Auth Error |
-
authentication server connection error: Authentication server connection error.
-
authentication server did not recognize the user: Authentication server did not recognize the user.
-
user authentication failed due to unknown error: User authentication failed due to unknown error.
-
user authentication timed out: User authentication timed out.
-
user credentials failed: User credentials failed.
-
user login failed due to missing credentials: User login failed due to missing credentials.
-
user not authorized for access: User not authorized for access.
|
Client certificate verification failed |
-
CA x509 certificate invalid: CA’s x509 certificate is invalid.
-
CRL error: Client’s x509 certificate CRL had error.
-
CRL has expired: Client’s x509 certificate CRL has expired.
-
CRL not yet valid: Client’s x509 certificate CRL not yet valid.
-
Unable to get CRL for a certificate: Client’s x509 certificate CRL not present.
-
certificate chaining error: Certificate chain could not be formed correctly.
-
client x509 certificate expired: Client’s x509 certificate has expired.
-
client x509 certificate had errors: Client’s x509 certificate has errors.
-
client x509 certificate not yet valid: Client’s x509 certificate not yet valid.
-
client x509 certificate revoked: Client’s x509 certificate has been revoked.
-
client x509 certificate verification failed: Validation of the client’s x509 certificate failed.
-
internal error: Internal Error.
|
Client request processing failure |
-
internal failure: NSX Advanced Load Balancer was unable to complete UDP request from the client due to an internal NSX Advanced Load Balancer error. This may be due to lack of memory or other resources.
-
server conn setup failed: NSX Advanced Load Balancer was unable to complete UDP request from the client due to an internal NSX Advanced Load Balancer error setting up server connectivity. This may be due to lack of memory or other resources.
|
Connection abnormal event |
-
HTTP Server took longer than configured threshold to respond: HTTP Server took longer than configured threshold to respond.
-
HTTP Server took longer than configured time to respond: HTTP Server took longer than configured time to respond.
-
TCP Server took longer than expected to respond: TCP Server took longer than expected to respond
-
can’t resolve server address: Can’t resolve server address.
-
client high retransmits: The TCP connection completed gracefully, but there were a high number of retransmitted packets from NSX Advanced Load Balancer to the client. This may be due to a lossy or congested network.
-
client high rtt: The TCP round trip time between NSX Advanced Load Balancer and the client is greater than 1 second.
-
client out of order packets: The TCP connection completed gracefully, but NSX Advanced Load Balancer received a high number of out of order packets from the client. This is generally due to lossy or congested network or drops by NSX Advanced Load Balancer.
-
client possible window stuck: The TCP connection completed gracefully, but there were instances when the TCP window advertised by the client was not opened fast enough, which may lead the window to be stuck.
-
client timeout caused retransmits: The TCP connection completed gracefully, but there are a high number of retransmitted packets due to timeouts from NSX Advanced Load Balancer to the client. This could be due to lossy network or a slow client.
-
request timed out while waiting for client: Request timed out while waiting for client.
-
server high retransmits: The TCP connection completed gracefully, but there were a high number of retransmitted packets from NSX Advanced Load Balancer to the server. This can be due to a lossy or congested network.
-
server high rtt: The TCP round trip time between NSX Advanced Load Balancer and the server is greater than 500ms.
-
server out of order packets: The TCP connection completed gracefully, but NSX Advanced Load Balancer received a high number of out of order packets from the client. This is generally due to lossy or congested network or drops by NSX Advanced Load Balancer.
-
server possible window stuck: The TCP connection completed gracefully, but there were instances when the TCP window advertised by the server was not opened fast enough, which may lead the window to be stuck.
-
server timeout caused retransmits: The TCP connection completed gracefully, but there were a high number of retransmitted packets due to timeouts from NSX Advanced Load Balancer to the server. This could be due to lossy network or a slow server.
-
server udp response timed out: Server response to client’s udp packet timed out.
-
server unanswered syns: The TCP connection completed gracefully, but there were some syns sent to backend server were not acked immediately that caused SE to retransmit the syn. This is typically due to busy server.
-
zero window from client: The TCP connection completed gracefully, but there were instances when the TCP window advertised by the client depleted to zero. This means that NSX Advanced Load Balancer could not send any more packets until the client opened the TCP window. This is typically due to a slow client.
