Bug ID 885201: BIG-IP DNS (GTM) monitoring: 'CSSLSocket:: Unable to get the session"'messages appearing in gtm log

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 16.0.0,, 16.0.1,,

Fixed In:
16.1.0, 15.1.3,

Opened: Feb 26, 2020

Severity: 3-Major


Err (error) level messages in /var/log/gtm log when DNS (GTM) SSL monitors such as https are used and are unable to connect to the monitored target IP address: err big3d[4658]: 01330014:3: CSSLSocket:: Unable to get the session. These messages do not indicate the IP address or port of the target that failed to connect, and this ambiguity may cause concern.


The system reports unnecessary messages; the fact that the monitor failed is already detailed by the pool/virtual status change message, and the target changing to a red/down status. These messages can be safely ignored.


-- SSL-based DNS (GTM) monitor assigned to a target, for example https -- TCP fails to connect due to a layer 2-4 issue, for example: - No route to host. - Received a TCP RST. - TCP handshake timeout.


If you want to suppress these messages, you can configure a syslog filter. For more information, see K16932: Configuring the BIG-IP system to suppress sending SSL access and request messages to remote syslog servers :: https://support.f5.com/csp/article/K16932.

Fix Information

Added debug messages for SSL probing with a new DB variable Log.Big3dprobeplus.level

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips