VMware Workspace ONE Community
mjpagan
Enthusiast
Enthusiast

External access stops after a couple of hours

I have exposed my gateway via HTTPS and it works for a couple of hours but then it stops.  I can see my traffic passing my firewall but the browsers/clients time out.  During this time the webpage/clients work internally.  If I reboot the whole vApp (I don't know if i can reboot the individual gateway-va or login and restrart an individual process) and it works for a while.

Anyone have any ideas on what I can look for or what service I can restart to get the HTTPS service going again?

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Tags (3)
Reply
0 Kudos
20 Replies
sravuri
VMware Employee
VMware Employee

We should not have to restart the vapp. Let us try to figure out what is happening.

When this happens, can you check the logs on gateway-va, at /opt/vmware/nginx/logs

Do you see any requests recorded in access.log or error.log?

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

Any recommended way to get that log file off? SCP I would assume?

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
sravuri
VMware Employee
VMware Employee

Yes, scp please.

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

Here are the access.log and error.log.  I changed the my actually domain name to domain.com.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
sravuri
VMware Employee
VMware Employee

To make sure we look at the correct portion of logs, what time did the external access stop working

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

The last time I rebooted it was 3/8/2013.  I don't remember how long before the external access stopped.  I'd guess before midnight.  I could reboot it now and have a better reference if that will be more helpful.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
Schoppert
VMware Employee
VMware Employee

Thanks for the logs, but something seems off.  Can you also attach the following files from the gateway :

/opt/vmware/nginx/conf/nginx.conf

/opt/vmware/nginx/conf/gen/upstream-6035.conf

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

I agree.  This afternoon I rebooted the gateway-va but it didn't fix it. I powered off the whole vApp and it appeared to fix it (I had also changed the NAT to point to another web server so I knew the IP still worked an switched it back).  It worked for a while but died again this evening.

Tonight after it died I tried pushing firewall policy again (just because) and I switched the NAT to point to another web server (whiche worked) then back to the gateway-va (still does not work).  I have not rebooted any VMs to attempt to fix it.  I have attached the log files from my deployment that you requested.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
Schoppert
VMware Employee
VMware Employee

No smoking gun there.

From the earlier logs, it appeared the gateway was having some trouble either getting to the members of the vApp.   In your network setup, are there any restrictions on what ports can be accessed from machines within the vApp ... specifically with regards to the gateway ?

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

I don't think so.  All VAs are in the same network and there's no firewall in the way.  I just deployed the vApp and haven't made any configuration changes on the VAs at all.

I wonder if the errors with communication were during or right after i shutdown the VAs and powered them back on?

Do you know of a command i can run on the gateway-va to restart the web service to see if that temporarily fixes it?

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
Schoppert
VMware Employee
VMware Employee

There is no command to restart all services across all machines.

You can restart the individual services (on the respective vms) as follows :

    gateway : /etc/rc.d/nginx restart

    app manager ( aka service ) : /etc/rc.d/horizon-frontend restart

    data : /etc/rc.d/zimbra restart

    connector : /etc/rc.d/tcserver-c2 restart

I would try the above, in order, to see if any resolve the issue ( temporarily ).

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

I tried restarting the services one by one and tested if it was fixed in the following aorder: gateway,service, connector, gateway but none of the restarts fixed the issue.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
Schoppert
VMware Employee
VMware Employee

I assume the second gateway reference in your list was "data" ?

On the configurator, does the listvms command show all the appropriate machines ?

     hznAdminTool listvms

From the outside, can you get to this page :

  https://<gateway>/SAAS/get-status.do

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

It appears that all the neccesary VAs are there.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

Has anyone run into this issue?  I just verified that a shutdown and a power on of the vApp fixes the issue temporarily.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
pbjork
VMware Employee
VMware Employee

I've not had the exact same issue as you but had my Configurator crashing on me now and then. I ended up giving it one more vCPU and 1GB extra RAM. Since then it is rock solid. Perhaps you could try adding little more resources to your appliances?

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

How could you tell it was crashing?  Freezing up or rebooting itself?  That's a good idea I'll have to give that a try.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos
pbjork
VMware Employee
VMware Employee

The web interface just stopped responding.

Reply
0 Kudos
mjpagan
Enthusiast
Enthusiast

Anyone else seeing the same thing?  I reboot the gateway-va and it works for a while but then stops working for external access but continues to work internally.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
Reply
0 Kudos