Windows

General discussion

Locked

IIS5 Answering on Multple NICs

By Joseph Moore ·
Machine: Win2KServer, SP3, with all recent patches, running on IBM Netfinity 5000.

IIS is installed and running (only FTP and WWW installed and configured). FTP is fine. WWW is the problem

The server has 2 NICs in it, both with different IP addresses (for the sake of argument, let's say NIC#1 is 10.0.0.1 and NIC#2 is 10.0.0.2).
IIS WWW is "bound" to 10.0.0.1, port 80 only. For a screen snapshot of this window, go here:
http://www.horrorseek.com/horror/leeringclown/techrepublic/iis1.gif
(please remove any spaces)
(Yes, agan that is not the correct internal IP address; I am using a valid 10.x.x.x address)
The Advanced button reveals the same info. Go here for another screen snapshot:
http://www.horrorseek.com/horror/leeringclown/techrepublic/iis2.gif
(again, remove any spaces)

The problem is that IIS is answering all WWW requests on port 80 for BOTH IP addresses, not just the single one it is configured to use. I have verified this by using SamSpade and NetBrute, 2 tools that can expose the web server packet info. Both tools give me this info back from both IP addresses:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Content-Location: http://10.254.253.230/Default.htm
Date: Mon, 07 Oct 2002 21:39:10 GMT
Content-Type: text/html

As you can see, IIS answered. Now, I need to have IIS stop answering on the 2nd NIC (10.0.0.2) for port 80, so I can install Lotus Domino and have IT answer on NIC2 port 80. But, we are not there yet.

Also, when you use a web browser to go to http://10.0.0.1 you get the default home page on my web site, as I would expect. On http://10.0.0.2 you get a message reading "No web site is configured at this address."

I have gone into the Properties for the IIS server itself, and Edited the Master Properties. You cannot set the IP address there. I thought you could, but guess not.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

IIS5 Answering on Multple NICs

by CG IT In reply to IIS5 Answering on Multple ...

After rereading everything, you mentioned that outbound packet filtering will interrupt a user from obtaining data on the second site that is using port 81. Is your network using ISA server as your firewall? Incoming queries via URL [the domain namemask for IP address and port #] won't be effected. If your ISA is configured to block outbound packets on port 81 you can configure it to accept outbound packets. You can use almost any port # you wish with a IP address [qualify that, you have over 1000 generally recognized port numbers from which to choose from. some of those port number you don't want to use as they are recognized as generally used for services such as FTP sites, smtp, pop, etc. but nonetheless port numbers are available]. I'm not sure what/why outbound packet filtering on port 81 configured properly would cause a problem. Your trigger on the main site to the second site via masked URL (second NIC IP address and port # )should work just fine.

Collapse -

IIS5 Answering on Multple NICs

by Joseph Moore In reply to IIS5 Answering on Multple ...

See the comment on your last post.

Collapse -

IIS5 Answering on Multple NICs

by LordInfidel In reply to IIS5 Answering on Multple ...

Just reposting per request.....

And no i'm not kidding.....

There is nothing wrong though binding multiple IP's to the same nic. This is a common practice when configuring software that can take multiple IP's like IIS.

The Big issue here is really in the routing table.

You see you have 2 nics, but only 1 of them can have the default route to the rest of the net.

So when your OS has to make a routing decision it will look at the routing table and see that the default route out ison Nic1 and use it.

And since both nics are on the same subnet compounds it even more.

Now if you had them both on different subnets it would not make a difference because again, only 1 would have a default route to the net

If you open up acommand promt and type in route print you will see an entry like this.

0.0.0.0 mask 0.0.0.0 gwy (gwy ip) interface

You will only see 1 entry though like this.

(I will post more in a comment)

Collapse -

IIS5 Answering on Multple NICs

by LordInfidel In reply to IIS5 Answering on Multple ...

Now let's say you have 2 nics. 1 on the 10.0.1.0/24 subnet and the other on 10.0.2.0/24 subnet.

You will have alot of entries but if nic 1 was on the 10.0.1.0 netwk and it was configured first, it would have the default route out to the net.
Let's say your gateway was 1.1 and your ip was 1.2
(same for nic 2, 2.1 2.2)

It would look like:
0.0.0.0 mask 0.0.0.0 10.0.1.1 int 10.0.1.2
10.0.1.0 mask 255.255.255.0 gwy 10.0.1.2 int 10.0.1.2
10.0.2.0 mask 255.255.255.0 gwy 10.0.2.2 int 10.0.2.2

So now if a request came thru from let's say, 10.0.3.13 the OS would reply on nic1.

