Ben Keyser
asked on
Can't access secure sites
Windows 2000 server standard + SP4 and patches
Nothing else loaded on the server.
Connected to internet with wireless internet (IBurst). Connection is shared. Unable to access secure sites or log in to MSN Messenger from server or clients. I can access anything else from the server an workstations.
Move internet connection to a workstation (XP SP2) and share the connection, I can access everything and anything from all workstations and server, including secure sites and MSN Messenger.
Is there a default policy on the server that prevents access to secure sites? If not, what else do I look for?
Thanks
Ben
Nothing else loaded on the server.
Connected to internet with wireless internet (IBurst). Connection is shared. Unable to access secure sites or log in to MSN Messenger from server or clients. I can access anything else from the server an workstations.
Move internet connection to a workstation (XP SP2) and share the connection, I can access everything and anything from all workstations and server, including secure sites and MSN Messenger.
Is there a default policy on the server that prevents access to secure sites? If not, what else do I look for?
Thanks
Ben
Have you checked the date/time on your computer?
I have faced that problem when my servers were way out of sync in time.
I have faced that problem when my servers were way out of sync in time.
open internet explorer and then click on tools click on internet options now click on advace make scroll all the way to the bottom and make sure that ssl 1.0 2.0 and 3.0 are checked....
Some other suggestions included in these links:
http://www.helpwithwindows.com/WindowsXP/troub-10.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;813444
http://www.helpwithwindows.com/WindowsXP/troub-10.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;813444
I don't have a solution (yet), but do know at some point I had this problem and the problem does involve that the workstation running XP and the Server being 2000.
Just as a point to ask. On the XP machines, are they logging into a domain? I seem to remember that in my situation the users were in actuality the "Owner" in XP, and that was the problem. Somehow, even though they were either Standard or Power Users on the domain they were on, they were Administrators on the local machine, and the internet connection allowed them Administrator rights. (domain rights vs. local rights) You may need to see if they have local profiles or a profile defined on your server. You may need to get rid of the local machine logon and make sure they are using only a domain logon.
Sorry, I'm just getting over a 24 flu bug, and my mind is a bit scrambled, but maybe this makes enough sense for someone to continue or let you know if I'm way off base....
Loral
Just as a point to ask. On the XP machines, are they logging into a domain? I seem to remember that in my situation the users were in actuality the "Owner" in XP, and that was the problem. Somehow, even though they were either Standard or Power Users on the domain they were on, they were Administrators on the local machine, and the internet connection allowed them Administrator rights. (domain rights vs. local rights) You may need to see if they have local profiles or a profile defined on your server. You may need to get rid of the local machine logon and make sure they are using only a domain logon.
Sorry, I'm just getting over a 24 flu bug, and my mind is a bit scrambled, but maybe this makes enough sense for someone to continue or let you know if I'm way off base....
Loral
ASKER
Loral,
Your suggestions so far makes the most sense, especially since, as far as my knowledge and experience goes, the IE settings on the server does not affect the clients. Even though I have not made changes to policies, I believe the problem may just as well be related to a policy on the server.
To answer your question; no the clients aren't logged into the domain and all the clients are also local admins. I will test your theories over the weekend, when, by the looks of the current overcast weather in Johannesburg, there will be enough time.
Thanks
Ben Keyser
Your suggestions so far makes the most sense, especially since, as far as my knowledge and experience goes, the IE settings on the server does not affect the clients. Even though I have not made changes to policies, I believe the problem may just as well be related to a policy on the server.
To answer your question; no the clients aren't logged into the domain and all the clients are also local admins. I will test your theories over the weekend, when, by the looks of the current overcast weather in Johannesburg, there will be enough time.
Thanks
Ben Keyser
I think what I used to do in cases like this was to install XP and use the name "System".
This eliminated any one user being the "Owner". Then once I had my software installed (of "bonus software" removed") and had the computer setup as a Workstation; I then put the computer on the network logged in as the domain admin. Then added the users, whose security levels were mandated by the server, not from a local account from XP.
Does this make any sense? It works for me... :)
later,
loral
This eliminated any one user being the "Owner". Then once I had my software installed (of "bonus software" removed") and had the computer setup as a Workstation; I then put the computer on the network logged in as the domain admin. Then added the users, whose security levels were mandated by the server, not from a local account from XP.
Does this make any sense? It works for me... :)
later,
loral
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
baconyi,
I am waiting for a router to arrive, as it is. I am using ICS because internet access happens through a wireless modem connected to the server.
I can't see where to change the security on the server to allow for secure site? Only I can see is a policy, but can't find a policy that appears to pertain to this problem.
I am waiting for a router to arrive, as it is. I am using ICS because internet access happens through a wireless modem connected to the server.
I can't see where to change the security on the server to allow for secure site? Only I can see is a policy, but can't find a policy that appears to pertain to this problem.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
IBurst - wireless broadband.
ASKER
www.iburst.co.za for more info. Sure you've got similar in the states. Modem is manufactired by Kyocera.
ok so its like a cell phone, but for PC internet connection. can access anywhere it has coverage, pretty neat...
ok aside from that, sharing the internet is the least effective way to go, but since you said you're waiting for a router, then theres not much we can do here, disadvantage of sharing is everything goes thru the shared connection, slows things down a lot and in your case, the security settings/policies also take place.
depending on how many servers/computers you have, you might need to get a switch hooked up to the router for distribution of the internet.
DHCP set on the server is good because then you can see your address leases and which ip addresses are taking up a lease. well i guess most routers have that function too.. hah nevermind that last sentence... good luck with that, let us know if you need help setting that up, you prob dont but we'll be here! :)
Billy
ok aside from that, sharing the internet is the least effective way to go, but since you said you're waiting for a router, then theres not much we can do here, disadvantage of sharing is everything goes thru the shared connection, slows things down a lot and in your case, the security settings/policies also take place.
depending on how many servers/computers you have, you might need to get a switch hooked up to the router for distribution of the internet.
DHCP set on the server is good because then you can see your address leases and which ip addresses are taking up a lease. well i guess most routers have that function too.. hah nevermind that last sentence... good luck with that, let us know if you need help setting that up, you prob dont but we'll be here! :)
Billy
Billy