When performing a security scan against an IIS 6 server, the web site stops responding to requests from outside the firewall and from machines on the LAN about 35 minutes into the scan. However, requests to the IP (not to localhost) to the web site run fine. Recycling the App Pool and even restarting the site will not allow the site to resume functioning.
The server is a Win2003 X64 server running IIS 6.0.
Once the server is in the locked up state, I can add a different port (e.g. 81) to the same IP (or to a different IO) and hit it from my internal LAN on this new port. However, I can not hit a new IP assigned to the site in this state on port 80.
Windows Firewall is not running on the server and while we do have Symantec Endpoint Protection on the server, the Network Threat Protection is disabled. Further, the server can be rebooted (which restores operation) but running the scan (from Qualys) again consistently causes the same problem.
I have even tried setting up a new site on this IP with nothing but a static index.html file and running the scan and I still get the problem. What is really strange is that I have another site running on the same server (different IP) which is not affected by this problem.
Any suggestions would be very, very, welcome.
Best Answer
I have seen the exact same issue caused by Symantec Endpoint Protection in the past. Even though it claims the feature is disabled, I would remove it and try again just to be sure.