target machine actively refused it x.x.x.x:5671

[ET]

What is missing?  Cannot establish amqp/ssl

None of the specified endpoints were reachable

inner:

Connection failed

inner:

No connection could be made because the target machine actively refused it x.x.x.x:5671

inner:

Log shows earlier 5671 was started

INFO REPORT==== 13-Jun-2017::15:20:23 ===started SSL Listener on 0.0.0.0:5671

{ssl_listeners,[5671]},

{ssl_options,

    [{cacertfile,"D:/RabbitMQ/ssl/ashca.pem"},

     {certfile,"D:/RabbitMQ/ssl/server.pem"},

     {keyfile,"D:/RabbitMQ/ssl/server.key"},

     {verify,verify_peer},

     {fail_if_no_peer_cert,false}]},

Windows> RabbitMQ 3.6.10

OpenSSL> s_client -connect stg.rabbitmq:5671

CONNECTED(000000D8)

[Anitha Ponraj]

if you have windows firewall turned on, check the incoming and outgoing TCP ports on 5671, 5672, 4369, 15672, 25672.

[Michael Klishin]

"Actively refused it" is Windows speak for TCP reset, so the hypothesis

that it's a firewall, proxy or anti-virus software of some kind is reasonable, however,

`openssl s_client` seemingly can connect to stg.rabbitmq:5671.

ET, please post server logs and full `openssl s_client` output as well as your

TLS related code on the client end.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

[ET]

RESOLVED:  combo of issues here: cert format and F5 was resetting the connection.

[Michael Klishin]

Thank you for reporting back.

May I clarify what did you have to configure on the load balancer? Was the certificate

format used with RabbitMQ nodes something other than PEM?

--

You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ET]

Simply disabled the pool as we were seeing resets in captures.  We are unsure of how to properly configure the F5 for RBT.

Can you advise on the proper F5 pool configuration for our 2-node HA master/slave config?

It was something to do with how I converted the cer/pfx to pem.  No logging as to what the issue was.

Resolved by getting CA signed back as p7b (full chain), and then converting to pem.  Logging started at this point.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Michael Klishin]

There should be nothing RabbitMQ-specific in load balancer configuration.

You can find the list of ports used by RabbitMQ on http://www.rabbitmq.com/networking.html.

Idle TCP connection timeout should be no less than 60 seconds (I'd use a few minutes),

that should work well with default client connection heartbeat

(see http://rabbitmq.com/heartbeats.html, in particular at the end).

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.