BrianGodfrey
asked on
Diverted to google 404 page
When using IE7 I sometimes click a link that does not go to google.com, but I get redirected to here:
http://www.google.com/hws/dell-usuk/afe?hl=en&channel=us&s=res://ieframe.dll/dnserror.htm
and receive the following message:
The requested URL /hws/dell-usuk/afe was not found on this server.
An example is when I try to login to my account on chase.com. I enter the login information, I hit the login button, there is a slight delay and I end up with that google error.
My computer is a Dell Precision 390, new in November. OS is XP-Pro.
I have been using the chase.com website with FIreFox for a couple of years and have not seen this. Any idea what is causing it?
http://www.google.com/hws/dell-usuk/afe?hl=en&channel=us&s=res://ieframe.dll/dnserror.htm
and receive the following message:
The requested URL /hws/dell-usuk/afe was not found on this server.
An example is when I try to login to my account on chase.com. I enter the login information, I hit the login button, there is a slight delay and I end up with that google error.
My computer is a Dell Precision 390, new in November. OS is XP-Pro.
I have been using the chase.com website with FIreFox for a couple of years and have not seen this. Any idea what is causing it?
ASKER
We're on the right track with number 4. I have a hosts file from mvps.org. It takes all known spyware, adware, virus, trojan, etc., domains and redirects them to localhost. That, of course, generates an error. So if I try to load a page which has ads on it and those ad links go through adware sites that are blocked, an error message is produced. FireFox just shows the ad box with a 404 error inside of it. But for some reason when I get these in IE7, I am being re-directed to a Google link and getting the 404 error there. I seem to have read somewhere that Google had started doing that. I thought it was a "feature" of their toolbar, so I uninstalled the toolbar, but it still happens.
So do you, or anyone, know the mechanism by which Google is able to do this so I can fix it?
Thanks,
--Brian
So do you, or anyone, know the mechanism by which Google is able to do this so I can fix it?
Thanks,
--Brian
ASKER
Oh, I forgot to mention that I tested this by removing the mvps.org stuff from my hosts file and I stopped getting the google error message when logging in to chase.com. But I do not consider the problem fixed until I can get Google to stop hijacking my browser.
Beside Google Toolbar, do you have other Google utilityies? Google Desktop? Disable them and restart the computer.
ASKER
I did have Google desktop, but I uninstalled it at the same time as the toolbar. And I did restart afterwards. I also have GoogleEarth. Could that be doing it? I'd hate to lose it. I use it almost daily.
The "dell-usuk" in the URL drew my attention. I'm wondering if some malware isn't trying to say "Dell, you suck".
Have you tried checking that all instances of iexplore.exe are gone in the Processes tab in Task Manager and then started IE7 in its no-addons mode? Tried rebooting Windows into its safe mode (with networking) and run IE7 (in its no-addons mode again)?
Have you tried checking that all instances of iexplore.exe are gone in the Processes tab in Task Manager and then started IE7 in its no-addons mode? Tried rebooting Windows into its safe mode (with networking) and run IE7 (in its no-addons mode again)?
ASKER
Very observant! I have been reading the USUK as meaning some United States/United Kingdom version of something, but you could be on to something. I will check it out.
ASKER
Quite some time has passed since my original query. We tried most of the suggested fixes since then. This problem still occurs from time to time, but less often than when I first posted. All of a sudden, domain names will start resolving to 127.0.0.1, though some will continue to resolve to their correct IP addresses. When it occurs, we can run the command "ipconfig /flushdns" and then disable the network adapter. When we re-enable the network adapter everything works again. Yes, we do need to do both and in that order.
I never did figure out what the dell-usuk thing was all about, but I have the most up-to-date version of Norton Internet Security, and Spyware Doctor, and neither of them seems to think it is a problem.
We are thinking about replacing my wife's PC, so that will probably end the problem for her. I guess it will just remain a mystery and annoy me until it decides to stop. If nobody has anymore ideas, I'll probably just end this query the next time I get a reminder email.