-
zero window from server: The TCP connection completed gracefully, but there were instances when the TCP window advertised by the server depleted to zero. This means that NSX Advanced Load Balancer could not send any more packets until the server opened the TCP window. This is typically due to a slow server.
-
zero window to client: The TCP connection completed gracefully, but there were instances when the TCP window advertised by NSX Advanced Load Balancer to client depleted to zero. This means that client could not send any more packets until NSX Advanced Load Balancer opened the TCP window. This is typically due to a slow server.
-
zero window to server: The TCP connection completed gracefully, but there were instances when the TCP window advertised by NSX Advanced Load Balancer to server depleted to zero. This means that server could not send any more packets until Avi opened the TCP window. This is typically due to a slow client.
|
Connection closed abnormally |
-
Connection was closed before client sent HTTP request: The connection was closed while waiting for the client to send HTTP request.
-
client aborted connection: Client abnormally terminated the connection by sending a TCP RST.
-
client connection timed out: The established TCP connection with the client was closed due to timeout. Despite multiple retry attempts, the client stopped responding to NSX Advanced Load Balancer's packets.
-
client prematurely closed SPDY stream: Client prematurely closed SPDY stream conn deleted due to config update: The connection was deleted due to an NSX Advanced Load Balancer configuration update.
-
connection dropped due to SSL handshake failure: The connection dropped due to SSL handshake failure.
-
connection dropped due to server side SSL handshake failure: The connection dropped due to server side SSL handshake failure.
-
connection idle timed out: The established TCP connection was closed due to the TCP profile’s idle timeout.
-
connection was closed by HTTP policy action: The connection was reset due to a close action in HTTP security policy on the virtual service.
-
connection was closed by HTTP policy rate-limit action: The connection was reset due to a close action in HTTP security policy while rate-limiting flows on virtual service connection was closed by datascript. The connection was reset by a datascript installed by user connection was closed due to internal error: The connection was closed due to internal error.
-
connection was closed on VS config update: The client connection is closed if virtual service has close_client_conn_on_config_updateenabled and a disruptive config update is done on the virtual server.
-
connection was closed while trying to find the configured tokens in URL: The connection was reset on failure to find configured tokens in url
-
connection was prematurely closed by the client: connection was prematurely closed by the client.
-
server aborted connection: Server abnormally terminated the connection by sending a TCP RST.
-
server connection timed out: The established TCP connection with the server was closed due to timeout. Despite multiple retry attempts, the server stopped responding to NSX Advanced Load Balancer's packets.
-
server x509 certificate verification failed: Validation of the server’s x509 certificate failed.
-
timed out waiting for HTTP request from client: The connection timed out waiting for the client to send HTTP request.
|
Connection not allowed |
-
Too many connections: Configured rate limiting action taken for this connection for this virtual service.
-
Too many connections from this client IP: Configured rate limiting action taken for this connection from this client IP.
|
Connection setup failed |
-
client aborted connection setup: The connection setup was aborted by the client, which sent a RST during the TCP three way handshake.
-
client conn setup failed: NSX Advanced Load Balancer was unable to complete the TCP three way handshake with the client due to an internal NSX Advanced Load Balancer error. This may be due to lack of memory or other resource.
-
client conn setup failed with bad packet: The connection was dropped due to bad packets received from client during TCP three way handshake.
-
client conn setup timed out: TCP three way handshake with the client timed out despite multiple retries.
-
server conn setup failed: NSX Advanced Load Balancer was unable to complete the TCP three way handshake with the server due to an internal NSX Advanced Load Balancer error. This may be due to lack of memory or other resource.
-
server conn setup timed out: TCP three way handshake with the server timed out despite multiple retries.
-
server refused connection: The connection setup was refused by the server, which sent an RST during the TCP three way handshake.
|
DNS query |
|
DNS query failed |
-
DNS query for an excluded domain: NSX Advanced Load Balancer was unable to serve the DNS Query received from the client, since the query was destined to an excluded domain.
-
global service down: NSX Advanced Load Balancer was unable to serve the DNS Query received from the client, since the global service was down.invalid DNS query: NSX Advanced Load Balancer was unable to serve the DNS Query received from the client, since the query was malformed or invalid.
-
no configured service found: NSX Advanced Load Balancer was unable to serve the DNS Query received from the client, since there was no configured service.
