iis website problem after reinstall Windows 10, connection was reset

Question

1. The problem:

The website is readily accessible over mobile data locally from my smartphone, and also from anywhere in the world according to these online resources: www.site24x7.com and uptimia.com

But I cannot connect to the website:
[i] using Chrome, directly from my home computer which hosts the website, or
[ii] using LocalHost or from any local device using my home wifi
The result message is...
This site can’t be reached
mickwebsite.com took too long to respond.
Try: Checking the connection
ERR_CONNECTION_TIMED_OUT
Details: Check your Internet connection

When I run Chrome with http://localhost it redirects to https, but gives the explanation "Your connection to this site is not secure" and "the connection was reset".

I did resolve the issue re: connecting directly from the host computer, by including the IP4 in the "hosts" file. However I think this does not fix the actual problem. I still cannot connect from a local device over wifi.

2. A bit of history:

This website had been running problem free for at least a few years with essentially this same setup. Then recently I had a technical problem with my computer that I was unable to solve. I arbitrarily decided to reinstall Windows 10 over the internet from Microsoft. I have had this problem with my website ever since :(

3. My setup

My website is https://mickwebsite.com I am running IIS on Windows 10 Pro 21H2 with minimum features implemented for a Static website, with support from No-IP, Certify The Web and Lets Encrypt. I have implemented SSL, and also implemented http -> https using URL Rewrite. Under {Edit_Site|Bindings|443} I have a current, valid certificate installed.

I have worked through all of the options in my Technicolor ‍XB7 router and I believe that it is set up correctly. I have port forwarded 80 and 443. Unlike my previous model this router does not support Dynamic DNS so I am using No-ip's DUC for this service.

In Windows Defender Firewall I have set both IPV4 and IPV6 to default or medium security. I do not recall making any other Firewall changes.

I have reviewed my setup with each of No-IP, Certify The Web and Lets Encrypt with the appropriate support people.

4. What I have done so far

First, I wanted to be certain that my IIS install and features choice were correct and have not been messed up somehow. I decided to renew my install of IIS using the minimum set of features for a static website. I followed these steps...

1. Remove all [both] websites, the default and my own, from inetmgr.
2. Delete the two web.config files and the inetpub folder.
3. Uninstall IIS using control panel "turn features off"; reboot computer.
4. Reinstall IIS adding in only the HTTP Redirection feature; reboot computer.
5. The default web site did not reappear [probably because I had deleted inetpub] so I recreated it following instructions on StackOverflow.
6. I installed the URL Rewrite feature as I had used it successfully for several years. The HTTP Redirection feature and HSTS are there if I may need them. I am not currently useing them.
7. Disabled static compression. Recommended by an MS Learn post; this is needed for URL Rewrite to function, a Known Issue.
8. Edited permissions for the website folder to ensure IUSR is there with Read permission only
9. Created binding for port 80.
10. SSL Settings feature: left Require SSL unchecked. Checked Accept for client certificates
11. URL Rewrite feature: set this up following a blog post
12. I tested the Default Website via Localhost:
    "This site cannot be reached"

"Your connection is not secure"

13. Tested Default Website over mobile data: Success!
14. Checked http -> https over mobile data: success

So the problem exists for the Default website. I can connect over mobile data but not over wifi/localhost

I installed my website into inetmgr, setting up Features etc as above except created bindings for both ports 80 and 443. View shows the certificate is valid until 2023-01-11.

The results are the same as for the default website.

So the problem is not in my website code or setup :)

5. My question

So it appears to me that the problem is not caused by any of my router setup which I thoroughly reviewed, or by my IIS setup which I thoroughly reset, or by my website code which behaves same as the default website. So I am wondering...

**- what option, setting, etc in Windows 10 might be causing this problem behavior?

• What did reinstalling Windows 10 from Microsoft over the internet change?
• Or is it something else entirely?**

Any help is appreciated,
Mick

Answer 1

This site can’t be reached
mickwebsite.com took too long to respond.

I think your problem is that your router can't do loopback port forwarding. (Route a network request from the local network, back to another local IP based on a port forwarding rule.)

