You are viewing limited content. For full access, please sign in.

Question

Question

Best Tips for getting access back for Weblink

WebLink
Updated May 10, 2021
asked on May 10, 2021

Got a DMZ setup where weblink 9 is on a DMZ.

Recently the public can no longer access the sites weblink.

Generally link goes:     XXXIP-ADDRESSXX/weblink etc....


Error on public side is ERR_CONNECTION_TIMED_OUT.

Internal network works just fine.

Any tips?

 

-Brad

 

0 0

Replies

replied on May 10, 2021

Hi Bradley,

The "ERR_CONNECTION_TIMED_OUT" indicates the connections on the public side are never making it to the WebLink server. The two things I would check first are:

  1. DNS and external IP:
    1. Did the public IP address change?
    2. Is the public DNS entry still pointing to the correct IP address?
    3. Side note: hopefully you're not actually sending public users URLs with the plain IP instead of a hostname on your public domain. That looks a little sketchy to users these days, and you can't secure the site with HTTPS because SSL/TLS certs don't support IP addresses as Subject Alternative Names. I highly recommend configuring the WebLink site to use HTTPS using a publicly trusted certificate from your usual CA provider or a free one from LetsEncrypt via the WinAcme client.
  2. Firewall rules blocking the external connection:
    1. After verifying the above, from a Windows machine outside your internal network, run the following commands in PowerShell, updating the variables as appropriate: 
      #PowerShell
$publicHostname = 'weblink.example.com'
$publicIP = '127.0.0.1'

#Test-NetConnection to check establishing a TCP connection on ports 80 (HTTP) and (HTTPS) with both hostname and IP
Test-NetConnection -ComputerName $publicHostname -Port 80
Test-NetConnection -ComputerName $publicHostname -Port 443
Test-NetConnection -ComputerName $publicIP -Port 80
Test-NetConnection -ComputerName $publicIP -Port 443

    2. You're looking for the "TcpTestSucceeded" output results. "True" means the client machine was able to establish a basic TCP connection to the server for that test case, "False" means it wasn't. 

    3. Note that if you don't have an HTTPS binding configured in IIS on the DMZ WebLink server, the 443 test cases will always return "False".

    4. The Test-NetConnection TCP tests operate at a lower level than IIS HTTP web applications like WebLink. Until you get at least one "TcpTestSucceeded: True" result from the above, nothing at the WebLink-level is even relevant to troubleshooting.

Hopefully that's useful guidance to start. If running through all of the above helps resolve your issue, please mark this as the Answer and let us know what it was. If you go through all the steps and are still having issues with public access to WebLink while getting "TcpTestSucceeded: True", you can post a follow-up with whatever additional information you've found and we can go from there.

Cheers,
Sam

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...