-
no valid global service member found: NSX Advanced Load Balancer was unable to serve the DNS Query received from the client, since no valid global service member was found.
-
server returned error response: NSX Advanced Load Balancer received an error response from the server for the DNS query received from the client.
-
unsupported DNS query: NSX Advanced Load Balancer was unable to serve the DNS Query received from the client, since the query type was not supported.
|
DOS_APP_ERROR |
-
bad gateway: Potential denial of service attack where a backend network vulnerability is being exploited.
-
gateway timeout: Potential denial of service attack where a backend network vulnerability is being exploited.
|
DOS_HTTP_ABORT |
-
client reset connection abnormally: Potential denial of service attack where client resets connection after having sent a few bytes of the request holding up request and connection related resources.
-
client reset the connection before sending any requests: Potential denial of service attack where client resets connections after having held up connection resources.
|
DOS_HTTP_ERROR |
-
bad request: Potential denial of service attack where client is sending bad requests.
-
request body too large: Potential denial of service attack where client is sending requests with body size more than allowed by configuration.
-
request ended prematurely: Potential denial of service attack where client closed the connection in the middle of a request.
-
request header too large: Potential denial of service attack where client is sending requests with header size more than allowed by configuration.
-
request uri too large: Potential denial of service attack where client is sending requests with uri length more than allowed by configuration.
|
DOS_HTTP_TIMEOUT |
-
connection timed out as no requests were received from the client after the connection was established: Potential denial of service attack where client holds up a connection without sending any requests. Browsers like Chrome are known to keep connections open for short durations of time without sending any requests, in which case this significance would not be triggered.
-
request timed out: Potential denial of service attack where client is sending requests few bytes at a time with no intention of completing the request. This could potentially be Slowloris or Slowbody attack.
|
DOS_SSL_ERROR |
|
Datascript Error |
-
a datascript attached to the VS returned a 5xx response: A datascript attached to the virtual service returned a 5xx response.
-
a datascript attached to the VS returned a 4xx response: Datascript attached to the virtual service returned a 4xx response.
|
HTTP2 Compression Error |
-
Client sent header block with too long header index value: Client sent header block with too long header index value.
-
Client sent header block with too long size update value: Client sent header block with too long size update value.
-
Client sent header field with too long length value: Client sent header field with too long length value.
-
Client sent invalid HPACK table index - 0: Client sent invalid HPACK table index - 0.
-
Client sent invalid encoded header field: Client sent invalid encoded header field.
-
Client sent invalid table size update: Client sent invalid table size udpate.
-
Client sent out of bound HPACK table index: Client sent out of bound HPACK table index.
|
HTTP2 Flow Control Error |
-
Client sent SETTINGS frame with incorrect INITIAL_WINDOW_SIZE value: Client sent SETTINGS frame with incorrect .INITIAL_WINDOW_SIZE value
-
Client violated flow control for stream by sending WINDOW_UPDATE frame with window increment disallowed for window: Client violated flow control for stream by sending WINDOW_UPDATE frame with window increment disallowed for window.
-
Received DATA frame length from client violated connection’s available window size: Received DATA frame length from client violated connection’s available window size.
-
Received DATA frame length from client violated stream’s available window size: Received DATA frame length from client violated stream’s available window size.
-
Send Window larger than allowed: Send Window larger than allowed.
|
HTTP2 Frame Size Error |
-
Client sent GOAWAY frame with incorrect length: Client sent GOAWAY frame with incorrect length.
-
Client sent HEADERS frame with empty header block: Client sent HEADERS frame with empty header block Client sent HEADERS frame with incorrect length: Client sent HEADERS frame with incorrect length.
-
Client sent PING frame with incorrect length: Client sent PING frame with incorrect length Client sent PRIRORITY frame with incorrect length: Client sent PRIORITY frame with incorrect length.
-
Client sent RST_STREAM frame with incorrect length: Client sent RST_STREAM frame with incorrect length.
-
Client sent SETTINGS frame with ACK flag and nonzero length: Client sent SETTINGS frame with ACK flag and non zero length.
-
Client sent SETTINGS frame with incorrect length: Client sent SETTINGS frame with incorrect length.
-
Client sent header block with incorrect length: Client sent header block with incorrect length
-
client exceeded compressed header size limit: Client exceeded compressed header size limit.
