Problems in IIS (or possibly ISA, or even Sharepoint...)

[Tyiell]

Hi all,

I've been sort of dumped in the poo this week, because over the half term we have somehow managed to screw up our VLE external access. This is a system I have never been involved in and the network manager has gone snowboarding

The VLE is our own design hosted on Sharepoint over two servers running Windows Server 2003 64bit. Up until last week, the sharepoint servers were not running service pack 1. Last week the NM attempted to go to service pack 2 on both servers in preparation for our spanky new Sims Learning Gateway install. We had a whole host of errors and, as a result one sever is running on version 12.0.0.6421, and the other on 12.0.0.4518. Trouble is I'm not involved in the sharepoint servers at all, so I wouldn't know where to start on troubleshooting the updates.

The Sims Learning Gateway was installed anyway on our half-upgraded servers and the VLE works perfectly internally. On both sharepoint servers there is a web site on IIS called Portal for external traffic to be forwarded into. It is here that we have the problem. Traffic coming from the ISA server (the rules on that server look correct for forwarding "intranet" traffic to the correct server and the correct port) does not reach IIS on the sharepoint server - I get the following error on the logs in ISA:

Failed connection attempt

Web Proxy - Reverse

A Socket operation was attempted to an unreacheable host.

Rule: Intranet

External traffic - 10.36.84.9:8181 **This is the correct server IP on the correct port**

I'll cut the essay short here, any ideas would be appreciated (even if they seem obvious), and if you need information that I haven't provided here, just say!!!


Paul

[vikpaw]

Go to IIS admin and check all is up and running.
Restart IIS Service... this will affect all websites running on that server not just sharepoint/slg.

[Tyiell]

The following sites are running in IIS:

SharePoint Central Admin v3
BW Portal
SIMS-ADP-Provisioning
SIMS-ADP-ClientSite
SIMS-ADP-Admin
MySite
SIMS-ADP-Management
SIMSWebServices
SharePoint Shared Services
Office Web Services

An IIS Restart hasn't fixed it I'm afraid...

[vikpaw]

I'm no expert in this area - my test sharepoint setup failed last week and i had to roll back to a previous snapshot. (thanks god for virtualisation!).
the sites look like the usual ones.
can you access the site from the isa server? i.e. can it see and access the sharepoint server when you are logged in to it?
Each of those sites will run on a different port, can you access any of them through ISA?

[Tyiell]

Good point!! That hadn't occured to me and the answer: No! From the ISA server I cant see or ping either of the sharepoint servers, or any of the sites (intranet, mysite, etc). But I can ping everything else on the network (domain controllers, stroage servers, etc). Wierd. Does that suggest DNS issues? Or maybe a service not running on the unreachable servers...

[vikpaw]

not sure on how ISA works. possibly what you can do as a user logged in is different to what happens to traffic, but certainly something must be wrong here. especially if sharepoint works internally.
it could be dns, but i'm thinking it's to do with proxy exceptions. you should be bypassing proxy for those local servers. also they could be set up to not accept ping....
try browsing by dns and ip, also check proxy exceptions, though usually this only applies for connections internally.
i have to rush off now, someone else will have to take over troubleshooting.
sorry

[EduTech]

I can't post a detailed response as I am out of the office and on iPhone, as daft as it sounds check the firewal on the sharepoint server maybe the update activated that.

[Tyiell]

Ok, I'm fixed!!

I did check the local servers firewall and it was switched off (I am glad - if that had been the reason I'd be feeling pretty sheepish for not spotting it earlier!!!).

Turns out that the NM had changed the internal network ip ranges on the isa server to not include anything below .10 - which happens to include both our sharepoint servers

Changed that back and presto, all is as it should be!! I'm guessing he removed them intentionally to prevent people trying to access the vle externally while he was running the upgrade and forgot. Oops.

Alls well that ends well I guess, thanks for your help guys!!

[EduTech]

Ok, I'm fixed!!

I did check the local servers firewall and it was switched off (I am glad - if that had been the reason I'd be feeling pretty sheepish for not spotting it earlier!!!).

Turns out that the NM had changed the internal network ip ranges on the isa server to not include anything below .10 - which happens to include both our sharepoint servers

Changed that back and presto, all is as it should be!! I'm guessing he removed them intentionally to prevent people trying to access the vle externally while he was running the upgrade and forgot. Oops.

Alls well that ends well I guess, thanks for your help guys!!

Glad you managed to get it sorted, was going to suggest that but was not easy typing on a phone in the freezing cold lol.

Happy Days!

James.

[timzim]

Time to start keeping a change log...

[EduTech]

Time to start keeping a change log...

Yeah an email might of been nice though just so you had a rough idea what had happend. hehe

[Tyiell]

Yeah an email might of been nice though just so you had a rough idea what had happend. hehe

Yeah, don't get me started or we'll have to move the post behind the red door so I can rant

Thanks guys!

[vikpaw]

glad it's sorted.