IIS 5 & IIS 6
Website Loading Issue
Last post Sep 16, 2008 04:42 PM by blacknightx
Sep 15, 2008 11:01 AM|blacknightx|LINK
The company I work for manages firewalls. One of our customers is experiencing difficulty with websites they host (behind the firewall).
Here are the details:
-Running IIS 6.0 on Windows Server 2003
-Hosting about 30 websites
-IP based hosting.
-Server has a single NIC. Private IP's are coded on the server's NIC. Firewall preforms NATting on TCP80 and 443 from Public IP's.
-Server is not currently, but has been (to rule out a bad switch) directly connected to the firewall.
-Have used a Sonicwall TZ170 and a Sonicwall Pro2040 (currently back to the 170)
The issue is as follows:
A user will try opening a url to one of the hosted sites, lets say domain.com. Their browser just hangs on trying to load the page. It will hang for a few mins before the connection times out. If, while the page is 'loading' the user tries opening more
browser windows or tabs to this url (domain.com) they all hang while trying to load. During this time, the user can open other browser windows or tabs to different urls that are hosted on the same server and they open without issue. Furthermore if a different
user, either from the same network or elsewhere, tries opening the problem url (domain.com) it opens fine for them. If our initial user closes the very first window/tab they opened that hung, all of the remaining windows/tabs that were trying to load this
url load without issue.
Both the cable modem and firewall have been replaced. NAT policies on the firewall had been manually re-keyed to rule out possible settings corruption.
Initially we though the issue to be associated with an IIS session limit, but they are using Server 2003 and not windows XP.
Does anyone have any ideas on what is going on and possibly a fix?
Thank you in advance,
windows server 2003
IIS 6.0 hang Deadlock
Sep 15, 2008 11:22 AM|tomkmvp|LINK
Do the web sites all work well locally and/or behind the firewall? I think it sounds like a network issue and not an IIS one.
Is this only on app/site or any app/site that behaves this way?
Sep 16, 2008 04:42 PM|blacknightx|LINK
Thank you for the reply.
I think we might have narrowed the issue down.
We ran a few packet caps -from the firewall we see the initial syn ack handshake start when the url is requested - but when the issue occurs the server just sends out multiple syn/acks, wich messes with the connection cache in the firewall, and the connection
is essentially hosed until the server issues the rst.
I've read some articles on hardening 2k3 server from DOS attacks - could the server be registering this traffic (all comming with the MAC of the firewall) as a dos attack and implementing said precautions?