Share via

Cannot access Windows IIS Cluster address on local Server but works fine on VPN

Anonymous
2024-02-12T14:50:06+00:00

I setup a Network Load Balancer on Windows 2022 for IIS clustering and have 2 web servers. I set a name for the cluster as NLB01 for testing and set the DNS name with IP in DNS settings on my domain controller. When I try to access the NLB01 site from a local server it doesn't work, site doesn't load.

If I try to access the site from my local laptop connected to VPN that has access to the same network, the NLB01 site loads with no issues. I don't know why it doesn't work. I can access the site from the cluster server but not any other server.

Windows for business Windows Server Storage high availability Clustering and high availability

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-12T16:51:10+00:00

    Hi, I will support your problem.

    Could you provide a hard copy of the results of the following commands executed on your computer?
    * You should correct results both when the VPN is connected and when it's not.

    The suspected issues may vary depending on how far the traceroute reaches.
    I think the network address settings are likely incorrect.

    1. ipconfig /all
    2. route print
    3. tracert <your NLB001 address>

    Best regards,

    Yu

    0 comments
  2. Anonymous
    2024-02-12T17:53:56+00:00

    When VPN is not connected, the site won't work anyway. Issue is I cannot access the site within the network but outside via VPN it works without issues:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : PC

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : home

    Ethernet adapter Ethernet 4:

    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Fortinet SSL VPN Virtual Ethernet Adapter

    Physical Address. . . . . . . . . : 00-09-0F-AA-00-01

    DHCP Enabled. . . . . . . . . . . : No

    Autoconfiguration Enabled . . . . : Yes

    Link-local IPv6 Address . . . . . : fe80::6706:7163:2b23:57df%13(Preferred)

    IPv4 Address. . . . . . . . . . . : 10.212.134.205(Preferred)

    Subnet Mask . . . . . . . . . . . : 255.255.255.255

    Default Gateway . . . . . . . . . :

    DHCPv6 IAID . . . . . . . . . . . : 218106127

    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-57-2F-E3-08-8F-C3-FE-01-05

    DNS Servers . . . . . . . . . . . : 192.168.0.200 

                                       8.8.8.8

    NetBIOS over Tcpip. . . . . . . . : Enabled

    Wireless LAN adapter Wi-Fi:

    Connection-specific DNS Suffix . : home

    Description . . . . . . . . . . . : MediaTek Wi-Fi 6 MT7921 Wireless LAN Card

    Physical Address. . . . . . . . . : CC-5E-F8-1C-10-3F

    DHCP Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IPv4 Address. . . . . . . . . . . : 192.168.2.30(Preferred)

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Lease Obtained. . . . . . . . . . : February 2, 2024 5:11:38 PM

    Lease Expires . . . . . . . . . . : February 15, 2024 10:27:50 AM

    Default Gateway . . . . . . . . . : 192.168.2.1

    DHCP Server . . . . . . . . . . . : 192.168.2.1

    DNS Servers . . . . . . . . . . . : 192.168.0.200 

                                       8.8.8.8 

                                   192.168.2.1 

                                   207.164.234.129

    NetBIOS over Tcpip. . . . . . . . : Enabled

    C:\Users\computer>route print

    ===========================================================================

    Interface List

    13...00 09 0f aa 00 01 ......Fortinet SSL VPN Virtual Ethernet Adapter

    10...80 3f 5d f2 78 46 ......Realtek USB GbE Family Controller

    6...00 ff 2c c3 5e da ......TAP-Windows Adapter V9

    11...ce 5e f8 1c 30 1f ......Microsoft Wi-Fi Direct Virtual Adapter

    19...ce 5e f8 1c 20 0f ......Microsoft Wi-Fi Direct Virtual Adapter #2

    23...cc 5e f8 1c 10 3f ......MediaTek Wi-Fi 6 MT7921 Wireless LAN Card

    5...00 09 0f fe 00 01 ......Fortinet Virtual Ethernet Adapter (NDIS 6.30)

    22...08 8f c3 fe 01 05 ......Realtek PCIe GbE Family Controller

    1...........................Software Loopback Interface 1

    ===========================================================================

    IPv4 Route Table

    ===========================================================================

    Active Routes:

