Solved

IIS 7.5 and networking blues - who's up for a challenge?

Posted on 2011-03-24
8
804 Views
Last Modified: 2012-05-11
The problem is I have a website that some pc’s can access and other can’t, and they are in the same subnet 192.168.16.0\22 and in the same Windows domain.

If you need additional info or have questions let me know.

We have 25 other domains and sites on the server, and all pc’s can access those sites.
This particular site is a Dot Net Nuke site.
We have stopped and started the site and the app pools.
We have rebuilt the site from scratch and used a different ip address.
We have checked the nic for errors.
We have cleared the arp table on the server.
We have restarted the server.
We have swapped out ports on the switch.
We have swapped out drop cables on the switch.

The server is Windows 2008 64bit Standard – IIS 7.5
PC’s are a mix of Windows XP Pro SP3 and Win7 Pro.

I can ping the site from all pc’s by name (first label only), so DNS is working, and by ip address.
From the pc’s that work I can access the site by name and by ip address.
From the pc’s that don’t work I can’t access by name or by ip address.
From the pc’s that work, I can connect via telnet.
From the pc’s that don’t work, I can’t connect via telnet.

Wireshark output.
From the pc it works on I see the tcp 3 way handshake complete.
From the pc it don’t work on, I see just a syn packet being sent, I don’t see anything else, no ack .

Fiddler2 output.
From the pc it works on I see a 200.
From the pc it don’t work on I see a 504.

WFetch output.

From pc that don’t work.
started....WWWConnect::Close("192.168.19.249","80")\nclosed source port: 2823\r\n
WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 2878\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
\r\n
RESPONSE: **************\n0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receive0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receivefinished.

From pc that does work.
started....WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 5135\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 302 Found\r\n
Content-Type: text/html; charset=utf-8\r\n
Location: http://dnntest.domain.org/\r\n
Server: Microsoft-IIS/7.5\r\n
X-Powered-By: ASP.NET\r\n
Date: Thu, 24 Mar 2011 14:45:56 GMT\r\n
Content-Length: 1557\r\n
\r\n
\r\n

0
Comment
Question by:mobot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 

Author Comment

by:mobot
ID: 35210622
Note: We can always browse the site from within IIS Manager, and we can always browse the site from the IIS server itself.
0
 
LVL 78

Expert Comment

by:arnold
ID: 35214210
What are the IPs of the workstations that can not access the site?
Are their IP fall within a particular range.
Does a non working system starts working if you change the IP to another IP of a known working system?

syn_sent means that the firewall on the IIS server might be preventing the establishment of the connection. Check the advanced firewall rules on the server to see if there is a limit on the port 80 connections to the server.
0
 

Author Comment

by:mobot
ID: 35215758
Address range 192.168.16.0/22, it's hit and miss some always access the site, and some don't.

>>Does a non working system starts working if you change the IP to another IP of a known working system?

Yes it does.

We have the firewall turned off.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 35216039
You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

Based on your netmask you have the LAN as 192.168.16.0-192.168.19.255

What is the IP/netmask on the systems that are having problems?
How are IP's allocated?

Check the IIS log to see what IPs it sees requests from and which entries do not have normal responses.

Changing source IP changes behavior, are those who are having problems span the IP range or can they be localized to a subset of IPs?  Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

0
 

Author Comment

by:mobot
ID: 35217825
I'm aware of the address range based on the netmask.
All of the ip addresses have the subnet mask 255.255.252.0.
The ip's are allocated via dhcp.

>>You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

I've looked for a pattern, and I don't find one, that's what makes this problem so frustrating. 172.16.17.181 don't work, and 172.16.17.183 works everytime.  These are laptops, and I've swapped out the drop cables between them, and no joy.

The IIS logs don't have an entry for the problem pc's because they never make the connection to the server.  I'm using Log Parser to comb through the logs.

All of the dhcp addresses are allocated from a subset of the ip's, for example 192.168.17.225 - 192.168.17.199, 192.168.18.225 - 192.168.18.199.

>>Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

Are you referring to the IP Address and Domains Restrictions? There are none.
Or the Authorization Rules? There are none of those either.
Anonymous Authentication is enabled.
0
 
LVL 78

Expert Comment

by:arnold
ID: 35219770
Where did these 172.16.17.181 IPs come from? You referenced 192.168.16.0/22?

If these are cross router segments, you would need to check the rules that deal with the cross segment communication.
0
 

Author Comment

by:mobot
ID: 35220773
My bad, we have three locations, and we use 192.168 for one, 172.16, and 10.16 for the other two.  192.168 is the one I need to focus on, it has the greatest number of users. I had a couple of calls from folks on the 172.16 subnet adding to the clamor when I was writing the reply and got distracted. It will be Monday before I pick back up on this.  
0
 

Author Closing Comment

by:mobot
ID: 35245001
Thanks for the feedback.  Turns out a router was added that we hadn't been informed of that needed additional configuration.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question