My hosting uses Apache server and I am connecting to the same url from the same client application which makes 10-20 requests per minute and after some time the server starts blocking the client app which shows errors for unreachable address and connection refused etc.
I am sure this isn't a connectivity issue as it is consistently reproducible.
Any ideas how to setup the server so it won't block the client app's ip address?
Related
My IIS 7.5 web server farm (2xWindows 2008 R2 physical servers using Network Load Balancing) is experiencing heavy server use and SSL/TLS requests to port 443 are timing out on what appears to be the TLS negotiation (500+ Get Requests/sec with over 20K Current Connections).
Despite the heavy load, the performance of the server hardware is fine--less than 20% processor utilization, 75% of memory still available, and virtually no processor queuing. Additionally, the bandwidth utilization is fine as well. However, during this heavy usage event, my websites stopped responding to SSL-based (https) requests and clients were unable to negotiate a TLS connection. During this same time, requests using http to the same websites were working fine and the websites were very responsive (I disabled the IIS rewrite rule from http to https). The problem may have gone away after I uninstalled my CA issued certificate and reinstalled the same one and then restarted all web services however I can't say for sure that this corrected it because I also stopped forcing the use of SSL.
In troubleshooting, the only thing I see is that my Windows event logs are filled with Event ID: 36887, which seems to be related to SSL but the meaning of the error is vague to me. This is the description of the error message:
"This error message indicates the computer received an SSL fatal alert message from the server ( It is not a bug in the Schannel or the application that uses Schannel). Sometimes is caused by the installation of third party web browser (other than Internet Explorer)."
There are hundreds of entries per minute corresponding to the time of the performance issues. After this occurred, I was told to enable the CAPI2 log but since the issue is not occurring now, I only see informational messages in this log.
What would cause this problem with TLS unable to negotiate a connection under a heavy load in my networked balanced web farm and how I can prevent this from occurring again?
I'm having trouble connecting to an Active Directory server from my computer and server. I get "The server is not operational" error when trying to connect. The server I'm trying to connect to is in a different country than me.
LDAP Url is in the usual format:
LDAP://ip_address:389/CN=Users,DC=domain_name,DC=local
I've added the application that connects to the AD to the firewall (even disabled the firewall briefly to test) and added the IP to my hosts file but I can't seem to get past the error.
Now usually at this point, I would conclude that the issue is on the AD server side (or their server firewall) that is blocking requests from our server, however, the person in charge of the AD server has tested the same LDAP url using the same utility I'm using from an external network in their country and is able to authenticate without issues.
Any ideas on what we can try next?
Ok, it turns out the client's ISP was blocking international traffic over port 389. They had to write a letter to request the ISP to allow international traffic over that port. It is now working after they've done that.
Didn't know ISPs block traffic, but I suppose ISPs for corporate clients might as in this case.
I've been searching and haven't found a solution for this yet.
I have a LAMP server running Centos 5 and cPanel. I have converted the site from http to https. The site works just fine. However, periodically there are ERR_CONNECTION_REFUSED errors on my PC only. This happens only over https and only periodically. Port 443 is open on the server.
FTP, Remote MySQL, SSH, and HTTPS connections are refused during that brief period. I've checked the server's firewall to allow my ip and unblock my ip. The ip is allowed and was never blocked.
We have other PCs connected to the same network with no issues during the brief period where only my connection is refused. I've cleared my cookies and cache with no luck. However, when I run a trace route, it stops at the first hop in our network.
Any suggestions with what I need to do or look at?
Do you think it is a server related issue?
Do you think it is an internal network related issue?
Could it be the issuer of the SSL cert?
You're probably running into a full backlog queue. A Windows server will actively refuse a connection if the backlog queue is currently full. The defence is to increase the backlog or speed up the accept loop.
As the title says, I have a web server on which ssl connections initiated from the local server are extremely slow - 1 minute+ time to load even a hello world txt. Non-ssl connections are not affected. However the same pages/files/web services are served up as expected with little to no delay from any non-local source connection.
For clarification, by local host I mean including domain name, loopback IP as well as assigned network IP.
Any suggestions?
Port Address Translation and an SSL redirect on our F5 was the root cause. /sigh to IT that makes changes without notifying application support, development or product management.
I am trying to understand the working of HTTP , IIS and sql server.
I am having an IIS 7 server in my environment which is interacting with a sql database server.
The architecture is
Apache ----> IIS -----> SQL server
The Apache is a reverse proxy server which is sending the HTTP request to the IIS server and from there IIS server is interacting with the SQL database connecting by different application pools for different applications.
My query is if some request has been forwarded by the Apache server and it has reached the IIS ; after that, if the network between the Apache and IIS is having any packet drops ;
Will that have any affect to the performance of IIS and database server?
Will there be any long running queries in the worker process of the IIS? Because my concern is what will happen after the queries that has successfully executed in the Database server. But since the network between the IIS and Apache is broken how can they be forwarded further to the Apache and further to the end user.
Will these queries keep on holding the resources till they are forwarded from IIS to Apache? Because they have successfully completed their tasks but because of network issue they are not being forwarded further. Or are such request stacked up somewhere by the IIS to free up the resources for the upcoming requests??
Once a request has reached IIS it will go and do the required actions, and format the reply. It will try to send the reply to the requestor but if the link has gone, it will be unable to. It will then abandon the request. Resources it is holding for that request will be freed.
To get the data it had for you, Apache has to repeat the request.