• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 261
  • Last Modified:

Can't access secure sites

Windows 2000 server standard + SP4 and patches

Nothing else loaded on the server.

Connected to internet with wireless internet (IBurst). Connection is shared. Unable to access secure sites or log in to MSN Messenger from server or clients. I can access anything else from the server an workstations.

Move internet connection to a workstation (XP SP2) and share the connection, I can access everything and anything from all workstations and server, including secure sites and MSN Messenger.

Is there a default policy on the server that prevents access to secure sites? If not, what else do I look for?

Thanks
Ben
0
Ben Keyser
Asked:
Ben Keyser
  • 4
  • 3
  • 3
  • +3
2 Solutions
 
baconyiCommented:
by default, server IE's security settings are set higher than a client OS.  this might be your problem, becareful how you change this but right click the IE icon, goto properties, and clikc security, you can customize the settings to how you see fit, but since this is a server, it also allows more attacks to it which obviously isnt good.
Billy
0
 
eaperezhCommented:
Have you checked the date/time on your computer?
I have faced that problem when my servers were way out of sync in time.
0
 
jimmymcp02Commented:
open internet explorer and then click on tools click on internet options now click on advace make scroll all the way to the bottom and make sure that ssl 1.0 2.0 and 3.0 are checked....
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
Rob WilliamsCommented:
0
 
loralCommented:
I don't have a solution (yet), but do know at some point I had this problem and the problem does involve that the workstation running XP and the Server being 2000.

Just as a point to ask.  On the XP machines, are they logging into a domain?   I seem to remember that in my situation the users were in actuality the "Owner" in XP, and that was the problem.  Somehow, even though they were either Standard or Power Users on the domain they were on, they were Administrators on the local machine, and the internet connection allowed them Administrator rights.  (domain rights vs. local rights)  You may need to see if they have local profiles or a profile defined on your server.  You may need to get rid of the local machine logon and make sure they are using only a domain logon.

Sorry, I'm just getting over a 24 flu bug, and my mind is a bit scrambled, but maybe this makes enough sense for someone to continue or let you know if I'm way off base....

Loral

0
 
Ben KeyserOwner/EntrepreneurAuthor Commented:
Loral,
Your suggestions so far makes the most sense, especially since, as far as my knowledge and experience goes, the IE settings on the server does not affect the clients. Even though I have not made changes to policies, I believe the problem may just as well be related to a policy on the server.

To answer your question; no the clients aren't logged into the domain and all the clients are also local admins. I will test your theories over the weekend, when, by the looks of the current overcast weather in Johannesburg, there will be enough time.

Thanks

Ben Keyser
0
 
loralCommented:
I think what I used to do in cases like this was to install XP and use the name "System".

This eliminated any one user being the "Owner".   Then once I had my software installed (of "bonus software" removed") and had the computer setup as a Workstation; I then put the computer on the network logged in as the domain admin.  Then added the users, whose security levels were mandated by the server, not from a local account from XP.

Does this make any sense?  It works for me... :)

later,
loral
0
 
baconyiCommented:
you said you're using internet connection sharing? are you doing that for a specific reason? and if you are sharing the internet it using the security level of the server, thats why you can access when the sharing is on a client....

not sure what is iburst, but why not just get a wireless router to take care of internet?
0
 
Ben KeyserOwner/EntrepreneurAuthor Commented:
baconyi,

I am waiting for a router to arrive, as it is. I am using ICS because internet access happens through a wireless modem connected to the server.

I can't see where to change the security on the server to allow for secure site? Only I can see is a policy, but can't find a policy that appears to pertain to this problem.
0
 
loralCommented:
Well, since baconyi admitted it, I will too.... I have no idea what I Burst is.

You will have better luck with a router as opposed to using ICS.  This way you can point each workstation to the router address for internet access.
0
 
Ben KeyserOwner/EntrepreneurAuthor Commented:
IBurst - wireless broadband.
0
 
Ben KeyserOwner/EntrepreneurAuthor Commented:
www.iburst.co.za for more info. Sure you've got similar in the states. Modem is manufactired by Kyocera.
0
 
baconyiCommented:
ok so its like a cell phone, but for PC internet connection.  can access anywhere it has coverage, pretty neat...

ok aside from that, sharing the internet is the least effective way to go, but since you said you're waiting for a router, then theres not much we can do here, disadvantage of sharing is everything goes thru the shared connection, slows things down a lot and in your case, the security settings/policies also take place.

depending on how many servers/computers you have, you might need to get a switch hooked up to the router for distribution of the internet.

DHCP set on the server is good because then you can see your address leases and which ip addresses are taking up a lease.  well i guess most routers have that function too.. hah nevermind that last sentence... good luck with that, let us know if you need help setting that up, you prob dont but we'll be here! :)
Billy
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 4
  • 3
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now