Solved

IIS 7.5 and networking blues - who's up for a challenge?

Posted on 2011-03-24
8
802 Views
Last Modified: 2012-05-11
The problem is I have a website that some pc’s can access and other can’t, and they are in the same subnet 192.168.16.0\22 and in the same Windows domain.

If you need additional info or have questions let me know.

We have 25 other domains and sites on the server, and all pc’s can access those sites.
This particular site is a Dot Net Nuke site.
We have stopped and started the site and the app pools.
We have rebuilt the site from scratch and used a different ip address.
We have checked the nic for errors.
We have cleared the arp table on the server.
We have restarted the server.
We have swapped out ports on the switch.
We have swapped out drop cables on the switch.

The server is Windows 2008 64bit Standard – IIS 7.5
PC’s are a mix of Windows XP Pro SP3 and Win7 Pro.

I can ping the site from all pc’s by name (first label only), so DNS is working, and by ip address.
From the pc’s that work I can access the site by name and by ip address.
From the pc’s that don’t work I can’t access by name or by ip address.
From the pc’s that work, I can connect via telnet.
From the pc’s that don’t work, I can’t connect via telnet.

Wireshark output.
From the pc it works on I see the tcp 3 way handshake complete.
From the pc it don’t work on, I see just a syn packet being sent, I don’t see anything else, no ack .

Fiddler2 output.
From the pc it works on I see a 200.
From the pc it don’t work on I see a 504.

WFetch output.

From pc that don’t work.
started....WWWConnect::Close("192.168.19.249","80")\nclosed source port: 2823\r\n
WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 2878\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
\r\n
RESPONSE: **************\n0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receive0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receivefinished.

From pc that does work.
started....WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 5135\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 302 Found\r\n
Content-Type: text/html; charset=utf-8\r\n
Location: http://dnntest.domain.org/\r\n
Server: Microsoft-IIS/7.5\r\n
X-Powered-By: ASP.NET\r\n
Date: Thu, 24 Mar 2011 14:45:56 GMT\r\n
Content-Length: 1557\r\n
\r\n
\r\n

0
Comment
Question by:mobot
  • 5
  • 3
8 Comments
 

Author Comment

by:mobot
ID: 35210622
Note: We can always browse the site from within IIS Manager, and we can always browse the site from the IIS server itself.
0
 
LVL 77

Expert Comment

by:arnold
ID: 35214210
What are the IPs of the workstations that can not access the site?
Are their IP fall within a particular range.
Does a non working system starts working if you change the IP to another IP of a known working system?

syn_sent means that the firewall on the IIS server might be preventing the establishment of the connection. Check the advanced firewall rules on the server to see if there is a limit on the port 80 connections to the server.
0
 

Author Comment

by:mobot
ID: 35215758
Address range 192.168.16.0/22, it's hit and miss some always access the site, and some don't.

>>Does a non working system starts working if you change the IP to another IP of a known working system?

Yes it does.

We have the firewall turned off.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 35216039
You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

Based on your netmask you have the LAN as 192.168.16.0-192.168.19.255

What is the IP/netmask on the systems that are having problems?
How are IP's allocated?

Check the IIS log to see what IPs it sees requests from and which entries do not have normal responses.

Changing source IP changes behavior, are those who are having problems span the IP range or can they be localized to a subset of IPs?  Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

0
 

Author Comment

by:mobot
ID: 35217825
I'm aware of the address range based on the netmask.
All of the ip addresses have the subnet mask 255.255.252.0.
The ip's are allocated via dhcp.

>>You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

I've looked for a pattern, and I don't find one, that's what makes this problem so frustrating. 172.16.17.181 don't work, and 172.16.17.183 works everytime.  These are laptops, and I've swapped out the drop cables between them, and no joy.

The IIS logs don't have an entry for the problem pc's because they never make the connection to the server.  I'm using Log Parser to comb through the logs.

All of the dhcp addresses are allocated from a subset of the ip's, for example 192.168.17.225 - 192.168.17.199, 192.168.18.225 - 192.168.18.199.

>>Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

Are you referring to the IP Address and Domains Restrictions? There are none.
Or the Authorization Rules? There are none of those either.
Anonymous Authentication is enabled.
0
 
LVL 77

Expert Comment

by:arnold
ID: 35219770
Where did these 172.16.17.181 IPs come from? You referenced 192.168.16.0/22?

If these are cross router segments, you would need to check the rules that deal with the cross segment communication.
0
 

Author Comment

by:mobot
ID: 35220773
My bad, we have three locations, and we use 192.168 for one, 172.16, and 10.16 for the other two.  192.168 is the one I need to focus on, it has the greatest number of users. I had a couple of calls from folks on the 172.16 subnet adding to the clamor when I was writing the reply and got distracted. It will be Monday before I pick back up on this.  
0
 

Author Closing Comment

by:mobot
ID: 35245001
Thanks for the feedback.  Turns out a router was added that we hadn't been informed of that needed additional configuration.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
extend vlan through a layer 3 connection 31 164
Web site error 3 44
Can't ping New Linux Servers 40 90
Split my switch into 2 switches 4 27
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question