0

I have IIS running 5 websites with different app pools on a Windows 2012 server. One of the sites became unresponsive. Checking IISLogs for that site there is no record of traffic during that time. The last log entry for the unresponsive site was normal "200". The other sites show traffic and were responding fine according to their respective logs. There is nothing in front of the web server that would block traffic to one site only. All sites require SSL. IISRESET fixed the problem.

I am trying to do root cause analysis. Does the fact that traffic was not recorded in IIS log point to the component that failed?

I checked event log and cannot find related event at the time of failure. I did find "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203." But that was 10 minutes after the failure started. I am guessing the SChannel failure was result of something, not the cause of the original failure.

M6rk
  • 63
  • 5
  • I would investigate if the IP traffic is even reaching the server in the first instance. Do you run Wireshark on the server? – ccomley Sep 04 '16 at 15:34
  • Check if you have entries in %WinDir%\system32\LogFiles\HTTPERR. Supposing you have SChannel issues, SChannel is used by HTTP.sys and not IIS. Remember HTTP.sys is the component IIS' worker processes subscribe to HTTP.sys. Hence HTTP.sys is the component doing all the networking and SSLing. If a disconnect happens with HTTP.sys, it will be logged in the aforementioned location instead. Hope it helps. – milope Sep 05 '16 at 20:46

0 Answers0