IIS 7.5 and networking blues - who's up for a challenge?
The problem is I have a website that some pc’s can access and other can’t, and they are in the same subnet 192.168.16.0\22 and in the same Windows domain.
If you need additional info or have questions let me know.
We have 25 other domains and sites on the server, and all pc’s can access those sites.
This particular site is a Dot Net Nuke site.
We have stopped and started the site and the app pools.
We have rebuilt the site from scratch and used a different ip address.
We have checked the nic for errors.
We have cleared the arp table on the server.
We have restarted the server.
We have swapped out ports on the switch.
We have swapped out drop cables on the switch.
The server is Windows 2008 64bit Standard – IIS 7.5
PC’s are a mix of Windows XP Pro SP3 and Win7 Pro.
I can ping the site from all pc’s by name (first label only), so DNS is working, and by ip address.
From the pc’s that work I can access the site by name and by ip address.
From the pc’s that don’t work I can’t access by name or by ip address.
From the pc’s that work, I can connect via telnet.
From the pc’s that don’t work, I can’t connect via telnet.
Wireshark output.
From the pc it works on I see the tcp 3 way handshake complete.
From the pc it don’t work on, I see just a syn packet being sent, I don’t see anything else, no ack .
Fiddler2 output.
From the pc it works on I see a 200.
From the pc it don’t work on I see a 504.
WFetch output.
From pc that don’t work.
started....WWWConnect::Clo
WWWConnect::Connect("192.1
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
\r\n
RESPONSE: **************\n0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receive0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receivefinished.
From pc that does work.
started....WWWConnect::Con
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 302 Found\r\n
Content-Type: text/html; charset=utf-8\r\n
Location: http://dnntest.domain.org/\r\n
Server: Microsoft-IIS/7.5\r\n
X-Powered-By: ASP.NET\r\n
Date: Thu, 24 Mar 2011 14:45:56 GMT\r\n
Content-Length: 1557\r\n
\r\n
\r\n
If you need additional info or have questions let me know.
We have 25 other domains and sites on the server, and all pc’s can access those sites.
This particular site is a Dot Net Nuke site.
We have stopped and started the site and the app pools.
We have rebuilt the site from scratch and used a different ip address.
We have checked the nic for errors.
We have cleared the arp table on the server.
We have restarted the server.
We have swapped out ports on the switch.
We have swapped out drop cables on the switch.
The server is Windows 2008 64bit Standard – IIS 7.5
PC’s are a mix of Windows XP Pro SP3 and Win7 Pro.
I can ping the site from all pc’s by name (first label only), so DNS is working, and by ip address.
From the pc’s that work I can access the site by name and by ip address.
From the pc’s that don’t work I can’t access by name or by ip address.
From the pc’s that work, I can connect via telnet.
From the pc’s that don’t work, I can’t connect via telnet.
Wireshark output.
From the pc it works on I see the tcp 3 way handshake complete.
From the pc it don’t work on, I see just a syn packet being sent, I don’t see anything else, no ack .
Fiddler2 output.
From the pc it works on I see a 200.
From the pc it don’t work on I see a 504.
WFetch output.
From pc that don’t work.
started....WWWConnect::Clo
WWWConnect::Connect("192.1
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
\r\n
RESPONSE: **************\n0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receive0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receivefinished.
From pc that does work.
started....WWWConnect::Con
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 302 Found\r\n
Content-Type: text/html; charset=utf-8\r\n
Location: http://dnntest.domain.org/\r\n
Server: Microsoft-IIS/7.5\r\n
X-Powered-By: ASP.NET\r\n
Date: Thu, 24 Mar 2011 14:45:56 GMT\r\n
Content-Length: 1557\r\n
\r\n
\r\n
What are the IPs of the workstations that can not access the site?
Are their IP fall within a particular range.
Does a non working system starts working if you change the IP to another IP of a known working system?
syn_sent means that the firewall on the IIS server might be preventing the establishment of the connection. Check the advanced firewall rules on the server to see if there is a limit on the port 80 connections to the server.
Are their IP fall within a particular range.
Does a non working system starts working if you change the IP to another IP of a known working system?
syn_sent means that the firewall on the IIS server might be preventing the establishment of the connection. Check the advanced firewall rules on the server to see if there is a limit on the port 80 connections to the server.
ASKER
Address range 192.168.16.0/22, it's hit and miss some always access the site, and some don't.
>>Does a non working system starts working if you change the IP to another IP of a known working system?
Yes it does.
We have the firewall turned off.
>>Does a non working system starts working if you change the IP to another IP of a known working system?
Yes it does.
We have the firewall turned off.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm aware of the address range based on the netmask.
All of the ip addresses have the subnet mask 255.255.252.0.
The ip's are allocated via dhcp.
>>You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,
I've looked for a pattern, and I don't find one, that's what makes this problem so frustrating. 172.16.17.181 don't work, and 172.16.17.183 works everytime. These are laptops, and I've swapped out the drop cables between them, and no joy.
The IIS logs don't have an entry for the problem pc's because they never make the connection to the server. I'm using Log Parser to comb through the logs.
All of the dhcp addresses are allocated from a subset of the ip's, for example 192.168.17.225 - 192.168.17.199, 192.168.18.225 - 192.168.18.199.
>>Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.
Are you referring to the IP Address and Domains Restrictions? There are none.
Or the Authorization Rules? There are none of those either.
Anonymous Authentication is enabled.
All of the ip addresses have the subnet mask 255.255.252.0.
The ip's are allocated via dhcp.
>>You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,
I've looked for a pattern, and I don't find one, that's what makes this problem so frustrating. 172.16.17.181 don't work, and 172.16.17.183 works everytime. These are laptops, and I've swapped out the drop cables between them, and no joy.
The IIS logs don't have an entry for the problem pc's because they never make the connection to the server. I'm using Log Parser to comb through the logs.
All of the dhcp addresses are allocated from a subset of the ip's, for example 192.168.17.225 - 192.168.17.199, 192.168.18.225 - 192.168.18.199.
>>Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.
Are you referring to the IP Address and Domains Restrictions? There are none.
Or the Authorization Rules? There are none of those either.
Anonymous Authentication is enabled.
Where did these 172.16.17.181 IPs come from? You referenced 192.168.16.0/22?
If these are cross router segments, you would need to check the rules that deal with the cross segment communication.
If these are cross router segments, you would need to check the rules that deal with the cross segment communication.
ASKER
My bad, we have three locations, and we use 192.168 for one, 172.16, and 10.16 for the other two. 192.168 is the one I need to focus on, it has the greatest number of users. I had a couple of calls from folks on the 172.16 subnet adding to the clamor when I was writing the reply and got distracted. It will be Monday before I pick back up on this.
ASKER
Thanks for the feedback. Turns out a router was added that we hadn't been informed of that needed additional configuration.
ASKER