Windows socket connect failed
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Asked by:
Question
I have been having an issue with most of my DPs. They cannot send the IIS usage logs back to my site server that are used to build the report called «Distribution Point Usage Summary». Some are working, some are not. They were all built using the same image and have the same features installed and no HTTPS required.
This is what I have checked.
1) DNS Records and DNS Servers are correct for the DPs and Site server
2) No windows firewall rules (it’s disabled) and no network firewall rules exist to block the port or traffic to the site server.
3) SCEP is configured to exclude the files and folders already for virus scanning
4) Permissions for all DPs and Site server are given to the folders and admin on machines.
5) I have run a Site reset
6) Rebooted both DPs and the Site Server
I am on Current Branch 1610 with Hotfix
Snippet of the log below.
All replies
It is really much easier for us to troubleshoot if you just share the complete log file.
The DP is not directly talking to the site server. It is talking to the MP. In the logs (which you did not include here), you will see the MP that the DP is talking to. The MP name that you see in the logs should resolve to the correct machine. The firewall settings should allow for whatever port you have configured for the MP.
What is happening is that the client simply invoked a socket connect and the socket layer on the server (MP) did not respond.
Its 206,000 characters long. of the same message repeating over and over and over every day. The DP and MP are the same server and there is also an MP on the Site Server.
For some reason, the name of MP is not being logged.
Anyhow, I suggest that you check your MPs to see if they are in good state.
The DP is trying to connect to the MP, and the error suggest that there is no process listening on the MP or the connection is blocked by some firewall rule. It is also possible that the IIS service on the MP is not running.
The IIS service is running. There are no firewall rules in the OS level or Firewall (Hardware) level blocking. It is actually turned off on the OS side. Only antivirus is SCEP. As for the MP health, they are all operational and in the SMS log directory. This is happening to all of the MPs. Is there a Windows Feature I am missing possibly? I turned on the following features below in the XML dump below. Also, The following files all have completed successfully statuses in the log.
Windows features XML:
The error is network layer error as Kerwin pointed out and really has nothing to do with ConfigMgr or its services.
There could be something else affecting, filtering, or blocking network communication — only you can find that though as it’s something unique to your environment and network. This may be on the host or truly in the path between the systems.
Jason | http://blog.configmgrftw.com | @jasonsandys
Ok. Found the issue out. It is trying to call a REMOTE MP that is on a Satellite connection. Is there anyway to force it to call the Primary Site server which is also an MP? or itself? instead of some random slow high latency connection?
I would prefer they all call the central Site server and upload the statistics there.
Kannan.CS | https://cskannan.wordpress.com/| Please remember to click “Mark as Answer” on the post that helps you. This can be beneficial to other community members reading the thread.
Jason | http://blog.configmgrftw.com | @jasonsandys
In this case you can enable Preferred Management options.
Jason | http://blog.configmgrftw.com | @jasonsandys
Jason | http://blog.configmgrftw.com | @jasonsandys
But having a remote MP doesn’t reduce the traffic, it just funnels it through the MP. You get the same amount of traffic (more or less). And, MP selection is not guaranteed for clients and as you’ve seen, MP selection for server processes is not necessarily controlled either.
A secondary site is the way to go to reduce traffic as this schedules, throttles, and compresses the traffic also. Unfortunately, it does require SQL Replication.
The organizations that I know of with VSAT connections do not use remote MPs. Matt Hudson would be a great resource to discuss this with as this is a major challenge in his organization which they addressed using a third-party alternate content provider.
Jason | http://blog.configmgrftw.com | @jasonsandys
> «All the clients are talking to just that MP»
That’s not guaranteed though. You are only setting «preferred MPs».
No confusion though, I understand that’s the design. My point is that that design doesn’t have an advantage over having the clients connect directly to a central MP. A local MP is simply funneling the same traffic (more or less) to the site server and DB. It doesn’t save bandwidth.
The design though assumes that MP selection is valid for non-client activities which is not correct as you’ve seen which is the result of assuming that MPs are for remote locations which is also is not correct partly for this same reason and also because it doesn’t save anything on bandwidth.
Jason | http://blog.configmgrftw.com | @jasonsandys
I work for a large company that has remote sites all over the globe and slow VSATS everywhere. This includes land and sea based VSATs
If you have a slow site and you want to save your network and some headaches then look at placing a Secondary (DP, MP, WSUS) at the end of the VSAT link. This way you can also throttle some of the data. It also assumes you will have enough clients to make use of it. We have some VSATs that go up and down all the time. It will throw a replication failure but it is normally only down for a few hours. The link picks back up and the data flows without issue.
Secondary MPs will communicate within their boundary, then with your usage report should flow from the Secondary to the Primary/MP and you should not see issues of it trying to find other MPs.
On a side note, you could also look at investing in Nomad from 1E, Adaptiva, Branch Cache, Peer Cache or something else to also help with the links if you have machines over a VSAT that are not connected to a Secondary Server at the end of it. This way you can save the link.
I would recommend that you talk to the network team, if ConfigMgr is also saturating the link. We chose to use custom ports so it could be tracked and QOSed outside of other traffic. The wost part of the VSAT link is going to be WSUS traffic to all those devices, especially if you are running Microsoft Endpoint Protection and they need to scan and update their defs several times a day.
Our Vessels don’t have any site servers on them. They simply communicate up to the top MPs, 1E Nomad saves the link downloads.
You might be creating the very problem you are trying to solve. If you can’t send data backup the pipe because you are pulling/pushing too much.
