Solved

IIS 7.5 and networking blues - who's up for a challenge?

Posted on 2011-03-24
8
798 Views
Last Modified: 2012-05-11
The problem is I have a website that some pc’s can access and other can’t, and they are in the same subnet 192.168.16.0\22 and in the same Windows domain.

If you need additional info or have questions let me know.

We have 25 other domains and sites on the server, and all pc’s can access those sites.
This particular site is a Dot Net Nuke site.
We have stopped and started the site and the app pools.
We have rebuilt the site from scratch and used a different ip address.
We have checked the nic for errors.
We have cleared the arp table on the server.
We have restarted the server.
We have swapped out ports on the switch.
We have swapped out drop cables on the switch.

The server is Windows 2008 64bit Standard – IIS 7.5
PC’s are a mix of Windows XP Pro SP3 and Win7 Pro.

I can ping the site from all pc’s by name (first label only), so DNS is working, and by ip address.
From the pc’s that work I can access the site by name and by ip address.
From the pc’s that don’t work I can’t access by name or by ip address.
From the pc’s that work, I can connect via telnet.
From the pc’s that don’t work, I can’t connect via telnet.

Wireshark output.
From the pc it works on I see the tcp 3 way handshake complete.
From the pc it don’t work on, I see just a syn packet being sent, I don’t see anything else, no ack .

Fiddler2 output.
From the pc it works on I see a 200.
From the pc it don’t work on I see a 504.

WFetch output.

From pc that don’t work.
started....WWWConnect::Close("192.168.19.249","80")\nclosed source port: 2823\r\n
WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 2878\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
\r\n
RESPONSE: **************\n0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receive0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receivefinished.

From pc that does work.
started....WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 5135\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 302 Found\r\n
Content-Type: text/html; charset=utf-8\r\n
Location: http://dnntest.domain.org/\r\n
Server: Microsoft-IIS/7.5\r\n
X-Powered-By: ASP.NET\r\n
Date: Thu, 24 Mar 2011 14:45:56 GMT\r\n
Content-Length: 1557\r\n
\r\n
\r\n

0
Comment
Question by:mobot
  • 5
  • 3
8 Comments
 

Author Comment

by:mobot
ID: 35210622
Note: We can always browse the site from within IIS Manager, and we can always browse the site from the IIS server itself.
0
 
LVL 76

Expert Comment

by:arnold
ID: 35214210
What are the IPs of the workstations that can not access the site?
Are their IP fall within a particular range.
Does a non working system starts working if you change the IP to another IP of a known working system?

syn_sent means that the firewall on the IIS server might be preventing the establishment of the connection. Check the advanced firewall rules on the server to see if there is a limit on the port 80 connections to the server.
0
 

Author Comment

by:mobot
ID: 35215758
Address range 192.168.16.0/22, it's hit and miss some always access the site, and some don't.

>>Does a non working system starts working if you change the IP to another IP of a known working system?

Yes it does.

We have the firewall turned off.
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 35216039
You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

Based on your netmask you have the LAN as 192.168.16.0-192.168.19.255

What is the IP/netmask on the systems that are having problems?
How are IP's allocated?

Check the IIS log to see what IPs it sees requests from and which entries do not have normal responses.

Changing source IP changes behavior, are those who are having problems span the IP range or can they be localized to a subset of IPs?  Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:mobot
ID: 35217825
I'm aware of the address range based on the netmask.
All of the ip addresses have the subnet mask 255.255.252.0.
The ip's are allocated via dhcp.

>>You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

I've looked for a pattern, and I don't find one, that's what makes this problem so frustrating. 172.16.17.181 don't work, and 172.16.17.183 works everytime.  These are laptops, and I've swapped out the drop cables between them, and no joy.

The IIS logs don't have an entry for the problem pc's because they never make the connection to the server.  I'm using Log Parser to comb through the logs.

All of the dhcp addresses are allocated from a subset of the ip's, for example 192.168.17.225 - 192.168.17.199, 192.168.18.225 - 192.168.18.199.

>>Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

Are you referring to the IP Address and Domains Restrictions? There are none.
Or the Authorization Rules? There are none of those either.
Anonymous Authentication is enabled.
0
 
LVL 76

Expert Comment

by:arnold
ID: 35219770
Where did these 172.16.17.181 IPs come from? You referenced 192.168.16.0/22?

If these are cross router segments, you would need to check the rules that deal with the cross segment communication.
0
 

Author Comment

by:mobot
ID: 35220773
My bad, we have three locations, and we use 192.168 for one, 172.16, and 10.16 for the other two.  192.168 is the one I need to focus on, it has the greatest number of users. I had a couple of calls from folks on the 172.16 subnet adding to the clamor when I was writing the reply and got distracted. It will be Monday before I pick back up on this.  
0
 

Author Closing Comment

by:mobot
ID: 35245001
Thanks for the feedback.  Turns out a router was added that we hadn't been informed of that needed additional configuration.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now