cUrl for an HTTPS address/domain times out unless previously accessed from browser Announcing...
Did Xerox really develop the first LAN?
Doubts about chords
Should gear shift center itself while in neutral?
How to draw this diagram using TikZ package?
When -s is used with third person singular. What's its use in this context?
What would be the ideal power source for a cybernetic eye?
What is the longest distance a 13th-level monk can jump while attacking on the same turn?
Is the address of a local variable a constexpr?
Is it true that "carbohydrates are of no use for the basal metabolic need"?
What are the pros and cons of Aerospike nosecones?
Gastric acid as a weapon
Does surprise arrest existing movement?
How to assign captions for two tables in LaTeX?
Examples of mediopassive verb constructions
Storing hydrofluoric acid before the invention of plastics
What is the correct way to use the pinch test for dehydration?
What does the "x" in "x86" represent?
Sorting numerically
Can inflation occur in a positive-sum game currency system such as the Stack Exchange reputation system?
Why is "Captain Marvel" translated as male in Portugal?
Check which numbers satisfy the condition [A*B*C = A! + B! + C!]
Why did the IBM 650 use bi-quinary?
Is there a concise way to say "all of the X, one of each"?
How can players work together to take actions that are otherwise impossible?
cUrl for an HTTPS address/domain times out unless previously accessed from browser
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!Is there a way to access 'mod_rewrite' before 'mod_ssl'?SSL error curl/wget unknown protocol/wrong version numberOpenSSL issues in Debian Wheezycurl succeeds on an https request, wget does notIssues with the SSL versions used by Curl and Python SSL libInvoke-RestMethod cmdlet not found in Orchestrator 2012 R2 Run .Net Script ActivityCurl: unable to get local issuer certificate. How to debug?HTTPS slow/times out while HTTP is working normallycurl SSL protocol error in connection to shbr-staging.surescripts.nettls 1.2 handshake timeout docker container
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I've lost a couple days to this problem and hope it sparks a thought from someone.
I am integrating several systems together using Powershell scripts. One of the two services I am connecting to (hosted JIRA) can be accessed just fine from my local system, but the script would fail when running from one of my VMs. I found, through chance, that if I opened/refreshed a browser on the server for an HTTPS URL for that host then the script would be able to access the API over HTTPS for about 20-30 seconds afterwards.
I receive a timeout error when I remote into the server and try this from a powershell console. I then verified the same behavior occurs with cUrl (verbose output included below). Refreshing a browser with that domain then allows both to access HTTPS URLs for a short period of time. It appears to be timing out on the initial connection before SSL negotiation.
Representative PoSH Command:
Invoke-RestMethod -Method Get -Uri "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -Headers @{"Authorization" = "Basic "+ [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('USERNAME:PASSWORD'))}
Representative cUrl command:
curl.exe "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -u "USERNAME:PASSWORD" -v -X GET
I've done a lot of digging on this and I'm pretty stumped. I did try using Wireshark to dig deeper, but it's been years since I used a packet sniffer and I'm rusty and having to learn the UI.
Troubleshooting:
Here are the questions/answers I could think of while trying to isolate the problem:
- Is it powershell?
- Using cUrl also times out
- Is it all HTTPS?
https://google.com/
works fine without timeout
https://localhost/...
works fine without timeout
- Is it a system that has accessed JIRA via browser ever?
- I verified my home desktop could connect via PoSH despite never having accessed JIRA
- Is it Host, DC, or OS?
- This is a 2008 R2 VM in Azure, I verified the PoSH and cUrl commands work fine in a 2nd Azure VM running 2008 R2
- Firewall, Antivirus?
- Disabled Antivirus and Firewall, cUrl + PoSH still timeout
- User agent?
- Including a user agent didn't make a difference on problem system or working systems
- What does Fiddler say?
- Fiddler w/ SSL decryption caused gateway errors to occur instead of timeouts, I haven't dug deeper
- Maybe it's a network issue for Atlassian? Intermittent connectivity?
- I've been consistently getting errors from my server and it's been consistently working from everywhere else I have tried
- I performed 10 in a row calls on the server and locally and got perfect returns from the 10 local and perfect timeouts from the server. After doing the browser refresh trick on the server, I had 10 in a row perfect responses.
- What does it look like in Wireshark?
