxx/mgmt/shared/authz/tokens/5XT6DA6AFLKKYJK6JSC5Z3VTBU with 0-byte payload We failed to remove the specified session. The error was: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At C:\Program Files\WindowsPowerShell\Modules\F5-LTM\1.4.308\Public\Remove-F5Session.ps1:42 char:9
Sometimes everything works smoothly, sometimes it does not so I don't know how to reproduce the issue
F5 bigIP version : BIG-IP 14.1.4.6 Build 0.0.8 Point Release 6 Module version : 1.4.308
Any help would be appreciate