Thanks War1 and Vanguard L H for trying to help.
--Brian
I never did figure out what the dell-usuk thing was all about, but I have the most up-to-date version of Norton Internet Security, and Spyware Doctor, and neither of them seems to think it is a problem.
We are thinking about replacing my wife's PC, so that will probably end the problem for her. I guess it will just remain a mystery and annoy me until it decides to stop. If nobody has anymore ideas, I'll probably just end this query the next time I get a reminder email.
Thanks War1 and Vanguard L H for trying to help.
--Brian
Have you yet ran any anti-malware programs on your problematic host?
SuperAntispyware
Lavasoft AdAware
Spybot S&D
Have you ran HijackThis (from TrendMicro) to analyze what could alter the browser's behavior?
SuperAntispyware
Lavasoft AdAware
Spybot S&D
Have you ran HijackThis (from TrendMicro) to analyze what could alter the browser's behavior?
ASKER
I did run Spybot S&D. I also have Spyware Doctor running full-time. I do not know about HijackThis, but will go read about it. Thanks.
ASKER
It's been a long time and this problem is still not solved. I keep learning and searching. Here's where it stands now, and please bear with my lack of proper vernacular...
When we wish for our computers to contact a domain for some reason, they use DNS to cross reference (resolve) the domain name to an IP address. This happens whether we are using a browser, downloading email in Outlook (mail.domain.com), or simply using the "ping" utility to see if the remote machine is alive.
Ping is a good example because it is so simple. If I "ping microsoft.com" my computer will look at its local cache to see if it already knows the address for microsoft.com. If not it will look in my hosts file. If it's not there it will go ask a DNS server for the address.
Please correct me if I have made any errors to this point!
The problem we are having appears to be that the computer is not even trying to resolve the domain name to an IP address. If I type "ping microsoft.com" into a machine that is acting up it will attempt to ping 127.0.0.1 (localhost).
At first I though the local DNS cache was getting messed up so I turned off the caching service. No joy.
The problem is worst on one of our computers, but we experience it from time to time on two others. We spy/virus checked the heck out of them with no results. I try to do my experimenting on the really bad one, but it is hard to get it away from its usual user who is trying to do business in spite of the problems.
That computer was having problems up/downloading email, so I put the IP addresses of the email servers into the hosts file and email started flowing again.
That leaves us with the DNS server query as the likely suspect. (Unless there is some other stage of address resolution that I don't know about!)
We have static addressing on our LAN and I have also collected a number of DNS server addresses to use. I have tried re-ordering them with no positive results. When I use ping it appears to take a long time at the DNS-query step. I really think there is something going wrong at this step, but I cannot figure it out. Is there a timeout somewhere? Is there a log of DNS queries that I can go look at?
Thanks,
--Brian
When we wish for our computers to contact a domain for some reason, they use DNS to cross reference (resolve) the domain name to an IP address. This happens whether we are using a browser, downloading email in Outlook (mail.domain.com), or simply using the "ping" utility to see if the remote machine is alive.
Ping is a good example because it is so simple. If I "ping microsoft.com" my computer will look at its local cache to see if it already knows the address for microsoft.com. If not it will look in my hosts file. If it's not there it will go ask a DNS server for the address.
Please correct me if I have made any errors to this point!
The problem we are having appears to be that the computer is not even trying to resolve the domain name to an IP address. If I type "ping microsoft.com" into a machine that is acting up it will attempt to ping 127.0.0.1 (localhost).
At first I though the local DNS cache was getting messed up so I turned off the caching service. No joy.
The problem is worst on one of our computers, but we experience it from time to time on two others. We spy/virus checked the heck out of them with no results. I try to do my experimenting on the really bad one, but it is hard to get it away from its usual user who is trying to do business in spite of the problems.
That computer was having problems up/downloading email, so I put the IP addresses of the email servers into the hosts file and email started flowing again.
That leaves us with the DNS server query as the likely suspect. (Unless there is some other stage of address resolution that I don't know about!)