- With cUrl: Wireshark shows the initial TCP call go out, but it isn't ACKed, so you then see two TCP Retransmission attempts
- With cUrl after brower priming: Wireshark shows the first TCP call is ACKed and then everything works as expected
For a short amount of time I thought I had gotten cUrl working consistently. I was using -3 -4 to force SSL3 and ipv4 addresses and it appeared to be working without me having to prime the connection with a web browser. Unfortunately after rebooting this no longer works.
Methods I have tried on the server:
- cUrl, cUrl with -3 -4
- PoSH: Invoke-RestMethod, Invoke-WebRequest, WebClient, WebRequest/WebResponse, setting default SSL to SSL3 via ServicePointManager, setting proxy and proxy credentials via system defaults in case there is one (not to my knowledge)
- IE: works
- Chrome: works
cUrl Output
Here is some sample output from cUrl. I already have a browser open to https://MYDOMAIN.atlassian.net
(it's sitting on the login screen), but I've left it sitting for a while so the connection would be stale.
cUrl output before refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* connect to 165.254.226.145 port 443 failed: Timed out
* Failed to connect to MYDOMAIN.atlassian.net port 443: Timed out
* Closing connection 0
cUrl output when I run right after refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* Connected to MYDOMAIN.atlassian.net (165.254.226.145) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:UsersAdministratorAppDataLocalAppscURLbincurl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
... rest of handshake and HTML for a 401 error page because I didn't force pre-authentication ...
Updated
I added Wireshark results to questions above.
I've now also found that if I run the cUrl command and cancel it before it times out and immediately run it again, it is successful. if I let the cUrl command timeout then immediately run it again, it times out again.
If I run the PoSH command and cancel it before it times out and immediately run it again, I can actually run it 5+ times in a row successfully.
This is definately something networking related, I'm going to see if re-running the command eventually gets to a point where it times out again or if cancelling out of the first call somehow lets me keep making subsequent calls as long as I can (which may be possible, I think PoSH is taking advantage of keep alive once the initial connection is formed).
powershell https curl jira
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I've lost a couple days to this problem and hope it sparks a thought from someone.
I am integrating several systems together using Powershell scripts. One of the two services I am connecting to (hosted JIRA) can be accessed just fine from my local system, but the script would fail when running from one of my VMs. I found, through chance, that if I opened/refreshed a browser on the server for an HTTPS URL for that host then the script would be able to access the API over HTTPS for about 20-30 seconds afterwards.
I receive a timeout error when I remote into the server and try this from a powershell console. I then verified the same behavior occurs with cUrl (verbose output included below). Refreshing a browser with that domain then allows both to access HTTPS URLs for a short period of time. It appears to be timing out on the initial connection before SSL negotiation.
Representative PoSH Command:
Invoke-RestMethod -Method Get -Uri "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -Headers @{"Authorization" = "Basic "+ [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('USERNAME:PASSWORD'))}
Representative cUrl command:
curl.exe "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -u "USERNAME:PASSWORD" -v -X GET
I've done a lot of digging on this and I'm pretty stumped. I did try using Wireshark to dig deeper, but it's been years since I used a packet sniffer and I'm rusty and having to learn the UI.
Troubleshooting:
Here are the questions/answers I could think of while trying to isolate the problem:
- Is it powershell?
- Using cUrl also times out
- Is it all HTTPS?
https://google.com/
works fine without timeout
https://localhost/...
works fine without timeout
- Is it a system that has accessed JIRA via browser ever?
- I verified my home desktop could connect via PoSH despite never having accessed JIRA
- Is it Host, DC, or OS?
- This is a 2008 R2 VM in Azure, I verified the PoSH and cUrl commands work fine in a 2nd Azure VM running 2008 R2
- Firewall, Antivirus?
- Disabled Antivirus and Firewall, cUrl + PoSH still timeout
- User agent?
- Including a user agent didn't make a difference on problem system or working systems
- What does Fiddler say?
- Fiddler w/ SSL decryption caused gateway errors to occur instead of timeouts, I haven't dug deeper
- Maybe it's a network issue for Atlassian? Intermittent connectivity?
- I've been consistently getting errors from my server and it's been consistently working from everywhere else I have tried
- I performed 10 in a row calls on the server and locally and got perfect returns from the 10 local and perfect timeouts from the server. After doing the browser refresh trick on the server, I had 10 in a row perfect responses.
- What does it look like in Wireshark?
