[lvs-users] Random "Page cannot be displayed" with IE and SSL through LVS loadbalancing

["Daniel Kerrutt" <d.kerrutt@xxxxxxxxxxxxxx>]

Hi -
I posted this subject to microsoft.public.internetexplorer.general,
but wanted to ask for help here, too.


I have a problem while connecting to a loadbalanced website via SSL.
Sometimes IE is displaying an "Page cannot be displayed" error
message. Sometimes the error is happening instantly, sometimes after
entering the URL 3-4 times.

Server software is Apache 2.2 / mod_ssl
Keep-Alive is forced to turn off with the following configuration
statement with SSL connections:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

I'll describe what is happening:

Client sends SYN
Server sends SYN ACK
Client sends ACK

Client sends PSH ACK (SSL Hello Client)
Server sends ACK (SSL Hello Server)
Server sends ACK (SSL Cert)
Server sends PSH ACK (SSL Cert cont.)

Usually the client is sending it's SSL Handshake on a successful
request. But instead it is closing the connection immediately:

Client sends ACK FIN
Server sends ACK FIN
Client sends ACK

And a "Page cannot be found error" occours.

The error is similar to the one mentioned in KB 305217 [1], but keep-
alive is definitely turned off.
Also, the error is happening only when connecting through a LVS
loadbalancing. Connecting the server directly works fine w/o any
problems.

I tried to debug with wininet.dll. At the time the client should send
its handshake, the debug log is showing the following:

19:47:25.556 00000e8c:<app> 001 InternetQueryOptionA(0x0,
INTERNET_OPTION_LINE_STATE (50), 0x12e88c, 0x12e888 [4])
19:47:25.556 00000e8c:<app> 001   option data:
19:47:25.556 00000e8c:<app> 001   4 (0x4) bytes @ 0x12e88c
19:47:25.556 00000e8c:<app> 001   0012e88c  01 00 00 00
                       ....
19:47:25.556 00000e8c:<app> 001 InternetQueryOptionA() returning TRUE

19:47:25.556 00000e8c:<app> 001 InternetQueryOptionA(0x0,
INTERNET_OPTION_LINE_STATE (50), 0x12e704, 0x12e700 [4])
19:47:25.556 00000e8c:<app> 001   option data:
19:47:25.556 00000e8c:<app> 001   4 (0x4) bytes @ 0x12e704
19:47:25.556 00000e8c:<app> 001   0012e704  01 00 00 00
                       ....
19:47:25.556 00000e8c:<app> 001 InternetQueryOptionA() returning TRUE

19:47:25.557 00000e8c:<app> 001 InternetQueryOptionA(0x0,
INTERNET_OPTION_LINE_STATE (50), 0x128e38, 0x128e34 [4])
19:47:25.557 00000e8c:<app> 001   option data:
19:47:25.557 00000e8c:<app> 001   4 (0x4) bytes @ 0x128e38
19:47:25.557 00000e8c:<app> 001   00128e38  01 00 00 00
                       ....
19:47:25.557 00000e8c:<app> 001 InternetQueryOptionA() returning TRUE

19:47:25.565 00000e8c:<app> 001 InternetQueryOptionA(0x0,
INTERNET_OPTION_LINE_STATE (50), 0x12e8a4, 0x12e8a0 [4])
19:47:25.565 00000e8c:<app> 001   option data:
19:47:25.565 00000e8c:<app> 001   4 (0x4) bytes @ 0x12e8a4
19:47:25.565 00000e8c:<app> 001   0012e8a4  01 00 00 00
                       ....
19:47:25.565 00000e8c:<app> 001 InternetQueryOptionA() returning TRUE

19:47:25.565 00000e8c:<app> 001 InternetCloseHandle(0xcc000c)
19:47:25.565 00000e8c:<app> 001 InternetCloseHandle() returning TRUE

19:47:25.565 00000e8c:<app> 001 InternetCloseHandle(0xcc0008)
19:47:25.565 00000e8c:<app> 001 InternetCloseHandle() returning TRUE

Does anyone know a workaround for the problem?

[1] http://support.microsoft.com/kb/305217