We have static addressing on our LAN and I have also collected a number of DNS server addresses to use. I have tried re-ordering them with no positive results. When I use ping it appears to take a long time at the DNS-query step. I really think there is something going wrong at this step, but I cannot figure it out. Is there a timeout somewhere? Is there a log of DNS queries that I can go look at?
Thanks,
--Brian
Is the DNS server that you use from your ISP or elsewhere? While your DNS server can resolve the domain name, a particular host within that domain requires contacting their nameserver to get their internal IP address for it. They could, for example, use the same hostname (as in hostname.domain.tld) but change its IP address on their network. Their nameserver is supposed to know which IP address (of theirs) to return when you want to connect to that hostname. You mentioned getting back 127.0.0.1 from a ping (and probably also an nslookup). That often means their nameserver isn't working and won't resolve their hostnames to their hosts' IP addresses.
Whose DNS server are you using? Are you getting it via DHCP which would be your ISP's or company's DNS server? You mentioned using static IP addresses for your hosts. That would also mean that you would have to specify the DNS server(s) to use for the IP address lookups from the IP names. Have you tried using a different DNS server, like OpenDNS? I'm wondering if you are using the DNS server on your network (your ISP or company network) or are using an off-network DNS server (like OpenDNS or some other public DNS service).
"removing the mvps.org stuff from my hosts file and I stopped getting the google error message when logging in to chase.com. But I do not consider the problem fixed until I can get Google to stop hijacking my browser." Are you sure you got rid of the Google Toolbar? One of its options is page ranking and related pages. That means they have to know which page you visit when using their links. That means the links actually go to Google's server which then redirects you to the target site. That way, they can see where you wanted to go so they can update their rankings and provide you with that info, and the same for the related page info. It has security issues because it means Google is watching where you go depending on which of their search result links you visit. I turned that off not only for security reasons but also because it adds more unreliability in the path. Adding another server that then redirects to another site means the target site might not be reached if the intervening server (doing the interrogating) goes dead. The link points back to a Google server that could be dead or could be busy so the redirect is slow. If their redirect server is screwed up, it could also be why you get back the localhost address instead of the target site's IP address. Other security software could be doing the same thing to interrogate to where you are visiting, like a phishing filter, or a 3rd party DNS service (like OpenDNS or Websense) and where you configured to block certain categories of sites (porn, phish, adware, dating, hate, etc.).
Another possibility (since you are using static IP addressing) is the order of domains to be searched in the TCP/IP configuration. Look at the properties for the LAN connectoid and then at the TCP/IP protocol's properties. In the DNS tab, check if you have anything listed in "Append these DNS suffixes (in order)" and in the "DNS suffix for this connection". This can be used to differentiate internal hosts on your domain from other same-named hosts on another domain (which may be an internal or external domain). You might just test drive a particular host using DHCP instead of using a static IP address to see if the problem goes away.
Whose DNS server are you using? Are you getting it via DHCP which would be your ISP's or company's DNS server? You mentioned using static IP addresses for your hosts. That would also mean that you would have to specify the DNS server(s) to use for the IP address lookups from the IP names. Have you tried using a different DNS server, like OpenDNS? I'm wondering if you are using the DNS server on your network (your ISP or company network) or are using an off-network DNS server (like OpenDNS or some other public DNS service).
"removing the mvps.org stuff from my hosts file and I stopped getting the google error message when logging in to chase.com. But I do not consider the problem fixed until I can get Google to stop hijacking my browser." Are you sure you got rid of the Google Toolbar? One of its options is page ranking and related pages. That means they have to know which page you visit when using their links. That means the links actually go to Google's server which then redirects you to the target site. That way, they can see where you wanted to go so they can update their rankings and provide you with that info, and the same for the related page info. It has security issues because it means Google is watching where you go depending on which of their search result links you visit. I turned that off not only for security reasons but also because it adds more unreliability in the path. Adding another server that then redirects to another site means the target site might not be reached if the intervening server (doing the interrogating) goes dead. The link points back to a Google server that could be dead or could be busy so the redirect is slow. If their redirect server is screwed up, it could also be why you get back the localhost address instead of the target site's IP address. Other security software could be doing the same thing to interrogate to where you are visiting, like a phishing filter, or a 3rd party DNS service (like OpenDNS or Websense) and where you configured to block certain categories of sites (porn, phish, adware, dating, hate, etc.).