- With cUrl: Wireshark shows the initial TCP call go out, but it isn't ACKed, so you then see two TCP Retransmission attempts
- With cUrl after brower priming: Wireshark shows the first TCP call is ACKed and then everything works as expected
For a short amount of time I thought I had gotten cUrl working consistently. I was using -3 -4 to force SSL3 and ipv4 addresses and it appeared to be working without me having to prime the connection with a web browser. Unfortunately after rebooting this no longer works.
Methods I have tried on the server:
- cUrl, cUrl with -3 -4
- PoSH: Invoke-RestMethod, Invoke-WebRequest, WebClient, WebRequest/WebResponse, setting default SSL to SSL3 via ServicePointManager, setting proxy and proxy credentials via system defaults in case there is one (not to my knowledge)
- IE: works
- Chrome: works
cUrl Output
Here is some sample output from cUrl. I already have a browser open to https://MYDOMAIN.atlassian.net
(it's sitting on the login screen), but I've left it sitting for a while so the connection would be stale.
cUrl output before refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* connect to 165.254.226.145 port 443 failed: Timed out
* Failed to connect to MYDOMAIN.atlassian.net port 443: Timed out
* Closing connection 0
cUrl output when I run right after refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* Connected to MYDOMAIN.atlassian.net (165.254.226.145) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:UsersAdministratorAppDataLocalAppscURLbincurl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
... rest of handshake and HTML for a 401 error page because I didn't force pre-authentication ...
Updated
I added Wireshark results to questions above.
I've now also found that if I run the cUrl command and cancel it before it times out and immediately run it again, it is successful. if I let the cUrl command timeout then immediately run it again, it times out again.
If I run the PoSH command and cancel it before it times out and immediately run it again, I can actually run it 5+ times in a row successfully.
This is definately something networking related, I'm going to see if re-running the command eventually gets to a point where it times out again or if cancelling out of the first call somehow lets me keep making subsequent calls as long as I can (which may be possible, I think PoSH is taking advantage of keep alive once the initial connection is formed).
powershell https curl jira
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Have you tried --sslv3 alone without -4?
– Brian Adkins
Sep 28 '14 at 16:18
I tried various combinations of -3 and -4 as well as -2 (sslv2) and -1 (tls 1.x). The -4 was to see if I was having DNS resolution isues and crossing over to ipv6 despite the IP in curls output, jiggling the ssl/tls versions was to see if I am somehow getting blocked by something analyzing traffic.
– Tarwn
Sep 28 '14 at 17:20
Based on your troubleshooting so far, it smells like a networking issue (maybe stale NAT or something between to do with the VM routing through the host). Are you able to traceroute at least past your network to the Atlassian IP address when it doesn't work via curl? I'm not sure how to view NAT tables for VMs on the host but that might be another place to start looking as well and post results.
– Andy Shinn
Sep 28 '14 at 17:31
Wireshark is showing the initial connection failing, it tries two TCP Reconnects and those fail as well. Networking was what led me to try it in the browser once, which is how I found that that somehow could prime the connection. What I just figured out (and will edit in above) is that cancelling the first cUrl or PoSH command and immediately re-executing somehow works. Running two in a row (and letting the first naturally timeout) leads to the 2nd one timing out also.
– Tarwn
Sep 28 '14 at 17:48
add a comment |
I've lost a couple days to this problem and hope it sparks a thought from someone.
I am integrating several systems together using Powershell scripts. One of the two services I am connecting to (hosted JIRA) can be accessed just fine from my local system, but the script would fail when running from one of my VMs. I found, through chance, that if I opened/refreshed a browser on the server for an HTTPS URL for that host then the script would be able to access the API over HTTPS for about 20-30 seconds afterwards.
I receive a timeout error when I remote into the server and try this from a powershell console. I then verified the same behavior occurs with cUrl (verbose output included below). Refreshing a browser with that domain then allows both to access HTTPS URLs for a short period of time. It appears to be timing out on the initial connection before SSL negotiation.
Representative PoSH Command:
Invoke-RestMethod -Method Get -Uri "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -Headers @{"Authorization" = "Basic "+ [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('USERNAME:PASSWORD'))}
Representative cUrl command:
curl.exe "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -u "USERNAME:PASSWORD" -v -X GET
I've done a lot of digging on this and I'm pretty stumped. I did try using Wireshark to dig deeper, but it's been years since I used a packet sniffer and I'm rusty and having to learn the UI.
Troubleshooting:
Here are the questions/answers I could think of while trying to isolate the problem:
- Is it powershell?
