External Connections to Internal Web Servers Over 443 Fail

Probably one of the strangest issues I’ve seen, at least it seemed that way at the time.

Scenario:

2 internal web servers experiencing the symptom, one running 2010 OWA and the other a custom web application on 443. All internal users can hit each page just fine. External users cannot hit the pages and they just receive a timeout. However, if the admin logs into either of the two servers locally or via RDP and then you try again externally, it works and they can hit the web pages. This behavior only happened on 443. Customer was just using a Cisco ASA for their firewall with no web publishing.

Resolution:

Customer was a school district and I was reminded of a former life where I worked for a school district where web filtering was common. We found out that external users could only hit the pages when an Admin was logged into either of the servers; not a regular user. Combined with the below Cisco thread I found when trying to potentially pin this on the ASA it seemed a web filter or Intrusion Detection System was killing our connections.

https://supportforums.cisco.com/thread/2043090

According to the thread a Filter/IDS on the inside could potentially be issuing resets for web traffic that it did not like. In our case it was the customers “iBoss” content filter that started blocking access after a firmware update. It worked when an Administrator was logged into the web servers because it could filter based on the currently logged on AD account and there were exclusions for the Admins.

Windows 7 \ Windows 2008 R2 Slow Download

OK this is a twilight zone issue.

We had a situation where a 2008 R2 server has very slow download\transfer speeds across a WAN\ Internet on a new server using 2008 R2, if we change the OS its all good and if we do another server its all good.

 

Troubleshooting steps:

• We investigated the network looking for issues with switch and routers
• Disabled all advanced network protocols
• netsh int tcp show global to view
• netsh int tcp set global <parameter>=disabled
• disabled all from NIC properties –> configure
• various other bang your head on the wall
• Lots o research
• Found some info indicating that on the Win 7\R2 Kernel if you have more memory than the OS supports it can cause a related issue.

Solution:

Remove all memory over what the OS supports: i.e 2008 R2 standard = 32gb/

It sounds totally weird but its true.

Compress Every powered off VM’s VHDs

Well its not exchange related but I run all my labs in hyper-v and I recently wanted to compress all the dynamic disks in my hyper-v lab and me being lazy did not want to go to the options on EVERY VM to compress the drives, so I started my google search to find a Powershell script to do them all for me…… well I couldn’t find it so I made one of my own and figured I would share 🙂

FYI- you need SCVMM to run this

Get-VMMServer –ComputerName localhost -TCPPort  8100 (8100 is default)

get-vm | where {$_.status -eq “POwerOFf”} | Get-VirtualDiskDrive |where {$_.status -eq “POwerOFf”}| ForEach-Object {Compress-VirtualDiskDrive -RunAsynchronously -VirtualDiskDrive $_}

Note: this will compress everything that’s “shutdown” so make sure you have the Disk I/O to do this.