Another possibility (since you are using static IP addressing) is the order of domains to be searched in the TCP/IP configuration. Look at the properties for the LAN connectoid and then at the TCP/IP protocol's properties. In the DNS tab, check if you have anything listed in "Append these DNS suffixes (in order)" and in the "DNS suffix for this connection". This can be used to differentiate internal hosts on your domain from other same-named hosts on another domain (which may be an internal or external domain). You might just test drive a particular host using DHCP instead of using a static IP address to see if the problem goes away.
ASKER
Hi Vanguard,
We are on a p2p lan with no corporate DNS server. We actually have three of these lans in three different locations tied together with VPNs and that pretty much forced us to go to static IP addressing. That does force us to specify the DNS servers that we wish to use. I have a whole list of DNS servers I have accumulated over the years and from four or five different ISPs. They are listed in different orders on different computers. (They were originally all the same, but I was trying different DNSs in order to see if that was my problem.)
I do not know what OpenDNS is. (Checking...) Interesting. I have changed the primary DNS server on the computer that is giving us the most problems (most easily reproducible) and we'll see how that goes.
Here is a list of DNS servers that I have been using and/or have tried:
4.2.2.2
4.2.2.1 (I think. It's not on mine and I can't check the other PC right now.)
216.55.128.4
216.22.144.4
209.20.130.33
209.20.130.35
64.255.237.242
64.255.237.243
137.118.200.3
209.20.130.33
64.255.237.242
It seems unlikely that they are all hosed up. It seems more likely that there is some sort of timeout happening somewhere. The computer that this happens most often on is an older laptop and is a bit slow, though it does happen on my 8 month old Dell Precision 390, too, which is fairly fast. If the DNS query takes too long, does the OS just substitute 127.0.0.1?
Regarding the third paragraph: To be honest, I have tried so many things that I'm losing track. The problem initially showed itself as the browser suddenly not being able to find websites, sometimes even when we had just downloaded a page and were clicking on a link to download another page from the same site. So my initial questions were all about browsers. And it may still be that something that the browser does is initiating the problem, but it is definitely some sort of DNS kind of problem because I see it with ping and nslookup, too. (I use ping because it's quicker to type.)
I believe the google toolbar is an Internet Explorer plugin? We normally use FIreFox and have been having this problem with that browser. My partner switched to IE7 because she thinks she sees it less often than with FireFox, but I'm really not so sure about that. She also had Google Desktop Search running and I uninstalled that software, but the problem remained. I pretty much uninstalled everything that said "Google" and the problem remained.
Also, this problem occurs when we type in an URL. It has even occurred a couple of times when Outlook tried to access our email servers. They are specified like smtp.domain.com and so Outlook must still use DNS to get the IP addresses.
Finally, that obstinate laptop did not have any of these problems when we visited one of the other locations last Friday. At our office it is connected by Ethernet. At the remote location we were using wireless with DHCP.
--Brian
We are on a p2p lan with no corporate DNS server. We actually have three of these lans in three different locations tied together with VPNs and that pretty much forced us to go to static IP addressing. That does force us to specify the DNS servers that we wish to use. I have a whole list of DNS servers I have accumulated over the years and from four or five different ISPs. They are listed in different orders on different computers. (They were originally all the same, but I was trying different DNSs in order to see if that was my problem.)
I do not know what OpenDNS is. (Checking...) Interesting. I have changed the primary DNS server on the computer that is giving us the most problems (most easily reproducible) and we'll see how that goes.