- Using cUrl also times out
- Is it all HTTPS?
https://google.com/
works fine without timeout
https://localhost/...
works fine without timeout
- Is it a system that has accessed JIRA via browser ever?
- I verified my home desktop could connect via PoSH despite never having accessed JIRA
- Is it Host, DC, or OS?
- This is a 2008 R2 VM in Azure, I verified the PoSH and cUrl commands work fine in a 2nd Azure VM running 2008 R2
- Firewall, Antivirus?
- Disabled Antivirus and Firewall, cUrl + PoSH still timeout
- User agent?
- Including a user agent didn't make a difference on problem system or working systems
- What does Fiddler say?
- Fiddler w/ SSL decryption caused gateway errors to occur instead of timeouts, I haven't dug deeper
- Maybe it's a network issue for Atlassian? Intermittent connectivity?
- I've been consistently getting errors from my server and it's been consistently working from everywhere else I have tried
- I performed 10 in a row calls on the server and locally and got perfect returns from the 10 local and perfect timeouts from the server. After doing the browser refresh trick on the server, I had 10 in a row perfect responses.
- What does it look like in Wireshark?
- With cUrl: Wireshark shows the initial TCP call go out, but it isn't ACKed, so you then see two TCP Retransmission attempts
- With cUrl after brower priming: Wireshark shows the first TCP call is ACKed and then everything works as expected
For a short amount of time I thought I had gotten cUrl working consistently. I was using -3 -4 to force SSL3 and ipv4 addresses and it appeared to be working without me having to prime the connection with a web browser. Unfortunately after rebooting this no longer works.
Methods I have tried on the server:
- cUrl, cUrl with -3 -4
- PoSH: Invoke-RestMethod, Invoke-WebRequest, WebClient, WebRequest/WebResponse, setting default SSL to SSL3 via ServicePointManager, setting proxy and proxy credentials via system defaults in case there is one (not to my knowledge)
- IE: works
- Chrome: works
cUrl Output
Here is some sample output from cUrl. I already have a browser open to https://MYDOMAIN.atlassian.net
(it's sitting on the login screen), but I've left it sitting for a while so the connection would be stale.
cUrl output before refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* connect to 165.254.226.145 port 443 failed: Timed out
* Failed to connect to MYDOMAIN.atlassian.net port 443: Timed out
* Closing connection 0
cUrl output when I run right after refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* Connected to MYDOMAIN.atlassian.net (165.254.226.145) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:UsersAdministratorAppDataLocalAppscURLbincurl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
... rest of handshake and HTML for a 401 error page because I didn't force pre-authentication ...
Updated
I added Wireshark results to questions above.
I've now also found that if I run the cUrl command and cancel it before it times out and immediately run it again, it is successful. if I let the cUrl command timeout then immediately run it again, it times out again.
If I run the PoSH command and cancel it before it times out and immediately run it again, I can actually run it 5+ times in a row successfully.
This is definately something networking related, I'm going to see if re-running the command eventually gets to a point where it times out again or if cancelling out of the first call somehow lets me keep making subsequent calls as long as I can (which may be possible, I think PoSH is taking advantage of keep alive once the initial connection is formed).
powershell https curl jira
I've lost a couple days to this problem and hope it sparks a thought from someone.
I am integrating several systems together using Powershell scripts. One of the two services I am connecting to (hosted JIRA) can be accessed just fine from my local system, but the script would fail when running from one of my VMs. I found, through chance, that if I opened/refreshed a browser on the server for an HTTPS URL for that host then the script would be able to access the API over HTTPS for about 20-30 seconds afterwards.
I receive a timeout error when I remote into the server and try this from a powershell console. I then verified the same behavior occurs with cUrl (verbose output included below). Refreshing a browser with that domain then allows both to access HTTPS URLs for a short period of time. It appears to be timing out on the initial connection before SSL negotiation.
Representative PoSH Command:
Invoke-RestMethod -Method Get -Uri "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -Headers @{"Authorization" = "Basic "+ [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes('USERNAME:PASSWORD'))}
Representative cUrl command:
curl.exe "https://MYDOMAIN.atlassian.net/rest/api/2/issue/PLPT-1?fields=key,id,status" -u "USERNAME:PASSWORD" -v -X GET
I've done a lot of digging on this and I'm pretty stumped. I did try using Wireshark to dig deeper, but it's been years since I used a packet sniffer and I'm rusty and having to learn the UI.
