?
Solved

Cannot login using IP or Netbios Name, but can browse using local host

Posted on 2014-04-07
11
Medium Priority
?
451 Views
Last Modified: 2014-05-05
Team,

One of our client is using our application which has a web user interface.
The program runs on port 8014.  Usually, we should get the login screen when we type <IP:Port#> or <NetBIOS:Port#> or <LocalHost:Port# (while browsing from the local host)>

For this customer, we can browse this only using <LocalHost:Port#>.   This limits to open the webpage just from the local host.   We cannot access the Program from remote server because either <IP:Port#> or <NetBIOS:Port#> doesn't work.

Need help in debugging this issue.  Is there any utility which will get us to the problem area?

We are running the application on Windows 2008 R2 system and the application is using Tomcat.
0
Comment
Question by:santhoshu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39983530
Have you verified there isn't any software firewalls residing on the Windows 2008 R2 system which is blocking inbound 8014/TCP traffic?
0
 
LVL 10

Author Comment

by:santhoshu
ID: 39983534
Yes, I have checked that possibility.  No Software Firewalls are there.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39983540
Have you tried connecting from a client on the same local subnet?  This will remove routing issues from the equation.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39983550
Obtain a packet capture (Wireshark) or monitor inbound connections (TCPView, netstat, etc.) to verify whether or not the HTTP request is actually making it to the web server.

When you did your local test, did you connect to localhost or 127.0.0.1 loopback address, or the actual local IP address on the LAN?  If the former, try connecting to the local LAN IP address.  Using TCPView, you can verify if the web service is listening and on what IP(s).  Perhaps it's only listening on 127.0.0.1 and not the LAN IP address.  Can you ping the web servers local LAN ip address from the server itself?  This will verify OSI layer 1 (physical), 2 (data-link), and 3 (network) are functional.  If OK, then try connecting to 8014/TCP via telnet/Putty, or your browser, to the LAN address to verify all layers are working.  Sometimes a client is experiencing browser issues, so it's best to manually connect via telnet/putty to eliminate that possibility from the equation.  Since your using a non-standard port, it's also feasible the client is preventing non-standard outbound requests.

You could also try connecting a client machine directly to the server using a cross-over cable.  This will eliminate network infrastructure from the equation.  Create a static hosts file entry on the client machine, just in case the web server is expecting a specific HTTP host header, or name resolution issues exist.  While very simple, have you tried rebooting the webserver as well?  It's always possible the service is experiencing issues related to memory leaks, instability, etc. which a reboot may address; especially if the service was working before and suddenly stopped responding, etc.
0
 
LVL 10

Expert Comment

by:tmoore1962
ID: 39983730
Customer doesn't have and vlans configured on network?  Also verify that the network configuration, i.e. default gateway correct, can you ping the host server by IP and name?  Are there any routers / bridges between the host and remote?
0
 
LVL 10

Author Comment

by:santhoshu
ID: 39983737
There are no Vlans or routers
I am not able to access the application using IP:Port# even from the very same system.
0
 
LVL 10

Author Comment

by:santhoshu
ID: 39983753
Reboot, Host file entry all are done.  No luck.

I used fiddler and it shows the error as

[Fiddler] The socket connection to 192.168.1.2 failed. <br />ErrorCode: 10060
 . <br />A connection attempt failed because the connected party did not prope
 rly respond after a period of time, or established connection failed because
 connected host has failed to respond 192.168.1.2:8014
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 2000 total points
ID: 39983833
Did you verify service is listening on 192.168.1.2 via TCPView on local machine?

NETSTAT method:
netstat -anob>"%userprofile%\desktop\netstat.txt"

Open in new window

Service may only be listening on 127.0.0.1; check web server config file to verify bind address(es).

You could also try forwarding the port via netsh:
netsh interface portproxy add v4tov4 listenport=8014 listenaddress=192.168.1.2 connectport=8014 connectaddress=127.0.0.1

Open in new window

See http://technet.microsoft.com/en-us/library/cc731068%28v=ws.10%29.aspx#BKMK_1
0
 
LVL 10

Author Comment

by:santhoshu
ID: 39983879
Thanks Giovanni and others.

Giovanni,

netsh interface portproxy add v4tov4 listenport=8014 listenaddress=192.168.1.2 connectport=8014 connectaddress=127.0.0.1

If the service is only listening to port 127.0.0.1, then the above command will forward the request to 192.168.1.2, correct?

I can run this netsh command and then try to use IP:Port# and try, correct?
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39983884
If the service is only listening to port 127.0.0.1, then the above command will forward the request to 192.168.1.2, correct?

I can run this netsh command and then try to use IP:Port# and try, correct?

Yes that's correct; from an elevated privileged command prompt (Run cmd.exe as Administrator)

To list and remove:
netsh interface portproxy show all
netsh interface portproxy delete v4tov4 listenport=8014 listenaddress=192.168.1.2

Would be best to ensure web server config file is properly configured to listen on all IPs (generally expressed as 0.0.0.0) or 192.168.1.2 directly.

TOMCAT-HOME/conf/server.xml

See http://www.mulesoft.com/tcat/tomcat-connectors

(E.g. add address="0.0.0.0" to Connector string)
0
 
LVL 10

Author Comment

by:santhoshu
ID: 40026607
I tried netsh interface portproxy add v4tov4 listenport=8014 listenaddress=192.168.1.2 connectport=8014 connectaddress=127.0.0.1


No Luck....
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question