    Network Destination Netmask Gateway Interface Metric 

          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.30     30

    10.212.134.205 255.255.255.255 On-link 10.212.134.205 257 

       68.68.3.38  255.255.255.255      192.168.2.1     192.168.2.30     30 

    127.0.0.0        255.0.0.0         On-link         127.0.0.1    331 

    127.0.0.1  255.255.255.255         On-link         127.0.0.1    331

    127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 

      192.168.0.0    255.255.255.0   10.212.134.206   10.212.134.205      1 

  192.168.2.0    255.255.255.0         On-link      192.168.2.30    286 

  192.168.2.1  255.255.255.255         On-link      192.168.2.30     30 

 192.168.2.30  255.255.255.255         On-link      192.168.2.30    286 

192.168.2.255  255.255.255.255         On-link      192.168.2.30    286 

    224.0.0.0        240.0.0.0         On-link         127.0.0.1    331 

    224.0.0.0        240.0.0.0         On-link      192.168.2.30    286 

    224.0.0.0        240.0.0.0         On-link    10.212.134.205    257

    255.255.255.255 255.255.255.255 On-link 127.0.0.1 331

    255.255.255.255 255.255.255.255 On-link 192.168.2.30 286

    255.255.255.255 255.255.255.255 On-link 10.212.134.205 257

    ===========================================================================

    Persistent Routes:

    None

    IPv6 Route Table

    ===========================================================================

    Active Routes:

    If Metric Network Destination Gateway

    1 331 ::1/128 On-link

    13 261 fe80::/64 On-link

    13 261 fe80::6706:7163:2b23:57df/128 

                                    On-link

    1 331 ff00::/8 On-link

    13 261 ff00::/8 On-link

    ===========================================================================

    Persistent Routes:

    None

    C:\Users\computer>tracert nlb01.domainname.com

    Tracing route to nlb01.domainname.com [192.168.0.32]

    over a maximum of 30 hops:

    1 6 ms 6 ms 4 ms PC [10.212.134.205]

    2 6 ms 6 ms 5 ms 192.168.0.32

    Trace complete.

    0 comments
  3. Anonymous
    2024-02-23T02:49:51+00:00

    Hi Sameer.

    Good day!

    1. Make sure the network connection on the local server is working properly and check the firewall settings to make sure the port is allowing traffic. It may be necessary to check the network communication between the local server and the NLB cluster.
    2. Check the NLB configuration to make sure the load balancer is configured correctly and all nodes are in the "Converged" state. Make sure the NLB virtual IP address is associated with the DNS name.
    3. Check whether the VPN connection affects network routing or DNS resolution, which may introduce different network environments.
    4. In addition to this, you can also check the event log to see if there are any related errors.

    Best Regards

    0 comments
  4. Anonymous
    2024-02-23T15:12:41+00:00
    1. The network connection is working without issues and I have turned the Windows firewall off on the server. I am able to ping the domain name of the NLB server without any issues
    2. I have setup 2 servers with ARR and NLB installed and they are in the converged state. I set the DNS name for the virtual IP which I can ping from any server
    3. Don't think VPN is affecting anything, VPN gives a different IP address when connected. If VPN was issue then I wouldn't be able to access the site from my own laptop. Issue is when I try to connect from a local server on the local network
    4. I will check event logs on the server and see if it shows anything
    0 comments
  5. Anonymous
    2024-02-23T20:09:09+00:00

    Hi Sameer, thank you for getting back to me.

    I found the following route is configured during VPN connection:

    192.168.0.0 255.255.255.0 10.212.134.206 10.212.134.205 1

    With this route in place, you can access to NLB01 is possible during VPN connection.

    Can you try to add the following route and make sure to access NLB01 when you don't use VPN?

    When network addresses differ, communication typically occurs through the default gateway. However, there appears to be a situation where access to NLB01 is not possible during local connections.

    route add 192.168.0.0 mask 255.255.255.0 192.168.2.1

    If this doesn't work, I think the address of the default gateway (192.168.2.1) might be incorrect.

    Is 192.168.2.1 referring to the router?

    Best regards,

    Yu

    0 comments