Solved

Windows 2000 Server (Urgent Problem)

Posted on 2004-08-11
19
141 Views
Last Modified: 2010-04-14
Hi,

I have a serious problem and need to resolve it very quickly.
My server is a Windows 2000 Server Version. It runs IIS to support a few webs running live on it.

3 days ago after a reboot, the server stopped all access to it via the internet. At first I thought either the firewall or anti virus had gone wrong. But I have removed both of these and still it doesnt allow any traffic in.

Additionally, I can not browse any websites, but can ping for example www.google.com and it works fine.

Any help would be great as this is causing huge nightmares.

The server is co located and it is difficult to get access, so next visit I would like a small list of suggestions.

Many thanks
Andy
0
Comment
Question by:andy_booth
  • 5
  • 3
  • 3
  • +5
19 Comments
 
LVL 9

Expert Comment

by:BigC666
ID: 11777942
howdy,

what caused you to reboot?
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11777943
First thing I would do is to stop and restart your IIS service...   Then make sure you security permissions are correct on the shares...
0
 

Expert Comment

by:Sebastian_Strauss
ID: 11778032

So when ping www.google.com the DNS resolve correctly, but when you try to browse the web then you get a DNS error?

You could try this browser just for testing purposes... it's ultra small and doesn't rely on IE. That'll allow you to see
if it's an IE problem. http://www.offbyone.com/

Also, sometimes uninstalling a firewall software (i.e. ZoneAlarm) does not get rid of it. Been a victim of that myself.
Had to completely reinstall a XP workstation because of that.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11778137
I have a question here.... you are describing two different types of problems (client and server)... you say that your IIS server specifically is not accepting traffic, but it also looks like you are not able to browse ANY website (which would indicate a client-side problem... your server might in fact be working correctly).

Does this problem affect multiple PCs on your network, or have you only tried it from a single workstation so far?
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11778183
Another option occurred to me just now, were you trying to browse websites FROM the server, via remote control? If that is the case (and traffic is failing in both directions), it sounds like someone configured a firewall to block web ports to and from your server, most likely port 80 (but possibly more in addition to that). You say you "removed" a firewall already - was this a software firewall program like ZoneAlarm? You would also need to check with the administrators at whatever company is colocating your server, to make sure they have not blocked ports on their network firewall by mistake.
0
 
LVL 1

Expert Comment

by:yahnaman
ID: 11779051
Can you connect to the server from IE on the Server itself?  This will rule out any firewall issues.  Make sure someone didn't change the port that the server is listening on.  Also, check in IIS Admin to see that the site is actually running.  Just because the IIS and WWW services are running, it doesn't rule out that the site is stopped.

Check your event log for any errors.
0
 
LVL 1

Author Comment

by:andy_booth
ID: 11781209
Hi guys,

Thanks for the replies, let me try to answer your questions.....

The server is co located rack mounted in an isp. They give me full rights to their internet. They do no impose a hardware firewall. I had Mcaffee Personal Firewall installed and Mcaffee Anti Virus 8.

Both had port blocking facilities, but both have been removed.
Normally for maintenance, I use terminal services. But this also is being blocked.

Yes, when I ping www.google.com it resolves the ip address, but when I browse to www.google.com it errors.

The server is not a super fast one, occasionally, I give it a reboot to kind of clear the memory. this is a regular event. Only this time, it never came back online. I thought something was wrong with the hardware, so drove 70 miles to where its located, to find all is fine. I rebooted, logged on, the server hardware is all ok.

Nothing at all had been changed before the reboot, so I am a bit confused as to what has actually happend. I can only assume windows has become corrupt, or something along those lines.

Hope that helps, will check in again later, going to find something to calm my nerves :)
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 11781833
It sounds like a DNS issue to me.

Can you type the google ip in IE and see if it resovles the web page?

Also, try putting the IP of the websites your hosting and see if that works.

Check event viewer as well, there may be a clue in there.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11783001
If it were me, I would have patched my laptop into the patch panel (or used a crossover) to see if I could TS into it locally.   Obviously trying to narrow down the problem to the location.   Did (or could) you try that and was it successful?  
0
 
LVL 1

Expert Comment

by:yahnaman
ID: 11786272
But, can you browse your site from the server itself?  What happens if you type in "telnet www.google.com 80".  It should open a blank telnet window.  Anything else, and something is blocked.  This will rule out an IE issue.

Also, check the eventlog.

How is your disk space?
0
 
LVL 1

Author Comment

by:andy_booth
ID: 11793709
Hi Everyone,

The problem was solved, I am not sure exactly how or why this happend, but some ip routing setting had been set, the only way to turn it off was with a registry update, cant remember the exact setting, but something got set to 2.

By plugging a laptop in over a x-over, the server showed it's webs no problem.

Anyone shed any light on this?
I will try to find the setting the engineer used.
0
 
LVL 1

Expert Comment

by:yahnaman
ID: 11794387
Go to the properties for your network connection.  Open the TCP/IP properties.  Click on Advanced, then Options tab.  Check the TCP/IP filtering.  It is possible that one of the firewall software programs set these properties.  Should be Permit all, or just uncheck the box (it is probably already unchecked from the registry change).
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12325584
Looks like the laptop patch at least helped in this troubleshooting problem...  but don't know if it was worth points as an answer...
0
 
LVL 1

Author Comment

by:andy_booth
ID: 12326287
For reference the final solution was this....
I added the following registry key under the TCPIP parameters

HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\
DisableIPSourceRouting

I do not see that anyone here managed to sort this out which is why the points were not awarded.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12327447
Thanks for posting that reg patch, andy...

That specific registry setting:  DisableIPSourceRouting = 2

disables source routing completely.  With the setting at 2, all packets that had been routed in the network were being dropped.   This is what was ocurring on your network and why you could not reach the site.  Your engineer most likely set it to a value of 0, which enabled source routing for your server.  It is not the most secure setting, but within a LAN this is not necessarily needed...  (It is used to stop source routed network attacks..)

FE
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12327469
BTW:  here is a great list of Registry edits that affect TCP packets in W2K, and might help anyone in the future:

http://www.microsoft.com/technet/security/guidance/secmod150.mspx
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12420905
PAQed, with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now