How best to identify applications and users that might be accessing an older application server?

I have an older Server 2008 R2 application server (IIS 6 and 7 are installed, I know it was a mail relay and a licensing server for our engineering program, but not sure what else) in my domain that I'm attempting to sunset and remove.  My issue is that I've been here a year and I'm still stumbling onto undocumented applications and processes in my environment, and I fear removing the server and finding out later on that there was an old app, piece of manufacturing equipment, MFP, etc. that depended on something that was running on the server.

What's my best option for determining who or what might be connecting to this box, and for what purpose?

My first thought is wireshark, but I'm not too experienced with the app, so I don't know if this is my 'best' option or not.  I could also just shut the thing down and wait for an outcry, but I really hate the impression that type of move will give to my users (if it turns out that this is hosting some critical process).

Any advice would be greatly appreciated!

Scott
Scott MilnerApplication AdministratorAsked:
Who is Participating?
 
Senior IT System EngineerIT ProfessionalCommented:
Scott,

Does the application access the licensing web apps through IIS ?
if it is yes, then you can enable IIS logging and get the IP address from the IIS logs.
0
 
Scott MilnerApplication AdministratorAuthor Commented:
Brilliant!

thanks for the response, and sorry for my delayed response back.  Looking through the IIS logs I was able to identify two remaining devices in my domain that were still configured to access the box.

I appreciate the help!

Scott
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.