Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Website unreachable
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Website unreachable - 15.Sep.2008 5:08:30 AM
|
|
|
Jeff1981
Posts: 6
Joined: 15.Sep.2008
Status: offline
|
We have the following strange problem and perhaps even stranger workaround...
Sometimes some of our users report a website which can't be reached. This can happen anytime during the week (so a user can access it fine on Wednesday and on Thursday, the website can't be loaded) What happens is that the users goes to the URL and Internet Explorer hangs in the process of loading the webpage (it keeps stating it's loading the page, only the page is never shown)
Now, when we start a query on our ISA 2006 server, pointing to a client on which we then open the site, the site still can't be opened. Then we stop the query, open a new browser window on the client et voilą! The site opens! This goes for the entire network, so on all the other clients, the site can now be loaded!
Does anyone have any idea how this is possible? We have now seen this work around work for 2 sites on 2 different occasions.
|
|
|
|
|
RE: Website unreachable - 15.Sep.2008 5:31:46 AM
|
|
|
Jeff1981
Posts: 6
Joined: 15.Sep.2008
Status: offline
|
Sigh... and for the same strange reasons, the previously available sites now can't be loaded again... logging doesn't give me any helpful information... What can I check to see where things go wrong?
|
|
|
|
|
RE: Website unreachable - 15.Sep.2008 8:28:37 AM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Jeff,
I sometimes see this when DNS is slow or not working properly. You might want to check a packet trace on the clients and see how name resolution timing is working.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Website unreachable - 15.Sep.2008 11:17:43 AM
|
|
|
Jeff1981
Posts: 6
Joined: 15.Sep.2008
Status: offline
|
Hi Tom,
I performed a packet trace, however I couldn't get any DNS information out of it. The problem gets weirder, one site opens on our ISA server. If i then open the site on the client, the site opens. But after a while, it doesn't work anymore on the client, however, the site is still reachable on the ISA server (we use the ISA server as our only proxy)
And now, I just opened the site on the ISA server, and now I can also get to it on the client... This problem is really beginning to annoy me ;)
Another site that doesn't work also won't open on the ISA server, but will open on a home PC which is directly connected to the internet...
Thanks for your help,
greetz,
Jeff
|
|
|
|
|
RE: Website unreachable - 16.Sep.2008 8:55:11 AM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
Hi Jeff,
So,
1. You can always access the site if you run the browser on the firewall
2. You can sometimes reach the site if you use the browser on a machine that is behind the firewall
3. You can always reach the site from a client machine that is not protected by the firewall
Am I close?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Website unreachable - 16.Sep.2008 9:14:04 AM
|
|
|
Jeff1981
Posts: 6
Joined: 15.Sep.2008
Status: offline
|
Hi Tom,
almost :-)
1. I can sometimes access the site if I run the browser on the firewall (access is more frequent than on the client)
2. I can almost never access the site if I run the browser on the client, unless if I have previously been able to access the site on the firewall, than the site is almost always accessible (for about an hour, after which the site is inaccessible again, also on the firewal it's not accessible)
3. I can always reach the site froom a client machine that is not protected by the firewal and is not connected through our ISP
I read in another post smoeone who experienced a similar problem, where the routing tables at the ISP were screwed up. I've sent an e-mail to our ISP today to figure out if everything's fine on their part. In the mean time I'm still looking for other causes to this problem.
Greetz,
Jeff
|
|
|
|
|
RE: Website unreachable - 23.Sep.2008 9:57:57 AM
|
|
|
Jeff1981
Posts: 6
Joined: 15.Sep.2008
Status: offline
|
Hi Tom,
one of our Terminal Servers was able to access the site every time (other Terminal Servers in the same pool weren't ) After we opened the site from that server several times, the site has been available to our clients as well.
We didn't have the path MTU detection enabled. I enabled it just in case. If the problem does come back, I'll let you know.
Thanks for everything!
PS: We use Web Proxy clients, no Firewall Clients
|
|
|
|
|
RE: Website unreachable - 24.Sep.2008 12:45:55 AM
|
|
|
varun25
Posts: 59
Joined: 24.Aug.2008
Status: offline
|
Hi
this is strange cause i have exactly the same problem. We are using the ISA only as a web proxy and not firewall proxy.
We have 2 ISA server. Upstream and downstream.
For some reason, in testing when a less load of users pointing to the Internal ISA server it all works fine. The moment i put all the users on the ISA box PROBLEMS.
while troubleshooting i noticed drop of packets from Internal ISA pinging to the DMZ ISA. STRANGE again. Cause it doesnt happen when i have only a handful of users on the ISA.
Please assist.
Note: It seems like a load issue, how do i fix this?
Varun
< Message edited by varun25 -- 24.Sep.2008 12:48:54 AM >
|
|
|
|
|
RE: Website unreachable - 24.Sep.2008 8:22:02 AM
|
|
|
tshinder
Posts: 47669
Joined: 10.Jan.2001
From: Texas
Status: online
|
quote:
ORIGINAL: Jeff1981
Hi Tom,
one of our Terminal Servers was able to access the site every time (other Terminal Servers in the same pool weren't ) After we opened the site from that server several times, the site has been available to our clients as well.
We didn't have the path MTU detection enabled. I enabled it just in case. If the problem does come back, I'll let you know.
Thanks for everything!
PS: We use Web Proxy clients, no Firewall Clients
The PMTU discovery just might do the trick. It will also speed up the firewall's performance.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Website unreachable - 24.Sep.2008 7:02:04 PM
|
|
|
varun25
Posts: 59
Joined: 24.Aug.2008
Status: offline
|
sorry, but how do i enable PMTU discovery?
Not sure if this is the right thing to do, but i have disabled the flood mitigation settings.
< Message edited by varun25 -- 24.Sep.2008 7:03:53 PM >
|
|
|
|
|
RE: Website unreachable - 6.Oct.2008 6:30:29 PM
|
|
|
varun25
Posts: 59
Joined: 24.Aug.2008
Status: offline
|
Hi
I have enabled PMTU discovery on the ISA and still the same problem. This is very strange. Users are able to access the website at times and some time they cannot. Same website can be accessed by one user and not another.
Please assist.
Varun
|
|
|
|
|
RE: Website unreachable - 12.Oct.2008 5:53:44 PM
|
|
|
varun25
Posts: 59
Joined: 24.Aug.2008
Status: offline
|
Thanks Tom
I'll keep monitoring it
Varun
|
|
|
|
|
RE: Website unreachable - 22.Oct.2008 6:00:28 PM
|
|
|
varun25
Posts: 59
Joined: 24.Aug.2008
Status: offline
|
Hi Tom
I think enabling PMTU on the ISA server did help a bit, but also i noticed increasing the drive cache size on Internal and DMZ ISAdid the trick.
I increased the cache sizr last week and haven had any complaints so far. Fingers crossed.
Will let you know if there is anything else.
Regards
Varun
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