Long discussion here.

https://serverfault.com/questions/55611/loopback-to-forwarded-public-ip-address-from-local-network-hairpin-nat

The simple solution is to add a hosts file entry for mickwebsite.com that points to the internal (ex 192.168.1.x) IP address for any wifi connected machine that needs to access the site.

I did resolve the issue re: connecting directly from the host computer, by including the IP4 in the "hosts" file. However I think this does not fix the actual problem.

You're right, it's just a workaround. If your router is capable of doing the loopback, you may need to contact your ISP's support team (Comcast?) and ask them for help. Or post a question on one of their support forums.

Answer 2

There is one error [that I know of :) ] in my original post - the problem did not start with re-installing Windows. It actually started when my ISP replaced my Hitron modem with the XB7 a few or perhaps several months previously. I just did not notice as during that period I was not actively working on my website.

The Hitron was a better modem in a few ways. For example it was able to manage dynamic DNS updates. With the XB7 I am using No-IP's free, DUC service [Dynamin Update Client] to do this. It seems that the Hitron was also able to do the loopback port forwarding.

When I researched this I found many examples of higher tech users being "very annoyed" with their XB6s and XB7s, and especially with their ISPs for the way they made the change.

Answer 3

@MotoX80

"The simple solution is to add a hosts file entry for mickwebsite.com that points to the internal (ex 192.168.1.x) IP address"

According to IPCONFIG on my computer the IPV4 is 10.0.0.153
According to the app in my phone the IPV4 gateway address is 10.0.0.1
The WAN IPV4 is 99.242.126.196

I tried the IPCONFIG result as I assumed it was what you were referring to. I still cannot connect to my website, hosted on my desktop computer, from the phone...
10.0.0.153 mickwebsite.com

I tried the other two just for completeness but again no joy :(

I did read through the "long discussion". Technically very interesting. One day I will study it thoroughly. In the meantime I am still curious about this :)

Answer 4

@MotoX80

I suddenly have this new problem accessing my website...
I can access my website only by Mobile Data. I cannot run it using Chrome or Edge from the host computer or by WiFi. I get this response From Edge...

Your connection isn't private
Attackers might be trying to steal your information from mickwebsite.com (for example, passwords, messages, or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
This server couldn't prove that it's mickwebsite.com; its security certificate is from myrouter.io. This may be caused by a misconfiguration or an attacker intercepting your connection.

When I choose "Continue to website" it opens login page for the router which owns the security certificate from myrouter.io

So I suppose that I have a misconfiguration somewhere. Any ideas appreciated :)
Mick

Answer 5

Does your pc use DHCP or does it have a static IP address?

Looks like a redirect problem. Open a Powershell prompt and run these commands. This assumes that you have set the entry in the hosts file.

invoke-webrequest  -MaximumRedirection 0  mickwebsite.com  
invoke-webrequest  https://mickwebsite.com   

I get an expected redirect on the first one to your https site.

PS C:\> invoke-webrequest  -MaximumRedirection 0  mickwebsite.com  
StatusCode        : 301  
StatusDescription : Moved Permanently  
Content           : <head><title>Document Moved</title></head>  
                    <body><h1>Object Moved</h1>This document may be found <a  
                    HREF="https://mickwebsite.com//">here</a></body>  

				  
				  

The second one goes to your site.

PS C:\> invoke-webrequest  https://mickwebsite.com  
StatusCode        : 200  
StatusDescription : OK  
Content           : <HTML>  
  
                    <HEAD>  
                    <title>Mick Dawdy's WebSite: Life & MultiMIPS HiTech</title>  
                    <link rel="icon" href="favicon.ico" type="image/ico" sizes="256x256">  
                    <meta name=viewport content="width=device-width, ...  

				  

You can also use the developer tools in the browser to trace activity. Press F12 to open them, and then select the Network tab to what requests have been made. Clicking on a request will show the request/response/header data.

In addition to the standard IIS logs in C:\inetpub\logs\LogFiles, you may also find additional info in the http error logs, C:\Windows\System32\LogFiles\HTTPERR