cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Not seeing agentless RUM traffic in Dynatrace Managed

shashank_b_agra
Organizer

Hi, I have implemented this new set up where I am trying to enabled agentless real user monitoring for my application. This is my set up - https://www.dynatrace.com/support/help/shortlink/managed-deployment-scenarios#scenario-3-integration...

where I have a public load balancer with VIP listening on port 443 which forwards the data to gateway servers on port 9999.

We have injected the js snipped in our application and when i tried to test this in Dev environment the load balancer is seeing the traffic but it does not receive any response back from gateway servers. The response code is coming as 0.

 

I've done some troubleshooting and talked to support and looks like the traffic between Load Balancer and the Active gateway servers is not encrypted.

I was looking into this but not sure the way forward - https://www.dynatrace.com/support/help/shortlink/activegate-configuration-ssl

 

I am using Dynatrace managed so do i need to ask Dynatrace to generate a certificate for me for the Cluster active gates so that the traffic flow is encrypted?

 

I've just followed the installation instructions of Active gateway and in the CMC console I can see there is already a certificate present issued by Dynatrace. What is that exactly? It looks like a default one and self signed? Attached is the screenshot.

 

Let me know if anyone has any advice.

3 REPLIES 3

Julius_Loman
Leader

Cluster ActiveGates have a self-signed certificate by default, unless you instructed Dynatrace to configure the SSL for you. I believe you did not that because it requires a public IP address a port forwarded to the cluster activegate directly.

You have at least two options:

  • Instruct your load balancer to accept the Cluster ActiveGate selfsigned cert (import it into the truststore on the balancer)
  • Obtain a certificate for the Cluster ActiveGates and set it up in the CMC. The Load Balancer must trust the certificates, thus you have to check if the cert for the certificate authority is imported on the balancer

You can also setup non-SSL port for the cluster activegate (not recommended).

 

TEMPEST a.s., Slovakia, Dynatrace Master Partner

Hi @Julius_Loman It was my bad. I didn't import the certs and that is why it was complaining about.

i have imported them and now it's working perfectly fine. 

I have encountered another obstacle not sure if you can help.

 

So like I said we have this structure Managed Deployment where we have 2 Active gates and a load balancer configured to receive external traffic. We also have a WAF layer which intercepts the traffic.

Now what is happening is the WAF has a rule which says block requests of content type text/plain and it seems the Dynatrace beacons are of content type text/plain. As per Dynatrace they say -

 

"If WAF is complaining about the content type then nothing could be done from dynatrace side

Our beacons are having content type

 Content-Type: text/plain; charset=utf-8"

 

So I am not sure what can we do here? Do we need to change the WAF policy and allow this content type or is there anything we can allow specific to these Dynatrace beacons?

Let me know if you have any thoughts on this.

 

Best Regards,

Shashank

You need to configure your WAF policy to pass requests of such Content-Type. The payload is really a Content-Type: text/plain; charset=utf-8

TEMPEST a.s., Slovakia, Dynatrace Master Partner