But if a request came from 10.0.2.54, the OS would reply on NIC2. Because the routing table tells the OS that any requests to the .2/24 netwk goes out on nic2.

I hope this makes sense to you.

So yes you can have 2 nics, but if they are both on the same subnet it is really pointless. Traffic should not be a consideration because most higher end nics, even the lower end nics, can handle alot of traffic. But if that is a concern go with a 3com xl etherlink server nic.

You could try adding another default route out, but you may not get the desired effect.

Collapse -

IIS5 Answering on Multple NICs

by LordInfidel In reply to IIS5 Answering on Multple ...

Hopefully you see this comment....

I never did ask this question, Why in the world would you ever run 2 different web apps on the same server? (IIS and Domino)....

My opinion, Pick One or get another server to run the other app.

IIS *WILL*assume that it can use ALL address' available to the machine. That is just the way it is.

In fact, if you have a NT4 machine and install WIndows media services, you can not have IIS installed at all! (This was corrected in NT5)

I would REALLLY think that there is going to be some sort of weird conflict going on with 2 web servers trying to answer. Even if you have them bound to different IP's.

If you want to talk more about this off-line then contact me thru the TR contact peer listing thing.

Collapse -

IIS5 Answering on Multple NICs

by LordInfidel In reply to IIS5 Answering on Multple ...

Joe,

I read your comment from the other day about contacting Domino.

I am going to put this another way.

*_It is Not standard practice putting 2 web apps on the same machine. I would strongly argue against it. There is just too much that can go wrong...*

Next, no matter What you do, you will not be able to escape the routing table. There is no way to get around the limitation of the default route out.

You can have 20 nics in a system, and one of them needs to have the default route. Just to double check this I asked my counterpart (more of a guru then I) and he concurs.

Even with winsock2 you will get really freaky results with having 2 default routes out. Even if they are on different subnets.

I can't keep harping on the fact that you have 2 different issues here.
1- Having 2 web services apps on the same machine.
2- Having only 1 default route to the net.

Collapse -

IIS5 Answering on Multple NICs

by LordInfidel In reply to IIS5 Answering on Multple ...

Additional information that was mailed to joseph off-line:

I thought about your scenario this morning. Basically it was a parallel thought about what I said about windows media server and IIS4. IIS4 and windows media server can not reside on the same box. Because wms acts as a web app binding to port 80. But this was corrected in NT5. They can both exist on the same box.

I remembered that this had to do with socket pooling.

I searched around MS knowledgebase for how to disable socket pooling. This may work. I believe that this is how they got the 2 to coexist. But again, I may be just high.

In any event, you still only need 1 adapter and bind multiple IP's to it. We are a pretty decent size shop and have allot of sites running. It would be insane for us to think of installing a separate nic for every site. This comes from web hosting companies who host hundreds of sites on the same machine.

Anyways, read below and give it a try.

Symptoms
When you start Internet Information Services (IIS) 5.0, IIS appears to bind to all Internet Protocol (IP) addresses on a server, not just the IP addresses that are assigned to Web sites. In addition, when you run another service that uses port 80 on an unused IP address, IIS may return an error.

Cause
To enhance performance, IIS 5.0 uses "socket pooling", in which IIS binds to all IP addresses when it starts.

Workaround
To work around this behavior, disable socket pooling in IIS as follows:
At a command prompt, switch to the "C:\InetPub\AdminScripts" folder.

Type the following command:
CSCRIPT ADSUTIL.VBS SET W3SVC/DisableSocketPooling TRUE

More Information
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
Q238131 How to Disable Socket Pooling

Collapse -

IIS5 Answering on Multple NICs

by Joseph Moore In reply to IIS5 Answering on Multple ...

Socket Pooling!!!!
That was the answer.
I ran the VB script as per the Technet article, and it WORKS!!!!
IT'S ALIVE! ALIVE!!!!!!

Thank you, LordInfidel.

Collapse -

IIS5 Answering on Multple NICs

by Meganetcomputers In reply to IIS5 Answering on Multple ...

You can define what nic or IP that IIS uses by going to the IIS control panel and select the domain you wish to work on by right clicking then selecting properties. One of the tabs within this box should give you the option to change which IP or nicthe computer will respond to via http: If you need further assistance please contact me directly at support@meganetcomputers.com and I will be happy to assist you.

Collapse -

IIS5 Answering on Multple NICs

by Joseph Moore In reply to IIS5 Answering on Multple ...

Thanks for the suggestion, but this was where I started. Even when you specify a specific IP address for IIS to use, it ALSO continues to respond to HTTP requests on the 2nd IP. It dishes out a generic "there is no web page configured on this IP" page.

Related Discussions

Related Forums