Troubleshooting:
Here are the questions/answers I could think of while trying to isolate the problem:
- Is it powershell?
- Using cUrl also times out
- Is it all HTTPS?
https://google.com/
works fine without timeout
https://localhost/...
works fine without timeout
- Is it a system that has accessed JIRA via browser ever?
- I verified my home desktop could connect via PoSH despite never having accessed JIRA
- Is it Host, DC, or OS?
- This is a 2008 R2 VM in Azure, I verified the PoSH and cUrl commands work fine in a 2nd Azure VM running 2008 R2
- Firewall, Antivirus?
- Disabled Antivirus and Firewall, cUrl + PoSH still timeout
- User agent?
- Including a user agent didn't make a difference on problem system or working systems
- What does Fiddler say?
- Fiddler w/ SSL decryption caused gateway errors to occur instead of timeouts, I haven't dug deeper
- Maybe it's a network issue for Atlassian? Intermittent connectivity?
- I've been consistently getting errors from my server and it's been consistently working from everywhere else I have tried
- I performed 10 in a row calls on the server and locally and got perfect returns from the 10 local and perfect timeouts from the server. After doing the browser refresh trick on the server, I had 10 in a row perfect responses.
- What does it look like in Wireshark?
- With cUrl: Wireshark shows the initial TCP call go out, but it isn't ACKed, so you then see two TCP Retransmission attempts
- With cUrl after brower priming: Wireshark shows the first TCP call is ACKed and then everything works as expected
For a short amount of time I thought I had gotten cUrl working consistently. I was using -3 -4 to force SSL3 and ipv4 addresses and it appeared to be working without me having to prime the connection with a web browser. Unfortunately after rebooting this no longer works.
Methods I have tried on the server:
- cUrl, cUrl with -3 -4
- PoSH: Invoke-RestMethod, Invoke-WebRequest, WebClient, WebRequest/WebResponse, setting default SSL to SSL3 via ServicePointManager, setting proxy and proxy credentials via system defaults in case there is one (not to my knowledge)
- IE: works
- Chrome: works
cUrl Output
Here is some sample output from cUrl. I already have a browser open to https://MYDOMAIN.atlassian.net
(it's sitting on the login screen), but I've left it sitting for a while so the connection would be stale.
cUrl output before refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* connect to 165.254.226.145 port 443 failed: Timed out
* Failed to connect to MYDOMAIN.atlassian.net port 443: Timed out
* Closing connection 0
cUrl output when I run right after refreshing the browser:
* Hostname was NOT found in DNS cache
* Trying 165.254.226.145...
* Connected to MYDOMAIN.atlassian.net (165.254.226.145) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: C:UsersAdministratorAppDataLocalAppscURLbincurl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
... rest of handshake and HTML for a 401 error page because I didn't force pre-authentication ...
Updated
I added Wireshark results to questions above.
I've now also found that if I run the cUrl command and cancel it before it times out and immediately run it again, it is successful. if I let the cUrl command timeout then immediately run it again, it times out again.
If I run the PoSH command and cancel it before it times out and immediately run it again, I can actually run it 5+ times in a row successfully.
This is definately something networking related, I'm going to see if re-running the command eventually gets to a point where it times out again or if cancelling out of the first call somehow lets me keep making subsequent calls as long as I can (which may be possible, I think PoSH is taking advantage of keep alive once the initial connection is formed).
powershell https curl jira
powershell https curl jira
edited Sep 28 '14 at 17:54
Tarwn
asked Sep 28 '14 at 15:26
TarwnTarwn
1264
1264
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 9 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Have you tried --sslv3 alone without -4?
– Brian Adkins
Sep 28 '14 at 16:18
I tried various combinations of -3 and -4 as well as -2 (sslv2) and -1 (tls 1.x). The -4 was to see if I was having DNS resolution isues and crossing over to ipv6 despite the IP in curls output, jiggling the ssl/tls versions was to see if I am somehow getting blocked by something analyzing traffic.
– Tarwn
Sep 28 '14 at 17:20
Based on your troubleshooting so far, it smells like a networking issue (maybe stale NAT or something between to do with the VM routing through the host). Are you able to traceroute at least past your network to the Atlassian IP address when it doesn't work via curl? I'm not sure how to view NAT tables for VMs on the host but that might be another place to start looking as well and post results.
