trebbettes
asked on
IIS Wont Serve HTTPS traffic to various subnets, sporadically.
Hi All,
We have had a Dynamics CRM 2011 site serving internally on our network on HTTP for c. 2 years. No Problems.
The site is hosted in a data center in london and access is (for the most part) from remote sites.
Recently purchased and installed an SSL Certificate from Go-Daddy, switched over the bindings to https within IIS.
Since doing this, once every few weeks our IIS server will randomly stop serving HTTPS traffic to remote sites (different subnets) for just a few minutes, after this time the issue resolves itself and the site can be browsed again.
Traffic continues to be served internally within the data center on HTTPS during this period.
We have a VPLS between sites and no firewall is affecting traffic.
Routing is manged correctly and there are no issues here.
HTTP continues to work from the same server to any client for the duration of the problem.
No packet loss or ping drops.
No events logged in any windows event log for the periods of time when it occurs.
I'm really struggling to know where to focus my investigation and was wondering if anybody had any suggestions?
I feel like its related to the SSL certificate, perhaps Revocation checking on the client?
More Details:
Microsoft Dynamics CRM 2011 Front End Servers x 2 (CRM01 & CRM02)
Server 2008 R2, IIS 7.5.
Microsoft NLB (Load Balancing) Cluster Set Up between the two.
crm.mycompany.co.uk DNS entry points towards the NLB Cluster IP Address
Any thoughts would be greatly appreciated.
We have had a Dynamics CRM 2011 site serving internally on our network on HTTP for c. 2 years. No Problems.
The site is hosted in a data center in london and access is (for the most part) from remote sites.
Recently purchased and installed an SSL Certificate from Go-Daddy, switched over the bindings to https within IIS.
Since doing this, once every few weeks our IIS server will randomly stop serving HTTPS traffic to remote sites (different subnets) for just a few minutes, after this time the issue resolves itself and the site can be browsed again.
Traffic continues to be served internally within the data center on HTTPS during this period.
We have a VPLS between sites and no firewall is affecting traffic.
Routing is manged correctly and there are no issues here.
HTTP continues to work from the same server to any client for the duration of the problem.
No packet loss or ping drops.
No events logged in any windows event log for the periods of time when it occurs.
I'm really struggling to know where to focus my investigation and was wondering if anybody had any suggestions?
I feel like its related to the SSL certificate, perhaps Revocation checking on the client?
More Details:
Microsoft Dynamics CRM 2011 Front End Servers x 2 (CRM01 & CRM02)
Server 2008 R2, IIS 7.5.
Microsoft NLB (Load Balancing) Cluster Set Up between the two.
crm.mycompany.co.uk DNS entry points towards the NLB Cluster IP Address
Any thoughts would be greatly appreciated.
It is possible that only one of the two servers is serving https traffic properly to begin with. Try them individually.
ASKER
Well to try and discount the idea I suspended one of the nodes within the NLB cluster a few weeks back and we have had a reoccurrence of the problem since then.
However it still could be NLB related as the single server is still running from the NLB Clusters IP, it just happens to be the only node. so perhaps there is something going on with the negotiation on the cluster even if its only a single node cluster at the moment?
Yes, when its happening I can browse to either server directly on https://servername/CRM and https will serve fine with a certificate warning.
Cluster Rules are as follows:
Operation Mode: Multicast
Port Rules: 0-65535 TCP & UDP
Filtering mode: Multiple Host, Affinity: Single
Both servers are definitely serving HTTPs, even with load balancing between the two they both go down at the same time, which indicates to me its not an IIS / configuration issue.
However it still could be NLB related as the single server is still running from the NLB Clusters IP, it just happens to be the only node. so perhaps there is something going on with the negotiation on the cluster even if its only a single node cluster at the moment?
Yes, when its happening I can browse to either server directly on https://servername/CRM and https will serve fine with a certificate warning.
Cluster Rules are as follows:
Operation Mode: Multicast
Port Rules: 0-65535 TCP & UDP
Filtering mode: Multiple Host, Affinity: Single
Both servers are definitely serving HTTPs, even with load balancing between the two they both go down at the same time, which indicates to me its not an IIS / configuration issue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you experience this problem, can you hit each CRM server individually via https?