Can't access IIS App from local mahines on the newtwork, anywhere else OK

Posted on 2005-04-28
Last Modified: 2007-12-19
I have experienced a variation on this problem several times now..either an app that I have configured will not serve out on the machine that is serving it (though is it accessible from the outside world) or a site being hosted on a machine that is a part of our network (using a seperate IP, though still technically a part of our local network) will serve out to all outsiders, but not users on the network with the macihne.

In this particular case, I am running IIS 5 on a win2k machine that is not configured for DNS, DHCP, or Domain Control services...The server hosts a site that resolves outwardly using host headers (the  dns record matches the host headers configured in IIS) and the site is capable of being viewed by 99% of the world. The issue is that all of the machines on our network (though on a differnt IP on that network) cannot access the site.

To be clear, the local server can browse the site, any outsider can browse the site, but all other users (on a segment of the network that uses a different IP from the web server, lIS is on .75 while networked users on .74 wan-side) are unable to view the site.

I have tried to ping and tracert the domain name on machines from the network that are unable to view the site, and all return the correct dns translation of the IP address as well as packets responding from the router that the server is connected to. The trace results in the same trace as that of the local web server (that can traverse the site content), but when one tries to browse the site, the request times out.

To date, my logic is as follows...firewalling being done by our local routers could be responsible, but this does not explain why outside traffic can get to the site. Also, the request to view the site is a vanilla http request packet being sent out using a host header the path should be able to go out to the outside world and then back...but instead, it attempts to connect directly to the address of the web sever (I know this because tracert-ing the name results in one hop from both sources invloved - the local web server, that does serve the content and the local network machines that do not). So, at this point, I think that the packets are getting stuck at some point locally.

The topography involved is:
               |                                                     |
Router for Web Server & SQL        Router for LAN Workgroup
    |                      |                            |                |
IIS Server       SQL Server             App Server       / \
                                                                    Workstations   (10 or so)

The request from either the App Server or any of the Workstations results in a timeout, while the SQL & IIS machines both get to the site on the IIS machine.

If anyone has any clue as to why this could be happening, please help out with some suggestions...

Question by:cantedview
    LVL 9

    Expert Comment

    Hi cantedview,

     proxy and firewalls could be blocking submasks if on different networks.

    LVL 8

    Accepted Solution

    Can the workstations browse the Web in general?

    When you say 'all return the correct dns translation of the IP address' is this correct address a public address that the rest of the world also resolves the DNS name as?

    If you enter the web servers DNS name in a workstation's HOSTS file using the private IP address of the IIS server can the client access the web server now.

    Does the 'Router for LAN Workgroup have a specific Static route to the subnet which the IIS Server is a member with the gateway IP address set to the 'Router for Web Server's IP address?

    LVL 8

    Expert Comment

    The Web server router will also need a route to the Workstations subnet via the LAN workgroup router
    LVL 2

    Author Comment


    The issue is the routing path of the two routers in place...and the solution seems to be to establish a static routing path that is the same for both segments of the network. The problem is that for the routers that we have in place, this can't be done, so I can't test it. We are looking into replacing the equipment in order to achieve this.

    Since anthonywjones66 recommended that we examine static routing, I am awarding him the points despite not having arrived at a fix yet. In the mean time, I am going to bridge the two segements with a seperate switch so that the web server can be accessed directly (using HOST file)..again, a reccomendation of anthonywjones66.

    Thank you both for your time...EE is a great resource.
    LVL 33

    Expert Comment


    Thank you for taking the time to come back and finalize this question.  Good luck in getting this resolved for good.

    EE Cleanup Volunteer

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    Title # Comments Views Activity
    Renew SSL for Anywhere Access 21 50
    IIS 8.5 3 26
    State Session High Availibility 2 34
    IIs block files web.config 6 45
    What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
    Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now