Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, August 1, 2016 1:12 AM
I migrated a web application from another hosting provider on to Azure.
I'm running a load balancer and 2 virtual servers.
Since migrating my pingometer monitors are showing around 50% of them fail with : Error 104 - Connection reset by peer
Both servers tick along at about 20% CPU and 60% memory for most of the time and even at quiet times I'm getting these errors.
How can I pin down where this problem is coming from, the load balancer, the server, IIS, somewhere else?
What are the likely causes?
EDIT : I just spotted something curios in the logs. Some connections might be failing due to TLS issues?
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.
Could this be it? and if so what does that mean?
All replies (5)
Monday, August 1, 2016 1:44 PM
Hello,
Thank you for posting on the Azure forums!
To begin with I believe the "Error 104 - Connection reset by peer" could be because the connection is taking too long to establish and hence the client is dropping it and trying to reestablish the connection. I believe this might be a byproduct of the actual cause.
Secondly, it is good that you have taken time to get the error logs and have noticed an error with the Windows SChannel, we could consider this as a potential cause and will check further on this. I suggest you go through How to enable SChannel event logging in IIS and modify the registry settings on your servers to enable SChannel logging. However, just be careful since this involves modifying the registry on your servers. These errors do not give us a complete picture of what might be going wrong with your deployment and hence would require more digging up to be done.
Let me know if you observe any other error messages in your logs and also check out the KB article for Windows SChannel.
Reference: https://support.microsoft.com/en-us/kb/260729
Let me know if this helps.
Regards,
Monika
Monday, August 1, 2016 1:57 PM
Thanks I think I have resolved it I'm just waiting to see if I get any more errors.
I used Nartac software IIS Crypto and saw that there was a slight difference.
I suspect (but don't know enough to prove) that with the servers being load balanced and having slightly different SSL configs that it may have created problems negotiating security as there is no server affinity.
If one client selected a protocol that wasn't set up on the other server and tried to negotiate or reuse that against the other server on the next request it would have failed.
Monday, August 1, 2016 4:10 PM
Thank you for reverting.
Let me know if you have any additional query regarding the issue .
If you have any new issue please open new forum threat.
Regards ,
Monika
Tuesday, August 2, 2016 1:25 PM | 1 vote
Please mark useful reply as mark as answer.
Monday, October 30, 2017 3:08 PM
Thank you Monika, we had the same thing happen to us last night and this is something to look into.
In God We Trust. All others bring data from a reputable source.