Windows 2000 Server (Urgent Problem)

Hi,

I have a serious problem and need to resolve it very quickly.
My server is a Windows 2000 Server Version. It runs IIS to support a few webs running live on it.

3 days ago after a reboot, the server stopped all access to it via the internet. At first I thought either the firewall or anti virus had gone wrong. But I have removed both of these and still it doesnt allow any traffic in.

Additionally, I can not browse any websites, but can ping for example www.google.com and it works fine.

Any help would be great as this is causing huge nightmares.

The server is co located and it is difficult to get access, so next visit I would like a small list of suggestions.

Many thanks
Andy
LVL 1
andy_boothAsked:
Who is Participating?
 
moduloConnect With a Mentor Commented:
PAQed, with points refunded (500)

modulo
Community Support Moderator
0
 
BigC666Commented:
howdy,

what caused you to reboot?
0
 
Fatal_ExceptionSystems EngineerCommented:
First thing I would do is to stop and restart your IIS service...   Then make sure you security permissions are correct on the shares...
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
Sebastian_StraussCommented:

So when ping www.google.com the DNS resolve correctly, but when you try to browse the web then you get a DNS error?

You could try this browser just for testing purposes... it's ultra small and doesn't rely on IE. That'll allow you to see
if it's an IE problem. http://www.offbyone.com/

Also, sometimes uninstalling a firewall software (i.e. ZoneAlarm) does not get rid of it. Been a victim of that myself.
Had to completely reinstall a XP workstation because of that.
0
 
dlwyatt82Commented:
I have a question here.... you are describing two different types of problems (client and server)... you say that your IIS server specifically is not accepting traffic, but it also looks like you are not able to browse ANY website (which would indicate a client-side problem... your server might in fact be working correctly).

Does this problem affect multiple PCs on your network, or have you only tried it from a single workstation so far?
0
 
dlwyatt82Commented:
Another option occurred to me just now, were you trying to browse websites FROM the server, via remote control? If that is the case (and traffic is failing in both directions), it sounds like someone configured a firewall to block web ports to and from your server, most likely port 80 (but possibly more in addition to that). You say you "removed" a firewall already - was this a software firewall program like ZoneAlarm? You would also need to check with the administrators at whatever company is colocating your server, to make sure they have not blocked ports on their network firewall by mistake.
0
 
yahnamanCommented:
Can you connect to the server from IE on the Server itself?  This will rule out any firewall issues.  Make sure someone didn't change the port that the server is listening on.  Also, check in IIS Admin to see that the site is actually running.  Just because the IIS and WWW services are running, it doesn't rule out that the site is stopped.

Check your event log for any errors.
0
 
andy_boothAuthor Commented:
Hi guys,

Thanks for the replies, let me try to answer your questions.....

The server is co located rack mounted in an isp. They give me full rights to their internet. They do no impose a hardware firewall. I had Mcaffee Personal Firewall installed and Mcaffee Anti Virus 8.

Both had port blocking facilities, but both have been removed.
Normally for maintenance, I use terminal services. But this also is being blocked.

Yes, when I ping www.google.com it resolves the ip address, but when I browse to www.google.com it errors.

The server is not a super fast one, occasionally, I give it a reboot to kind of clear the memory. this is a regular event. Only this time, it never came back online. I thought something was wrong with the hardware, so drove 70 miles to where its located, to find all is fine. I rebooted, logged on, the server hardware is all ok.

Nothing at all had been changed before the reboot, so I am a bit confused as to what has actually happend. I can only assume windows has become corrupt, or something along those lines.

Hope that helps, will check in again later, going to find something to calm my nerves :)
0
 
Rob StoneCommented:
It sounds like a DNS issue to me.

Can you type the google ip in IE and see if it resovles the web page?

Also, try putting the IP of the websites your hosting and see if that works.

Check event viewer as well, there may be a clue in there.
0
 
Fatal_ExceptionSystems EngineerCommented:
If it were me, I would have patched my laptop into the patch panel (or used a crossover) to see if I could TS into it locally.   Obviously trying to narrow down the problem to the location.   Did (or could) you try that and was it successful?  
0
 
yahnamanCommented:
But, can you browse your site from the server itself?  What happens if you type in "telnet www.google.com 80".  It should open a blank telnet window.  Anything else, and something is blocked.  This will rule out an IE issue.

Also, check the eventlog.

How is your disk space?
0
 
andy_boothAuthor Commented:
Hi Everyone,

The problem was solved, I am not sure exactly how or why this happend, but some ip routing setting had been set, the only way to turn it off was with a registry update, cant remember the exact setting, but something got set to 2.

By plugging a laptop in over a x-over, the server showed it's webs no problem.

Anyone shed any light on this?
I will try to find the setting the engineer used.
0
 
yahnamanCommented:
Go to the properties for your network connection.  Open the TCP/IP properties.  Click on Advanced, then Options tab.  Check the TCP/IP filtering.  It is possible that one of the firewall software programs set these properties.  Should be Permit all, or just uncheck the box (it is probably already unchecked from the registry change).
0
 
Fatal_ExceptionSystems EngineerCommented:
Looks like the laptop patch at least helped in this troubleshooting problem...  but don't know if it was worth points as an answer...
0
 
andy_boothAuthor Commented:
For reference the final solution was this....
I added the following registry key under the TCPIP parameters

HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\
DisableIPSourceRouting

I do not see that anyone here managed to sort this out which is why the points were not awarded.
0
 
Fatal_ExceptionSystems EngineerCommented:
Thanks for posting that reg patch, andy...

That specific registry setting:  DisableIPSourceRouting = 2

disables source routing completely.  With the setting at 2, all packets that had been routed in the network were being dropped.   This is what was ocurring on your network and why you could not reach the site.  Your engineer most likely set it to a value of 0, which enabled source routing for your server.  It is not the most secure setting, but within a LAN this is not necessarily needed...  (It is used to stop source routed network attacks..)

FE
0
 
Fatal_ExceptionSystems EngineerCommented:
BTW:  here is a great list of Registry edits that affect TCP packets in W2K, and might help anyone in the future:

http://www.microsoft.com/technet/security/guidance/secmod150.mspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.