Solved

Troubleshooting network/app connection failure

Posted on 2010-08-31
10
301 Views
Last Modified: 2012-08-13
Hi

We have a Windows 2003 Server running an application. The server is at 192.168.1.1 and is named server1.domain.com

The app running on the server needs to speak with another host (server2.domain.com) at 192.168.1.2, however whenever I try to open the app I get the following error: "cannot reach server2.domain.com"

So I ran Wireshark on Server1, filtered for 192.168.1.2, and can see the following:

1. Server1 > Server2 SYN
2. Server2 > Server1 SYN-ACK
3. Server1 > Server2 ACK

4. Server1 > Server2 > PSH-ACK

5. Server2 > Server1 > FIN, ACK
6. Server1 > Server2 > ACK
7. Server 1> Server2 > FIN, ACK
8. Server2 > Server1 > ACK

How can I find out what and who is causing the connection collapse?
0
Comment
Question by:neil4933
  • 5
  • 4
10 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 33569489
Hi,

The basic test of pinging from Server1 to Server2 are, and from server2 to server1 is ?
 From your wireshark output, everything seems ok. Please paste a long ping result between the two servers.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 33569495
Also check the windows firewall on both machines, if they are turned ON. Also the external firewall application or firewall device should be checked.
0
 

Author Comment

by:neil4933
ID: 33570020
Hi

Thanks for answering.

I did run a long PING earlier - no packets were dropped. Also, no FW's configured on either the servers or in between.

Based on the output of the Wireshark, which server is the one that is terminating the connection, Server1 or Server2?
0
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 250 total points
ID: 33570531
The sequence suggests;

1- Server1 sends a SYN packet to server2
2- Server2 sends back the ACK (Acknowledgment) of SYN
3- Server1 send ACK of the SYN-ACK

After this the connection is established and actual data transfer has started.

4- PSH - Push function, causes the Server1 to push all unsent data to the server2 rather than sends segments when it gets around to them i.e. when the buffer is full.
5- FIN - End of data transfer initiated by the server2 with ACK on 6,7,8

The below link can be helpful for you to understand. I suspect a firewall or application level error. The Network is smooth once the ping is stable.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 33570533
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:neil4933
ID: 33570601
Thanks...

Regarding this;

5. Server2 > Server1 > FIN, ACK
6. Server1 > Server2 > ACK
7. Server 1> Server2 > FIN, ACK
8. Server2 > Server1 > ACK


I always though that there would be a FIN (from the server initiating the termination), following by a FIN,ACK, then ACK.

Not straight to FIN,ACK and then ACK?

[hope that makes sense]
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 33572520
Can you share the portion of code on application at server1, which the application calls to connect to the server2?
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 250 total points
ID: 33582691
>I always though that there would be a FIN (from the server initiating the termination), following by a FIN,ACK, then ACK.

Nope, there can be a three way termination and this is the most common method.
What you should have seen is that when host A sends a FIN, host B replies back with a FIN & ACK (merely combines 2 steps into one) and then host A replies with an ACK.

As long as you are connecting via a 3 way handshake and the fact that the session is terminating with FIN and ACKs indicates that the port is open, listening and is able to accept and process connections. So it does not appear to be a firewall issue.

What protocol are you using for the communication (RDP, web application, etc)
What is in the path between the servers.
Are you able to post the contents of the packet capture, there is so much we can do with a picture of what is going on.

Billy
0
 

Author Comment

by:neil4933
ID: 33598409
Please see attached.

There is nothing in the path between the servers, just routers.

I think one of the servers is terminating the connection but not sure which one?
FIN.doc
0
 

Author Comment

by:neil4933
ID: 33622598
Any word guys?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 113
unknown svchost service useing lot of network resources 12 54
network error 8 33
Valid LIN protocol Protected ID values 1 18
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now