IIS Wont Serve HTTPS traffic to various subnets, sporadically.

Hi All,

We have had a Dynamics CRM 2011 site serving internally on our network on HTTP for c. 2 years. No Problems.
The site is hosted in a data center in london and access is (for the most part) from remote sites.

Recently purchased and installed an SSL Certificate from Go-Daddy, switched over the bindings to https within IIS.
Since doing this, once every few weeks our IIS server will randomly stop serving HTTPS traffic to remote sites (different subnets) for just a few minutes, after this time the issue resolves itself and the site can be browsed again.
Traffic continues to be served internally within the data center on HTTPS during this period.
We have a VPLS between sites and no firewall is affecting traffic.
Routing is manged correctly and there are no issues here.

HTTP continues to work from the same server to any client for the duration of the problem.
No packet loss or ping drops.
No events logged in any windows event log for the periods of time when it occurs.

I'm really struggling to know where to focus my investigation and was wondering if anybody had any suggestions?

I feel like its related to the SSL certificate, perhaps Revocation checking on the client?

More Details:

Microsoft Dynamics CRM 2011 Front End Servers x 2 (CRM01 & CRM02)
Server 2008 R2, IIS 7.5.
Microsoft NLB (Load Balancing) Cluster Set Up between the two.
crm.mycompany.co.uk DNS entry points towards the NLB Cluster IP Address

Any thoughts would be greatly appreciated.
trebbettesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
Maybe the issue is with NLB. How is it configured? Is it set to all TCP ports, or just specific ports, such as only TCP 80? It should be set to at least 80 and 443.

When you experience this problem, can you hit each CRM server individually via https?
0
kevinhsiehCommented:
It is possible that only one of the two servers is serving https traffic properly to begin with. Try them individually.
0
trebbettesAuthor Commented:
Well to try and discount the idea I suspended one of the nodes within the NLB cluster a few weeks back and we have had a reoccurrence of the problem since then.

However it still could be NLB related as the single server is still running from the NLB Clusters IP, it just happens to be the only node. so perhaps there is something going on with the negotiation on the cluster even if its only a single node cluster at the moment?

Yes, when its happening I can browse to either server directly on https://servername/CRM and https will serve fine with a certificate warning.

Cluster Rules are as follows:
Operation Mode: Multicast
Port Rules: 0-65535 TCP & UDP
Filtering mode: Multiple Host, Affinity: Single

Both servers are definitely serving HTTPs, even with load balancing between the two they both go down at the same time, which indicates to me its not an IIS / configuration issue.
0
kevinhsiehCommented:
Sounds like a NLB issue. I would destroy the NLB and set it up again. If it's really important to have NLB I would would look at a real load balancer that know something about whether or not the server is even able to handle requests before sending traffic. Kemp is really popular among Windows users, and there are some open source ones as well that run under Linux.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.