IIS 7 and Above
Website Not Working - New Web Farm Server
Last post Nov 26, 2019 03:16 PM by BradSherwin
Oct 23, 2019 12:11 PM|BradSherwin|LINK
I'm currently playing with IIS web farms in my test enviroment which uses Kemp LM as a LB. Ive setup two servers which work fine so I already know my Shared Config, Shared Website, Shared Cert and Kemp are working as expected.
However, when I build a new server I just cant seem to get the instance working. In Chrome I'm getting the server refused to connect.
As stated above, it can't be any of the shared folders as they work on other servers and I can enabled Shared Config and the website, app pool imports as exoected. I've also confirmed on the effected server I can access the default website. There are no
eventvwr errors either when restarting the app pool. Ive also ran Get-WindowsFeatures to compare to see if I was missing any roles/features and I'm not.
I've ran a packet capture from the Kemp and I see the client hello sending to the box but theres no Server Hello as expected. Running Netstat I see 0.0.0.0:443 is listening. Windows FW is disabled. I've ran CASPOL too on the box.
During testing, I did have an issue with C:\inetpub\temp\appools\APPPOOLNAME on one of the working servers where the file was corrupt. So I looked in the temp folder and I cannot see my app pool name folder on this box. Checking my workign server there
are no speical permissions that I can see and they're identical.
Pretty stumped!! Any pointers would be greatly appreciated!
Oct 24, 2019 08:56 AM|Yuk Ding|LINK
1.Did you see connection refused error in C:\Windows\System32\LogFiles\HTTPERR?
2.Could you access the website without Web farm? We need to figure out which part returned this error.
3.could you get it work with http instead of https?
4.Did you get error message in event viewer?
5. Have you traced ssl handshake on the broken server?
Nov 18, 2019 11:04 AM|BradSherwin|LINK
I have a kemp load master in front of the web servers A, B, C.
Web server A works fine. But if I stop the app pool on A to test the functionality of the server B & C I get the empty response browser error. Ive checked C:\Windows\System32\LogFiles\HTTPERR and there are no recent errors. Ive also checked C:\inetpub\logs\LogFiles
and I see the kemp health checking the URL with error 401 which is expected. But when I try to connect, there are no logs generated in the above locations and nothing in eventvwr.
Ive also TCP dumped the Kemp load master and I see that it is directing the requests to Server B (I only have that one enabled right now) and I see a client hello being sent to the server but thats it. No reply.
All the servers have the same IIS Central Config and Central SSL.
Nov 19, 2019 01:43 PM|Rovastar|LINK
Nov 26, 2019 03:16 PM|BradSherwin|LINK
I've managed to get the App Pool running. What I don't understand is how I managed to get it running!
When I build a new box and config IIS with CCS and Shared Config I get the browser error - failed client hello. I can only get the server to respond if I go into bindings, editing the binding - I change IP address from Unassigned to IP and then back again
and press OK.
Ive checked application.config and I can see a binding for the website. But I don't understand why doing the above works. Ive even tried exporting the config again once I do the above but that doesnt work when rolling back my server and setting up the
shared config and CCS.