Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IIS 7.5 and networking blues - who's up for a challenge?

Posted on 2011-03-24
8
Medium Priority
?
807 Views
Last Modified: 2012-05-11
The problem is I have a website that some pc’s can access and other can’t, and they are in the same subnet 192.168.16.0\22 and in the same Windows domain.

If you need additional info or have questions let me know.

We have 25 other domains and sites on the server, and all pc’s can access those sites.
This particular site is a Dot Net Nuke site.
We have stopped and started the site and the app pools.
We have rebuilt the site from scratch and used a different ip address.
We have checked the nic for errors.
We have cleared the arp table on the server.
We have restarted the server.
We have swapped out ports on the switch.
We have swapped out drop cables on the switch.

The server is Windows 2008 64bit Standard – IIS 7.5
PC’s are a mix of Windows XP Pro SP3 and Win7 Pro.

I can ping the site from all pc’s by name (first label only), so DNS is working, and by ip address.
From the pc’s that work I can access the site by name and by ip address.
From the pc’s that don’t work I can’t access by name or by ip address.
From the pc’s that work, I can connect via telnet.
From the pc’s that don’t work, I can’t connect via telnet.

Wireshark output.
From the pc it works on I see the tcp 3 way handshake complete.
From the pc it don’t work on, I see just a syn packet being sent, I don’t see anything else, no ack .

Fiddler2 output.
From the pc it works on I see a 200.
From the pc it don’t work on I see a 504.

WFetch output.

From pc that don’t work.
started....WWWConnect::Close("192.168.19.249","80")\nclosed source port: 2823\r\n
WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 2878\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
\r\n
RESPONSE: **************\n0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receive0x2746 (An existing connection was forcibly closed by the remote host.): Socket Error On Receivefinished.

From pc that does work.
started....WWWConnect::Connect("192.168.19.249","80")\nIP = "192.168.19.249:80"\nsource port: 5135\r\n
REQUEST: **************\nGET / HTTP/1.1\r\n
Host: 192.168.19.249\r\n
Accept: */*\r\n
\r\n
RESPONSE: **************\nHTTP/1.1 302 Found\r\n
Content-Type: text/html; charset=utf-8\r\n
Location: http://dnntest.domain.org/\r\n
Server: Microsoft-IIS/7.5\r\n
X-Powered-By: ASP.NET\r\n
Date: Thu, 24 Mar 2011 14:45:56 GMT\r\n
Content-Length: 1557\r\n
\r\n
\r\n

0
Comment
Question by:mobot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 

Author Comment

by:mobot
ID: 35210622
Note: We can always browse the site from within IIS Manager, and we can always browse the site from the IIS server itself.
0
 
LVL 80

Expert Comment

by:arnold
ID: 35214210
What are the IPs of the workstations that can not access the site?
Are their IP fall within a particular range.
Does a non working system starts working if you change the IP to another IP of a known working system?

syn_sent means that the firewall on the IIS server might be preventing the establishment of the connection. Check the advanced firewall rules on the server to see if there is a limit on the port 80 connections to the server.
0
 

Author Comment

by:mobot
ID: 35215758
Address range 192.168.16.0/22, it's hit and miss some always access the site, and some don't.

>>Does a non working system starts working if you change the IP to another IP of a known working system?

Yes it does.

We have the firewall turned off.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 80

Accepted Solution

by:
arnold earned 1500 total points
ID: 35216039
You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

Based on your netmask you have the LAN as 192.168.16.0-192.168.19.255

What is the IP/netmask on the systems that are having problems?
How are IP's allocated?

Check the IIS log to see what IPs it sees requests from and which entries do not have normal responses.

Changing source IP changes behavior, are those who are having problems span the IP range or can they be localized to a subset of IPs?  Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

0
 

Author Comment

by:mobot
ID: 35217825
I'm aware of the address range based on the netmask.
All of the ip addresses have the subnet mask 255.255.252.0.
The ip's are allocated via dhcp.

>>You need to see whether there is a pattern to the IP the systems have that might fall outside the expected range,

I've looked for a pattern, and I don't find one, that's what makes this problem so frustrating. 172.16.17.181 don't work, and 172.16.17.183 works everytime.  These are laptops, and I've swapped out the drop cables between them, and no joy.

The IIS logs don't have an entry for the problem pc's because they never make the connection to the server.  I'm using Log Parser to comb through the logs.

All of the dhcp addresses are allocated from a subset of the ip's, for example 192.168.17.225 - 192.168.17.199, 192.168.18.225 - 192.168.18.199.

>>Check whether the IIS site has the allow all except or deny all except and the range defined excludes a segment mistakenly.

Are you referring to the IP Address and Domains Restrictions? There are none.
Or the Authorization Rules? There are none of those either.
Anonymous Authentication is enabled.
0
 
LVL 80

Expert Comment

by:arnold
ID: 35219770
Where did these 172.16.17.181 IPs come from? You referenced 192.168.16.0/22?

If these are cross router segments, you would need to check the rules that deal with the cross segment communication.
0
 

Author Comment

by:mobot
ID: 35220773
My bad, we have three locations, and we use 192.168 for one, 172.16, and 10.16 for the other two.  192.168 is the one I need to focus on, it has the greatest number of users. I had a couple of calls from folks on the 172.16 subnet adding to the clamor when I was writing the reply and got distracted. It will be Monday before I pick back up on this.  
0
 

Author Closing Comment

by:mobot
ID: 35245001
Thanks for the feedback.  Turns out a router was added that we hadn't been informed of that needed additional configuration.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question