-
client exceeded header size limit: Client exceeded header size limit.
|
HTTP2 Miscellaneous Error |
-
Client prematurely closed connection: Client prematurely closed connection.
-
Client prematurely closed stream: Client prematurely closed stream.
-
Negative window update: HTTP2 Negative window update.
|
HTTP2 Protocol Error |
-
Client intended to send body data larger than declared: Client intended to send body data larger than declared.
-
Client intended to send too large chunked body: Client intended to send too large chunked body.
-
Client sent CONTINUATION frame with incorrect identifier: Client sent CONTINUATION frame with incorrect identifier.
-
Client sent HEADERS frame for stream with incorrect dependency: Client sent HEADERS frame for stream with incorrect dependency.
-
Client sent HEADERS frame with incorrect identifier: Client sent HEADERS frame with incorrect identifier.
-
Client sent PRIORITY frame with incorrect dependency: Client sent PRIORITY frame with incorrect dependency.
-
Client sent PRIORITY frame with incorrect identifier: Client sent PRIORITY frame with incorrect identifier
-
Client sent PUSH PROMISE frame: Client sent PUSH PROMISE frame.
-
Client sent RST_STREAM frame with incorrect identifier: Client sent RST_STREAM frame with incorrect identifier.
-
Client sent SETTINGS frame with incorrect MAX_FRAME_SIZE: Client sent SETTINGS frame with incorrect MAX_FRAME_SIZE.
-
Client sent WINDOW_UPDATE frame with incorrect length: Client sent WINDOW_UPDATE frame with incorrect length.
-
Client sent WINDOW_UPDATE frame with incorrect window increment 0: Client sent WINDOW_UPDATE frame with incorrect window increment 0.
-
Client sent duplicate :method header: Client sent duplicate :method header.
-
Client sent duplicate :path header: Client sent duplicate :path header.
-
Client sent duplicate :scheme header: Client sent duplicate :scheme header.
-
Client sent empty :method header: Client sent empty :method header.
-
Client sent empty :path header: Client sent empty :path header.
-
Client sent empty :scheme header: Client sent empty :scheme header.
-
Client sent header with invalid value: Client sent header with invalid value.
-
Client sent inappropriate frame while CONTINUATION frame was expected: Client sent inappropriate frame while CONTINUATION frame was expected.
-
Client sent invalid :method header: Client sent invalid :method header.
-
Client sent invalid :path header: Client sent invalid :path header.
-
Client sent invalid DATA frame with incorrect frame length - 0: Client sent invalid DATA frame with incorrect frame length - 0.
-
Client sent invalid header: Client sent invalid header.
-
Client sent invalid header name: Client sent invalid header name.
-
Client sent no :method header: Client sent no :method header.
-
Client sent no :path header: Client sent no :path header.
-
Client sent no :scheme header: Client sent no :scheme header.
-
Client sent padded DATA frame with incorrect frame length: Client sent padded DATA frame with incorrect frame length.
-
Client sent padded HEADERS frame with incorrect frame length: Client sent padded HEADERS frame with incorrect frame length.
-
Client sent unexpected CONTINUATION frame: Client sent unexpected CONTINUATION frame.
-
Client sent unknown pseudo-header: Client sent unknown pseudo-header.
-
Client timed out: Client timed out
-
Invalid connection preface received: Invalid connection preface received.
-
Proxy protocol error: Proxy protocol error.
|
HTTP2 Refused Stream Error |
|
HTTP2 Stream Error |
|
Memory Exhausted |
|
Persistence Error |
-
cookie key is not in the list of keys configured in the persistence profile: Cookie key is not in the list of keys configured in the persistence profile.
-
persistence Profile Keys were not configured: Persistence Profile Keys were not configured.
-
request was intended for a remote site, but remote site was down: Request was intended for a remote site, but remote site was down.
|
Request abnormal event |
-
RUM module cannot handle HTTP request method: RUM can only handle GET and POST. Incoming request method isn’t one of them.
-
client attempted to request a different server name: Client attempted to request a server name that was different from the one that was negotiated.
-
client sent HTTP TRACE method which is currently not supported: Client sent HTTP TRACE method which is currently not supported client sent a HTTP 1.1 request without Host header: Client sent a HTTP 1.1 request without Host header client sent a URI which failed to parse: Failed to parse a URI received from the client client sent a request with version less than 1.0: Found invalid version less than 1.0 in request.