Here is a list of DNS servers that I have been using and/or have tried:
4.2.2.2
4.2.2.1 (I think. It's not on mine and I can't check the other PC right now.)
216.55.128.4
216.22.144.4
209.20.130.33
209.20.130.35
64.255.237.242
64.255.237.243
137.118.200.3
209.20.130.33
64.255.237.242
It seems unlikely that they are all hosed up. It seems more likely that there is some sort of timeout happening somewhere. The computer that this happens most often on is an older laptop and is a bit slow, though it does happen on my 8 month old Dell Precision 390, too, which is fairly fast. If the DNS query takes too long, does the OS just substitute 127.0.0.1?
Regarding the third paragraph: To be honest, I have tried so many things that I'm losing track. The problem initially showed itself as the browser suddenly not being able to find websites, sometimes even when we had just downloaded a page and were clicking on a link to download another page from the same site. So my initial questions were all about browsers. And it may still be that something that the browser does is initiating the problem, but it is definitely some sort of DNS kind of problem because I see it with ping and nslookup, too. (I use ping because it's quicker to type.)
I believe the google toolbar is an Internet Explorer plugin? We normally use FIreFox and have been having this problem with that browser. My partner switched to IE7 because she thinks she sees it less often than with FireFox, but I'm really not so sure about that. She also had Google Desktop Search running and I uninstalled that software, but the problem remained. I pretty much uninstalled everything that said "Google" and the problem remained.
Also, this problem occurs when we type in an URL. It has even occurred a couple of times when Outlook tried to access our email servers. They are specified like smtp.domain.com and so Outlook must still use DNS to get the IP addresses.
Finally, that obstinate laptop did not have any of these problems when we visited one of the other locations last Friday. At our office it is connected by Ethernet. At the remote location we were using wireless with DHCP.
--Brian
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have three current ISPs (we move around a lot, witness protection program you understand. ;-) I've also had three others in the recent past and I get confused over whose DNS server is whose. Also, my brother gave me the 2.4.4.4 address and said it was some sort of publicly accessible server.
But I bet you are right. I am going to see if I can figure out which ones are working and which are not.
In the meantime, I put the OpenDNS address in the laptop that gives us the most trouble and it has not had a problem in the last few hours. If it works all day tomorrow I will call this problem solved.
Thanks!
But I bet you are right. I am going to see if I can figure out which ones are working and which are not.
In the meantime, I put the OpenDNS address in the laptop that gives us the most trouble and it has not had a problem in the last few hours. If it works all day tomorrow I will call this problem solved.
Thanks!
ASKER
We have not had a DNS problem in the last 26 hours so I am going to call this one closed. Thank you very much for all of your help, Vanguard L H !
1. Sounds like you cannot access the webpage, and Google tries to do search. Clear your DNS cache. Go to Start > Run and type CMD
and hit OK.
At the command prompt, type ipconfig /flushDNS
and hit OK.
2. Clear your cache. Go to Tools > Internet Options > General tab. Under Temporary Internet Files, click "Delete Files" button. Also click "Delete Cookies" button. Click OK.
3. Change the Maximum Transmission Unit in the registry
http://www.pctools.com/guides/registry/detail/280/
4. If no joy, check if your PC is blocking the site. Do a search for HOSTS file and open it with an editor like Notepad. Delete any line that has the blocked site in it.
HOSTS file is located in
Windows XP = C:\WINDOWS\SYSTEM32\DRIVER
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\
Win 98/ME = C:\WINDOWS
It is a hidden file. Go to any folder and select Tools > Folders Options > View. Check "Show hidden files and folders". Click OK.
5a. If you are using Internet Explorer, check if the site is restricted or blocked. Go to Tools > Internet Options > Security. Hightlight Restricted Sites and see if the blocked site is located there.
5b. Also under Content tab > Content Advisor, check if the site is restricted there. Remove it.
5c. Also, under Security tab, add the website to your trusted zone.
6. Check if antispyware, antivirus, or firewall is blocking the website.
Hope this helps!
war1