IIS 7 and Above
Application Request Routing (ARR)
Issues with IIS10 member in ARR 2.5.1130 farm.
Last post Aug 28, 2019 09:56 PM by KWMcCann
Aug 19, 2019 08:45 PM|KWMcCann|LINK
I'm just looking for some Ideas to get to root cause if anyone has any.
I have an issue trying to use an IIS 10 Server 2016 member in my existing farm. Currently I have an server 2008 server with IIS 7.5 in the farm. Everything works fine when using the server with IIS 7.5. If I browse to localhost url on the reverse proxy
server or to the external URL it will forward properly and get the correct response. If I take the 2008 server offline and just make the 2016 server online, then I get a 502.3 error. Remote clients see "
and on the local server you get:
"HTTP Error 502.3 - Bad Gateway
The connection with the server was terminated abnormally Most likely causes:
The CGI application did not return a valid set of HTTP errors.
A server acting as a proxy or gateway was unable to process the request due to an error in a parent gateway."
These tests are just trying to connect to the webroot. If I connect directly to the server address of the 2016 server it pulls up the pages like I expect.
Is there a compatibility issue with ARR 2.5 and IIS 10 or something that I am missing? Does ARR/Server Farm have logging? I tried FRL but it only gave me more details about the exact same error - "Bad Gateway" - nothing about why it is a bad gateway. It
is acting like the IIS 10 is just blocking the ARR requests outright since there is nothing in the IIS 10 logs that show communication from the ARR server.
Aug 19, 2019 10:30 PM|Rovastar|LINK
have a look here.
Aug 20, 2019 05:30 PM|KWMcCann|LINK
Thanks, I'll do some packet captures and see what comes up.
Aug 21, 2019 08:41 PM|KWMcCann|LINK
Here is the result of the packet captures:
all communication via TCP 443
ARR Server sends [SYN, ECN, CWR] to member server
Member Server responds with [SYN, ACK, ECN]
ARR Sends ACK
ARR Sends [FIN, ACK]
Members Server sends [RST, ACK] - resetting the connection
Aug 28, 2019 09:56 PM|KWMcCann|LINK
I ended up needing to override winhttp to use TLS 1.2.