-
client sent an invalid content length: Client sent an invalid content length client sent an invalid header line: The newline character was missing after the carriage returnin a header line client sent an invalid host in the request line: Found an invalid host in the request line while parsing.
-
client sent duplicate header: Among the list of headers sent by client, there was a duplicate.
-
client sent invalid chunked body: Client sent invalid chunked body.
-
client sent invalid header block while processing SPDY stream: Client sent invalid header block while processing SPDY stream.
-
client sent invalid host header: Host header sent by client is invalid.
-
client sent too long request or header: Client sent too long request or header.
-
client sent unknown transfer encoding: Client sent unknown transfer encoding.
-
cookie size in the incoming request was greater than the maximum possible size: Cookie size in the incoming request was greater than the maximum possible size.
-
cookie size in the incoming request was lesser than the minimum expected cookie size: Cookie size in the incoming request was lesser than the minimum expected cookie size.
-
cookie version in the incoming request does not match the expected version: Cookie version in the incoming request does not match the expected version.
-
data error while reading SPDY request body: Data error while reading SPDY request body.
-
encountered an invalid header during SPDY header parsing: Encountered an invalid header during SPDY header parsing.
-
error while processing SPDY data: Error while processing SPDY data.
-
high app response time: App response time greater than the configured threshold.
-
high total time: Total time greater than the configured threshold.
-
http version 0.9: Client sent request with HTTP Protocol version 0.9.
-
no method or uri or protocol seen while constructing SPDY request: No method or uri or protocol seen while constructing SPDY request
-
persistent server changed: Persistent server changed
-
there was an error while reading client headers: There was an error while reading client headers
|
Request ended abnormally |
-
Datascript failed to execute: The datascript failed to execute.
-
Throttled by the custom string-based rate limiter: Request dropped because there were too many requests that map to a custom string
-
Throttled by the header-based rate limiter: Request dropped because there were too many requests that contain a header or cookie value
-
Too many bad requests for this URI: Request dropped because there were too many bad requests for this URI
-
Too many bad requests for this URI from this client IP: Request dropped because there were too many bad requests for this URI from this client IP
-
Too many bad requests from this client IP: Request dropped because there were too many bad requests from this client IP
-
Too many requests: Request dropped because there were too many requests for this virtualservice
-
Too many requests for a bad URI: Request dropped because there were too many requests for this bad URI
-
Too many requests for an unknown URI: Request dropped because there were too many requests for this unknown URI
-
Too many requests for this URI: Request dropped because there were too many requests for this URI
-
Too many requests for this URI from this client IP: Request dropped because there were too many requests for this URI from this client IP
-
Too many requests from a bad client IP: Request dropped because there were too many requests from this bad client IP
-
Too many requests from an unknown client IP: Request dropped because there were too many requests from this unknown client IP
-
Too many requests from this client IP: Request dropped because there were too many requests from this client IP
-
no available servers: The connection attempt was reset due to no servers available. This may be because the server connection limits setting was reached, or all servers are in a down state.
-
request failed to select pool: The request could not be fulfilled by any available pool
-
request failed to use a virtual hosting virtual server: The request could not be fulfilled by any virtual server
-
response code 4xx: A 4xx ‘client error’ HTTP response code was sent to the client.
-
response code 5xx: A 5xx ‘server error’ HTTP response code was sent to the client.
