I have a Win 2012 R2 / IIS 8.5 server that has been running a handful of public-facing production websites for 2 years.
Today, for about 6 hours, it started randomly dropping port 80 requests (but not port 443 requests) for all websites. I could easily test this by using the Telnet client to telnet to port 80. Roughly half of the time, Telnet would fail to connect:
C:\Users\bob>telnet www.foo.com 80
Connecting To www.foo.com...Could not open connection to the host, on port 80: Connect failed
I watched these attempts with Wireshark and could see in these cases the server was almost immediately responding to the initial client packet with a TCP reset.
To (mostly) eliminate the network, I tried the telnet test from a Command Prompt on the actual web server and was able to reproduce the problem with about the same frequency.
No significant changes were made to this server today. I did apply the usual Patch Tuesday patches to this box 2 days ago but haven't seen similar problems on the 10 other web servers that got the same patches. Restarting the IIS service, recycling app pools and rebooting the OS did not solve the problem.
After 6 hours, the problem magically stopped happening and I'm not sure why. However, in case this happens again, how can I debug the TCP/IP stack and/or IIS to figure out why these connections are triggering TCP resets?
