Re: Help!! Web Server outage - ping failure
From: Roland Hall (nobody_at_nowhere)
Date: 02/19/05
- Next message: Roland Hall: "Re: Help!! Web Server outage - ping failure"
- Previous message: GregoryH.: "owsadm -o usage, stats, & Top Ten Lists!"
- In reply to: Matt Dwyer: "Re: Help!! Web Server outage - ping failure"
- Next in thread: Matt Dwyer: "Re: Help!! Web Server outage - ping failure"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Feb 2005 19:13:43 -0600
"Matt Dwyer" <mdwyer@dwyer.com> wrote in message
news:1108771113.634140.21210@f14g2000cwb.googlegroups.com...
:I tested from 4 different workstations. I will attach an ipconfig/all
: for one at the end of this. Not sure about exact error, I think page
: not found, which makes sense, as the ip exists (PIX), but the internal
: ip is not found.
What do you mean when you say the IP exists but the internal IP is not
found?
>From a workstation you are pinging the IP addresses you showed me:
10.0.0.108 - fails
10.0.0.3 - succeeds
Correct?
When you switch, as you stated, to make IIS use the other NIC, what is the
procedure you use to make that change? I am assuming you mean you are
setting a static IP address on the NICs and then switching them.
Ex.
NIC0: 10.0.0.2
NIC1: 10.0.0.3
Ping from workstation: .2 fails, .3 succeeds
Switch:
NIC0: 10.0.0.3
NIC1: 10.0.0.2
Ping from workstation: .3 fails, .2 succeeds
Please correct me if I have a misunderstanding.
Also, I would like you to perform the ping test when IIS is down.
: > Ah, so to make sure I understand, you can ping the primary and
: secondary IP from the server and get responses. You only get ping
: responses [positive ones] from the server, while at a workstation, when
: you ping the secondary IP address.
:
: Nope, the ping times out, meaning ping fails, from any other server,
: and from any workstation.
I think we're agreeing. You can ping either NIC from the web server. You
can only ping the secondary NIC from remote systems.
: I showed an IPCONFIG/all with one NIC in dhcp mode just to illustrate
: the difference in settings between dhcp and setting ip manually. The
: 10.0.1.x subnet is 100 miles away at the end of the PIX tunnel. Not
: sure why that is in there, though, I will have to check my DHCP at the
: DC. The DHCP scope is defined so I use only 10.0.0.x here, and
: 10.0.1.x over there.
You cannot pick the DHCP server, AFAIK, you want so setting a NIC on your
server in DHCP mode can get mixed results, especially when you have multiple
DHCP servers. Servers should use static IP addressing. You can use
reservations but if the DHCP server cannot be reached there may be issues.
In a client-server environment, server-role systems should have static IP
addressing.
: Under Services, the IPSEC service is set to automatic and starts
: normally. On my active directory DC, there are no policies defined
: under IP Security policies on Active Directory. If neither of these
: statements is relevant, then I do not know what you mean.
If IPSec is set to block certain services, then it could be blocking ICMP
messages on the primary NIC. If you have no policies set, then there is not
need to run the service.
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.petri.co.il/what_are_ipsec_policies.htm
: Symantec client security CE 9 has no firewall.
It's not a firewall I'm concerned about here. The consumer version has
script blocking and I believe ping blocking, with Norton Security, which
includes NAV. This may not be relevant.
Why are there two NICs in the server?
Do they connect to the same switch?
Are they used for load balancing since they are on the same subnet?
If there not on different subnets and you're not setup for load balancing,
then what is the benefit or desired benefit?
Load balancing IIS:
http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=8911&Key=Domain%20Name%20System%20(DNS)
: By IIS itself, you mean Stop the web site? I will try that. I
: unplugged this server for several hours while getting my old, retired
: web server back up to speed (it is almost up to date now, or so I
: think) as a temporary replacement. Of course, now that I turn the
: newer server (with the ping issues) back on, I can not replicate any of
: this, but I will leave it running overnight and I bet it will fail by
: morning. This is the erratic part that drives me insane.
Well, I disagree with an earlier comment made by someone else, if this is
the right thread. Hardware can have intermittent errors when it's failing
but changing an IP address shouldn't make a difference. A cold weld can
cause failure after it reaches a certain temperature. However, if you're
running diagnostics with a loopback and it passes, then it points to
something else. And without a protocol analyzer you really don't know what
is happening across the wire.
-- Roland Hall /* This information is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. */ Online Support for IT Professionals - http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech How-to: Windows 2000 DNS: http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201 FAQ W2K/2K3 DNS: http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
- Next message: Roland Hall: "Re: Help!! Web Server outage - ping failure"
- Previous message: GregoryH.: "owsadm -o usage, stats, & Top Ten Lists!"
- In reply to: Matt Dwyer: "Re: Help!! Web Server outage - ping failure"
- Next in thread: Matt Dwyer: "Re: Help!! Web Server outage - ping failure"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
