?
Solved

Strange networking/firewall problem.

Posted on 2008-10-14
5
Medium Priority
?
286 Views
Last Modified: 2012-05-05
I've got a Windows 2003 Web Server at a co-location farm with several web sites using IIS 6.  A strange thing has been happening lately.  Any PHP web page that uses MySQL gets this error:
Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10055)
But MySQL isn't the problem.  SQL Server 2005 is also on the system.  Those sites (also using classic ASP) are working.  
I think this is a networking issue that I just cannot begin to know where it is coming from.
At the moment I can Remote Desktop into the system.  However, last time I rebooted it, any remote port port  except port 80 stopped responding remotely and I had to physically go to the co-lo location and reboot.  When I did that, everything worked again just fine.  At the moment I cannot SSH into the system (I have Open SSH installed).  
When I remote desktop into it, most networking things are blocked.  For instance, I pull up Internet Explorer or Firefox and cannot go to any web site.  I just get "Page cannot be displayed".  However, I can ping any site on the internet just fine.  

The system is behind a NAT firewall/router that I've assigned a static IP and pass through certain ports like 80 for web, 9522 for SSH, 9898 for Remote Desktop, etc.  I've always been able to surf the web from that machine except for some reason I never tried to figure out - I couldn't go to any https sites (port 443).
In a browser I cannot even get to the router admin http://192.168.5.254 like I've always been able to.

Here is why I doubt it is the router though.  MySQL is on the local machine.  I should be able to go into MySQL administrator or just use a web site that connects to it.  But no luck.  Nothing can connect even locally.  So it shouldn't be going through the router.  Even when I do http:/127.0.0.1 in a browser I've always got the main web site to appear.  But not now.  I can however ping 127.0.0.1

I don't have any IPSEC firewall settings in Win 2003.  

I've looked in the Event Log.  Nothing jumps out at me.  I get some MySQL errors and SSH server errors that probably begin once the networking starts messing up.
I have an Administrator login that happened at 4:30am that wouldn't be me or anyone I know.  But maybe an automatic process (or malicious?).  
I don't have any Antivirus, Norton Security, or anything like that.  I ran Lavasoft Adaware and it found nothing.
This is a bit like the Windows firewall is turned on, even though it isn't turned on.

0
Comment
Question by:Thread7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:aamodt
ID: 22714464
Can't connect to MySQL server on 'localhost' (10055)

Insted of useing PHP to connect to localhost, have you tryed connecting to the 'local' or 'public' IP address?

You might have blocked useage of the localhost alias in your firewall. Don't know whitch firewall you are useing but, proberlly some problem like that.

If it's not the MYSQL service.. it must be the firewall or the routing on your router. If you have configured your IIS or MYSQL server resently it can also make a problem for you.

The Admin login, was is succsesfull with password and sutch? sounds wierd. Maybe your box got hacked? ^^ Try to change the administration password :)

Good Luck!
0
 
LVL 1

Author Comment

by:Thread7
ID: 22715929
I can't connect to the firewall adminstration to even open up a public port for MySQL.  But SSH which was working before is no longer working.  Remember several of these problems are  just connecting from one localhost service to another localhost service.  So that is why it is so strange.
0
 
LVL 1

Author Comment

by:Thread7
ID: 22715994
I tried starting the IIS FTP service which I normally leave shut down.  I got an error that said not enough storage space available.  The thing is, in Windows Explorer it shows that I have 142 GB of free space left!.

So I am wondering if I did get hacked and someone is serving up bootleg movies/music from my box.
0
 
LVL 7

Accepted Solution

by:
aamodt earned 2000 total points
ID: 22716344
Yeah sounds abit wierd.. try search for .avi .mp3 files on your hard drive.
0
 
LVL 1

Author Comment

by:Thread7
ID: 22717568
Well I started shutting down services 1 by 1.  And all of a sudden everything started working again.  The services I shut down before I checked to see if it was working were:
1. Acronis Schedule Service (This is a program I use to create ghost copies of the hard disk)
2. Acronis VSS Provider
3. Application Management (I think)
4. Background Intelligent Transfer Service (There have been several event log entries about this service that look fishy)  One about it chaging from "demand start" to "auto start".  Then an Error once that said it was unable to start.
5. Cobian 8 Backup Service.  A backup program I have.
6. DHCP Client.  (I have a static IP so I don't need this to run).  Since my problems were networking related, maybe it is this?

The thing is, if I make these services run again.  Everything on the server just works fine.  Hmmm.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question