IT Process Automation

Hello,

I'll preface saying we are very new to PAM.  We have it stood up in a dev environment but it's a single server.  We're trying to setup a PAM Domain Orchestrator cluster in a UAT environment.  We followed the implementation specs and receive a Connection Reset error in our browser.  I was wondering if anyone who's using F5 load balancing could chime in here an suggest where we may have gone wrong.  I don't have access to modify the F5 config but have a network engineer who can alter it for me.  We have a CA support case open and they've mentioned we need to perform a trace at the bipip layer, but our network engineer doesn't have the resources to do that at the moment.

Any advice is appreciated, screenshot of the setup below.  This follows the unsecure simplified configuration.  Once this is working we plan to move to a secured simplified configuration.

PAMPOOL and Nodes (PAM hasn't been installed on Node 2 yet as the F5 config is a pre-req)

PAMWSPOOL and Nodes

iRule

when SERVER_CONNECTED {
IP::idle_timeout 172800000
}
when HTTP_REQUEST {
set PAMPOOL "PAMSRVRPOOL" 
set PAMWSPOOL "PAMJETTYPOOL" 
set NODE1 "10.254.25.87" 
set NODE2 "10.254.25.88" 
set WSPORT "80" 
switch -glob [HTTP::uri] {
"/jmx-console*" { pool $PAMPOOL }
"/web-console*" { pool $PAMPOOL }
"/c2orepository*" { pool $PAMPOOL }
"/c2orepository/oasisHelp*" { pool $PAMPOOL }
"/c2orepository/htmlFile/aboutUs/*" { pool $PAMPOOL }
"/c2orepository/htmlFile/language/*" { pool $PAMPOOL }
"/c2orepository/htmlFile/installation/*" { pool $PAMPOOL }
"/c2orepository/media*" { pool $PAMPOOL }
"/c2orepository/thirdParty*" { pool $PAMPOOL }
"/c2orepository/MainInstallerConfiguration.properties" { pool $PAMPOOL }
"/itpam*" { pool $PAMPOOL }
"/itpam/ServerConfigurationRequestServlet" { pool $PAMPOOL }
"/itpam/MirroringRequestProcessor*" { pool $PAMPOOL }
"/itpam/AgentConfigurationRequestServlet" { pool $PAMPOOL }
"/itpam/StartAgent*" { pool $PAMPOOL }
"/itpam/OasisPrimary" { pool $PAMPOOL }
"/itpam/JNLPRequestProcessor*" { pool $PAMPOOL }
"/itpam/JNLPRequestProcessor/installation" { pool $PAMPOOL }
"/itpam/clientproxy/c2oresourceaction" { pool $PAMPOOL }
"/itpam/clientproxy/c2oreportaction" { pool $PAMPOOL }
"/mirroringrepository*" { pool $PAMPOOL }
"/birt/*" { pool $PAMPOOL }
"/api/*" { pool $PAMPOOL }
"/ws/node1" { pool $PAMWSPOOL member $NODE1 $WSPORT }
"/ws/node1*" { pool $PAMWSPOOL member $NODE1 $WSPORT }
"/ws/node2" { pool $PAMWSPOOL member $NODE2 $WSPORT }
"/ws/node2*" { pool $PAMWSPOOL member $NODE2 $WSPORT }
"/*" { pool $PAMWSPOOL }
default { pool $PAMPOOL }
}
}

iRule statistics (Failure is logged each time I hit the URL, processautomation-qa.chq.ei/itpam)

Nodes

Node1 general properties

Virtual Server General Properties

Virutal Server configuration

Virtual Server Resources

Connection reset error

successful ping test

Grant,

From what you have posted you have F5 setup as per the documentation, and it unless someone with a more experienced F5 eye notices something slightly off, I would suggest this should be working. 

This is something you will need your F5 administrators to investigate.

Thanks for the reply Michael,

I'm hopeful someone with a similar setup can compare their working config with my config. Our single f5 resource has other duties and supports ~300 applications in f5, he doesn't  have time at the moment to troubleshoot third party irule configurations. We only have one two third party applications using irules, so this is out of his expertise.