XDR Test 7 - Stuck in Pending State

[bhoomit majmudar]

We are trying to test XDR Test 7 and it stays stuck in PENDING state. Below are more details.

Document used for testing - "170.315 b1 ToC Ambulatory Sample 1 (v1) - CDA"
Attached snapshot of the test stuck in Pending state.

As discussed on call, we have tried this test with both the endpoints displayed under Test 7,

1. https://ett.healthit.gov:12084
Our gateway server which sends out the document to ETT, is not able to communicate with the endpoint https://ett.healthit.gov:12084 as the server cert of this endpoint seems to have expired long back.
<rs:RegistryError errorCode="5401" codeContext="An error occurred while sending the request.  The underlying connection was closed: An unexpected error occurred on a send..  The connection to https://ett.healthit.gov:12084/ failed.  The server certificate expired on 3/15/2015 5:41:16 PM.." 

2. https://ett.healthit.gov:11084/xdstools/sim/edge-ttp__7/rep/xdrpr

The document is sent successfully but the test stays in Pending State only.

We have tried multiple times and it is the same output. We are using ETT certificate for running these tests.

[bhoomit majmudar]

Our IP address is 20.10.66.66

[Sai Valluripalli]

Are you using invalid certificate provided here: https://site.healthit.gov/direct 

--
You received this message because you are subscribed to the Google Groups "Edge Test Tool (ETT)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to edge-test-too...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/edge-test-tool/ee59f376-1e2e-4b44-98b1-f73fefb119a1n%40googlegroups.com.

[Sai Valluripalli]

Your gateway is actually passing the part of XDR 7 that matters: the ETT endpoint at 12084 intentionally serves a bad/expired certificate (that's the whole point of the test, verify your edge rejects mutual TLS when the server's cert is invalid). The RegistryError 5401 … certificate expired on 3/15/2015 is the desired outcome. The cert was deliberately set up that way and being expired is one of the things that makes it "bad."

The reason the ETT UI is stuck in PENDING is separate: ETT correlates the test result to your run by matching the source IP of the incoming TLS connection against the IP you entered in the form. If your gateway sits behind NAT, a proxy, an SD‑WAN gateway, or any egress firewall, the IP that arrives at ett.healthit.gov is not the IP of the gateway server itself  and ETT silently discards the result, leaving the test in PENDING.

Please:

1. From the gateway server (the host actually making the outbound TLS call), run curl https://api.ipify.org (or equivalent) to get the public egress IP.
2. Re‑run XDR 7 and put that IP in the "IP Address" field.
3. Trigger the send again, wait ~15 seconds (the ETT listener does a 10‑second probe), then refresh.

If you have multiple egress IPs (HA pair, multi‑AZ, etc.), repeat with each. Also confirm outbound TCP to ett.healthit.gov:12084 isn't being blocked by your perimeter firewall.

[bhoomit majmudar]

Hi Sai,

We are sending the messages from our Gateway public IP 20.10.66.66 only and we are using this same IP while running XDR Test 7 on ETT site.
We have allowed outbound to ett.healthit.gov:12084 also.

This is our latest try for Test 7. If you are seeing a different IP, can you please share what IP you see in your logs so that we can investigate on it.

==============================================
CorrelationId="96603612-b6a8-4e43-a766-22cc9754620f"
MessageID>urn:uuid:045bc247-7c78-484e-bd69-442a097f33d5
<rim:Slot name="creationTime">
    <rim:ValueList>
        <rim:Value>20260505103059</rim:Value>
    </rim:ValueList>
</rim:Slot>
======================

[Vishal Patel]

Hi Sai,
Any updates on above thread.