– Andy Shinn
Sep 28 '14 at 17:31
Wireshark is showing the initial connection failing, it tries two TCP Reconnects and those fail as well. Networking was what led me to try it in the browser once, which is how I found that that somehow could prime the connection. What I just figured out (and will edit in above) is that cancelling the first cUrl or PoSH command and immediately re-executing somehow works. Running two in a row (and letting the first naturally timeout) leads to the 2nd one timing out also.
– Tarwn
Sep 28 '14 at 17:48
add a comment |
Have you tried --sslv3 alone without -4?
– Brian Adkins
Sep 28 '14 at 16:18
I tried various combinations of -3 and -4 as well as -2 (sslv2) and -1 (tls 1.x). The -4 was to see if I was having DNS resolution isues and crossing over to ipv6 despite the IP in curls output, jiggling the ssl/tls versions was to see if I am somehow getting blocked by something analyzing traffic.
– Tarwn
Sep 28 '14 at 17:20
Based on your troubleshooting so far, it smells like a networking issue (maybe stale NAT or something between to do with the VM routing through the host). Are you able to traceroute at least past your network to the Atlassian IP address when it doesn't work via curl? I'm not sure how to view NAT tables for VMs on the host but that might be another place to start looking as well and post results.
– Andy Shinn
Sep 28 '14 at 17:31
Wireshark is showing the initial connection failing, it tries two TCP Reconnects and those fail as well. Networking was what led me to try it in the browser once, which is how I found that that somehow could prime the connection. What I just figured out (and will edit in above) is that cancelling the first cUrl or PoSH command and immediately re-executing somehow works. Running two in a row (and letting the first naturally timeout) leads to the 2nd one timing out also.
– Tarwn
Sep 28 '14 at 17:48
Have you tried --sslv3 alone without -4?
– Brian Adkins
Sep 28 '14 at 16:18
Have you tried --sslv3 alone without -4?
– Brian Adkins
Sep 28 '14 at 16:18
I tried various combinations of -3 and -4 as well as -2 (sslv2) and -1 (tls 1.x). The -4 was to see if I was having DNS resolution isues and crossing over to ipv6 despite the IP in curls output, jiggling the ssl/tls versions was to see if I am somehow getting blocked by something analyzing traffic.
– Tarwn
Sep 28 '14 at 17:20
I tried various combinations of -3 and -4 as well as -2 (sslv2) and -1 (tls 1.x). The -4 was to see if I was having DNS resolution isues and crossing over to ipv6 despite the IP in curls output, jiggling the ssl/tls versions was to see if I am somehow getting blocked by something analyzing traffic.
– Tarwn
Sep 28 '14 at 17:20
Based on your troubleshooting so far, it smells like a networking issue (maybe stale NAT or something between to do with the VM routing through the host). Are you able to traceroute at least past your network to the Atlassian IP address when it doesn't work via curl? I'm not sure how to view NAT tables for VMs on the host but that might be another place to start looking as well and post results.
– Andy Shinn
Sep 28 '14 at 17:31
Based on your troubleshooting so far, it smells like a networking issue (maybe stale NAT or something between to do with the VM routing through the host). Are you able to traceroute at least past your network to the Atlassian IP address when it doesn't work via curl? I'm not sure how to view NAT tables for VMs on the host but that might be another place to start looking as well and post results.
– Andy Shinn
Sep 28 '14 at 17:31
Wireshark is showing the initial connection failing, it tries two TCP Reconnects and those fail as well. Networking was what led me to try it in the browser once, which is how I found that that somehow could prime the connection. What I just figured out (and will edit in above) is that cancelling the first cUrl or PoSH command and immediately re-executing somehow works. Running two in a row (and letting the first naturally timeout) leads to the 2nd one timing out also.
– Tarwn
Sep 28 '14 at 17:48
Wireshark is showing the initial connection failing, it tries two TCP Reconnects and those fail as well. Networking was what led me to try it in the browser once, which is how I found that that somehow could prime the connection. What I just figured out (and will edit in above) is that cancelling the first cUrl or PoSH command and immediately re-executing somehow works. Running two in a row (and letting the first naturally timeout) leads to the 2nd one timing out also.
– Tarwn
Sep 28 '14 at 17:48
add a comment |
2 Answers
2
active
oldest
votes
My temporary "solution" is to use a short timeout on the initial calls and immediately retry if they fail. The timeout is short enough that on this server it fails and then retries again fast enough to start communicating successfully (just like when I ran it manually, cancelled it, then ran again).