|
SIP Proxy Profile Timeout |
-
connection idle timeout occurred, closing the connection: Proxy profile connection timeout occurred
-
transaction timeout occurred, closing server side connection: Proxy profile transaction timeout occurred
|
SIP client connectivity failed |
|
SIP error |
-
Can not parse message from a client: Can not parse SIP message sent by a client
-
Can not parse message from server: Can not parse SIP message sent by server
-
Can not update SIP message: Can not update SIP message
-
Either app transaction timeout or connection idle timeout occurred in middle of transaction: SIP request timed out
-
Server sent a SIP message with unknown CallId header: Server sent a SIP message with unknown CallId header
-
request failed: SIP request failed
|
SIP server connectivity failed |
|
SSL Error |
-
bad change cipher spec: Change cipher spec is bad
-
block cipher pad is wrong: Block Cipher Pad is wrong
-
client SSL certificate verify error: Client SSL certificate verify error
-
client sent a plain request on HTTPS port: Client sent a plain request on HTTPS port
-
client sent no required SSL certificate: Client sent no required SSL certificate
-
decryption failed or bad record mac: Decryption failed or Bad record MAC
-
digest check failed: Digest check failed
-
error in received cipher list: Received cipher list has an error
-
excessive message size: Message size is excessive
-
inappropriate fallback: Inappropriate fallback to a lower version
-
length mismatch: Length mismatch was detected
-
no ciphers passed: No ciphers were passed
-
no ciphers specified: No ciphers were specified
-
no compression specified: No compression was specified
-
no shared cipher: No shared cipher
-
parse tlsext: Error parsing tlsext
-
record length mismatch: Mismatch in record length
-
renegotiate ext too long: Renegotiate extestions were too long
-
renegotiation encoding err: Error in renegotiation encoding
-
renegotiation mismatch: Mismatch detected in renegotiation
-
scsv received when renegotiating: SCSV was received when renegotiating
-
sslv3 alert bad certificate: SSLv3 alert - Bad Certificate
-
sslv3 alert bad record mac: SSLv3 alert - Record with incorrect MAC received
-
sslv3 alert certificate expired: SSLv3 alert - Certificate expired
-
sslv3 alert certificate revoked: SSLv3 alert - Certificate revoked
-
sslv3 alert certificate unknown: SSLv3 alert - Certificate unknown
-
sslv3 alert decompression failure: SSLv3 alert - Decompression Failure
-
sslv3 alert handshake failure: SSLv3 alert - Handshake Failure
-
sslv3 alert illegal parameter: SSLv3 alert - Illegal Parameter
-
sslv3 alert no certificate: SSLv3 alert - No Certificate
-
sslv3 alert unexpected message: SSLv3 alert - Unexpected Message
-
sslv3 alert unsupported certificate: SSLv3 alert - Unsupported Certificate
-
tlsv1 alert access denied: TLSv1 alert - Access denied
-
tlsv1 alert decode error: TLSv1 alert - Decode error - Field out of specified range or message length incorrect
-
tlsv1 alert decrypt error: TLSv1 alert - Decrypt error
-
tlsv1 alert decryption failed: TLSv1 alert - Decryption failed
-
tlsv1 alert export restriction: TLSv1 alert - Export Restriction
-
tlsv1 alert insufficient security: TLSv1 alert - Ciphers not secure enough
-
tlsv1 alert internal error: TLSv1 alert - Internal Error
-
tlsv1 alert no renegotiation: TLSv1 alert - No Renegotiation
-
tlsv1 alert protocol version: TLSv1 alert - Attempt to negotiate with unsupported protocol version
-
tlsv1 alert record overflow: TLSv1 alert - Record Overflow
-
tlsv1 alert unknown ca: TLSv1 alert - CA could not be located or Doesn’t match known, trusted CA
-
tlsv1 alert user cancelled: TLSv1 alert - User Cancelled
-
unexpected message: Unexpected message
-
unexpected record: Unexpected record
-
unknown alert type: Unknown alert type
-
unknown protocol: Unknown protocol
-
unsafe legacy renegotiation disabled: Unsafe legacy renegotiation is disabled
-
wrong version number: Wrong version number
|
Server certificate verification failed |
-
CA x509 certificate invalid: CA’s x509 certificate is invalid
-
CRL error: Server’s x509 certificate CRL had error
-
CRL has expired: Server’s x509 certificate CRL has expired
-
CRL not yet valid: Server’s x509 certificate CRL not yet valid
-
Unable to get CRL for a certificate: Server’s x509 certificate CRL not present
-
certificate chaining error: Certificate chain could not be formed correctly
-
hostname did not match with upstream certificate: Hostname did not match with the upstream certificate
-
internal error: Internal Error
-
server x509 certificate expired: Server’s x509 certificate has expired
-
server x509 certificate had errors: Server’s x509 certificate has errors
-
server x509 certificate not yet valid: Server’s x509 certificate not yet valid
-
server x509 certificate revoked: Server’s x509 certificate has been revoked
-
server x509 certificate verification failed: Validation of the server’s x509 certificate failed
|
Server connectivity failed |
|
Upstream Error |
|
WAF Match |
|