Join Log in
Score:0
Grigory avatar Server

Connection timeout between windows servers

tj flag
Grigory

Assume I have two Windows servers (2012 R2) in the same network and domain. Server B has running IIS-6 with websites(on ports 80, 8080, and others). Both of them have enabled Firewall.
The problem is that I can't access server B websites by private address in the browser or powershell.
But the website is available from public network
and B responds to ICMP requests from ping

I've added firewall rules(outgoing for A, and incoming for B) but nothing has changed. I've spent a couple of hours discovering the reasons for this behavior. And I have no idea except, that Citrix(VM's provider) somehow blocks the connection.

Added: Servers have private DNS addresses(assume servera.local and serverb.local).
When I try to ping serverb.local it responds, and when I try to curl serverb.local it doesn't The same coolstory with the private IP address (10.211...)

At the same time I have serverc.local which (wow) has access to website even without the rule corresponding it its IP address.

Please ask anything, I will add more information if it will help

70
1 + 4
Zac67 avatar
ru flag
Zac67
You're not using the public DNS record, aren't you? Check out *split-brain DNS*.
0
Reply
Grigory avatar
tj flag
Grigory
@Zac67, It does not depend on DNS. I've tried to connect by private IP and DNS
0
Reply
Zac67 avatar
ru flag
Zac67
You're not really giving us much detail - or barely any - and public DNS is the most common reason for that problem.
0
Reply
Grigory avatar
tj flag
Grigory
@Zac67, thanks, I updated the description. Is any other information needed?
0
Reply
Score:1
tsc_chazz avatar Server
vn flag
tsc_chazz

If server B is running "websites" (plural), almost certainly they will respond only when they are referenced by name - there has to be a name in the header to tell IIS which web site you're interested in. If you simply talk to an IIS server by IP, generally you'll get a default web site if there is one - there isn't always. So Zac67's suggestion in comments of split-brain DNS is actually appropriate. Or at the very least, edit \windows\system32\drivers\etc\hosts on server A so there are hosts records that link web address to server B's IP, then try again to connect by name from server A.

+ 9
Grigory avatar
tj flag
Grigory
The problem is not the IP and DNS address. I `ping serverb.local` and it answers. And when I try to `curl serverb.local` it doesn't respond anything. I have another server C, which can access website on server B.
0
Reply
tsc_chazz avatar
vn flag
tsc_chazz
But do you have a web site that is named `serverb.local`? Oh, and the `.local` TLD is special and may not resolve, even locally. I'd create a site `serverb.lan` and try that instead.
0
Reply
Grigory avatar
tj flag
Grigory
serverb.local resolve without problems. I can ping him, but I can't access port 80
0
Reply
tsc_chazz avatar
vn flag
tsc_chazz
The question remains: is there a web site on `serverb` named `serverb.local`? In order for IIS to respond to a request for a web site, the `host header` in the request must match the name of a web site that it is hosting, and that means that you have to be making a request by name for a site that has that name.
0
Reply
Grigory avatar
tj flag
Grigory
Can IIS disable access to website by IP of the client? Because I have `serverc.local` which can access the website
0
Reply
tsc_chazz avatar
vn flag
tsc_chazz
I am sorry that I cannot help further, but if you will not answer a simple question, there is little point my continuing.
0
Reply
Grigory avatar
tj flag
Grigory
I have site named ARR with https binding "server.local" on 443 port, and also HTTP binding without hostname on 80 port
0
Reply
Grigory avatar
tj flag
Grigory
https binding `serverb.local` on 443 port and http binding without hostname on 80 port
0
Reply
Grigory avatar
tj flag
Grigory
ARR has a lot of https bindings with `serverb.local` hostname on different ports. Other sites have friendly name (no hostname) and one http binding without hostname on different ports.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.