So far it looks like having one timeout and retry is good enough to keep the connection working for the rest of the automation script to run problem-free.
This is a workaround, I'm still looking for the root cause and a better answer.
add a comment |
For very similar symptoms (curl verbose output when failing versus passing) but for intermittent failures with just curl from the CL we appear to have found that this additional option to curl effectively resolves this problem:
--connect-timeout 30
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f631896%2fcurl-for-an-https-address-domain-times-out-unless-previously-accessed-from-brows%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
My temporary "solution" is to use a short timeout on the initial calls and immediately retry if they fail. The timeout is short enough that on this server it fails and then retries again fast enough to start communicating successfully (just like when I ran it manually, cancelled it, then ran again).
So far it looks like having one timeout and retry is good enough to keep the connection working for the rest of the automation script to run problem-free.
This is a workaround, I'm still looking for the root cause and a better answer.
add a comment |
My temporary "solution" is to use a short timeout on the initial calls and immediately retry if they fail. The timeout is short enough that on this server it fails and then retries again fast enough to start communicating successfully (just like when I ran it manually, cancelled it, then ran again).
So far it looks like having one timeout and retry is good enough to keep the connection working for the rest of the automation script to run problem-free.
This is a workaround, I'm still looking for the root cause and a better answer.
add a comment |
My temporary "solution" is to use a short timeout on the initial calls and immediately retry if they fail. The timeout is short enough that on this server it fails and then retries again fast enough to start communicating successfully (just like when I ran it manually, cancelled it, then ran again).
So far it looks like having one timeout and retry is good enough to keep the connection working for the rest of the automation script to run problem-free.
This is a workaround, I'm still looking for the root cause and a better answer.
My temporary "solution" is to use a short timeout on the initial calls and immediately retry if they fail. The timeout is short enough that on this server it fails and then retries again fast enough to start communicating successfully (just like when I ran it manually, cancelled it, then ran again).
So far it looks like having one timeout and retry is good enough to keep the connection working for the rest of the automation script to run problem-free.
This is a workaround, I'm still looking for the root cause and a better answer.
answered Sep 29 '14 at 13:42
TarwnTarwn
1264
1264
add a comment |
add a comment |
For very similar symptoms (curl verbose output when failing versus passing) but for intermittent failures with just curl from the CL we appear to have found that this additional option to curl effectively resolves this problem:
--connect-timeout 30
add a comment |
For very similar symptoms (curl verbose output when failing versus passing) but for intermittent failures with just curl from the CL we appear to have found that this additional option to curl effectively resolves this problem:
--connect-timeout 30
add a comment |
For very similar symptoms (curl verbose output when failing versus passing) but for intermittent failures with just curl from the CL we appear to have found that this additional option to curl effectively resolves this problem:
--connect-timeout 30
For very similar symptoms (curl verbose output when failing versus passing) but for intermittent failures with just curl from the CL we appear to have found that this additional option to curl effectively resolves this problem:
--connect-timeout 30
answered Jun 5 '18 at 12:53
user69072user69072
101
101
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f631896%2fcurl-for-an-https-address-domain-times-out-unless-previously-accessed-from-brows%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you tried --sslv3 alone without -4?
– Brian Adkins
Sep 28 '14 at 16:18
I tried various combinations of -3 and -4 as well as -2 (sslv2) and -1 (tls 1.x). The -4 was to see if I was having DNS resolution isues and crossing over to ipv6 despite the IP in curls output, jiggling the ssl/tls versions was to see if I am somehow getting blocked by something analyzing traffic.
– Tarwn
Sep 28 '14 at 17:20
Based on your troubleshooting so far, it smells like a networking issue (maybe stale NAT or something between to do with the VM routing through the host). Are you able to traceroute at least past your network to the Atlassian IP address when it doesn't work via curl? I'm not sure how to view NAT tables for VMs on the host but that might be another place to start looking as well and post results.
– Andy Shinn
Sep 28 '14 at 17:31
Wireshark is showing the initial connection failing, it tries two TCP Reconnects and those fail as well. Networking was what led me to try it in the browser once, which is how I found that that somehow could prime the connection. What I just figured out (and will edit in above) is that cancelling the first cUrl or PoSH command and immediately re-executing somehow works. Running two in a row (and letting the first naturally timeout) leads to the 2nd one timing out also.
– Tarwn
Sep 28 '14 at 17:48