Internet Information Services
Microsoft web server software.
1,591 questions
Hi,
We are experiencing the same issue that you are describing. Any idea ?
TCP connections locked in “CLOSE_WAIT” status with IIS application in Kerberos authentication on AWS server (Windows server 2016 Standard)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 86%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Séverin L'hommelet
6
Reputation points
We are currently facing an issue while opening and closing sessions with IIS application on AWS server.
Setup :
- IIS application using com+ component
- AWS server m5.2xlarge (AMI = ami-0ba02848e01cae475)
- Kerberos windows authentication
- Windows server 2016 Standard
- HTTPS Connexion
- Used ports for the website : 1029 and 1036
- Network load balancer (NLB) between 2 servers EC2 AWS.
- McAfee Antivirus
- Maximum number of simultaneous users: 400
Issue : After some hours of using the application (3 / 4 hours). Some of the users observe an infinite loading of the web page while trying to access the first login page through https url of the application. The number of users facing the issue increase with the time.
Observations :
- Some TCP connections from client (random port above 50000) to the server (port 1029 or 1036) are locked in “COSE_WAIT” status while trying to close the session.
- An application pool recycling allows to close the opened TCP connections and correct the problem for the users.
- The number of “CLOSE_WAIT” TCP connections locked increases with the number of users facing the issue.
- This number of locked TCP connections can increase until 300 for one server. At this point, all the users are facing the issue.
- RAM and CPU usage on the server are stable during the issue.
Notice that this behaviour is never observed with any other architecture (including AWS) where the same application is deployed.
Explored and discarded hypothesis :
- Load balancer influence : we did a test without using the load balancer for a day (users directly access the application). We are still facing the issue.
- The parameter “Regular Time Interval (Minutes)” : Set to “0”. Notice that the server is restarted each night.
- ([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters) : not present in regedit.
- 1029 port : control test during a day with only the 1036 port.
- Number of simultaneous TCP connections allowed : default value (49152)
- McAfee Antivirus : control test during a day by disabling the antivirus.
Thank you,
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Sam Wu-MSFT 7,036 Reputation points Microsoft Vendor2021-03-31T07:53:49.757+00:00 @Séverin L'hommelet Please check if there is relevant information in the Event Viewer.
Sign in to comment
5 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 47%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Séverin L'Hommelet 1 Reputation point2021-06-18T13:24:40.437+00:00 Hi,
Still not solved on our side.
Are you on AWS ? Are you using the ASP compatibility mode ?-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 19%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rolling stones 1 Reputation point2021-06-18T13:28:19.877+00:00 Hi,
We are using virtual machine hosted on vsphere.
Sign in to comment -
-
Rolling stones 1 Reputation point
2021-06-18T13:32:52.05+00:00 Our customers are losing patient, 2/3 times a day the IIS hang and the have to restart it
-
Séverin L'Hommelet 1 Reputation point
2021-06-18T13:47:04.277+00:00 What is your authentication mode ?
-
Rolling stones 1 Reputation point
2021-06-18T14:03:46.5+00:00 We are using kerberos.