Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

WHAT THE HECK?? can't resolve .gov web pages

Posted on 2008-10-28
12
607 Views
Last Modified: 2013-12-08
Have a domain with one computer, (XP Pro with IE7 fully patched), that can't resolve most .gov public web pages. It can resolve our own .gov page, but not most .gov public web pages like some Coast Gaurd pages.

On that same domain, I can go to another computer (XP pro, IE7 fully patched) and it displays just fine. What I am trying to say is my domain DNS servers appear just fine.

Check this out, here is the odd part:

On the problem child computer, if you type HTTPS://(gov_webpage).gov it would load the web page. Or at least it use to. This worked for a while, and now doesn't.

On the other computers, these sites resolve just fine.

What the Heck??!!!

MY TROUBLESHOOTING:
~Checked DNS cache, it looks good.
~Checked the host file>>not configured with anything but the loopback address.
~I can resolve these sites on another PC. So, DNS is good.
~I can even ping the web page and get the right IPaddress for DNS resolution back from DNS, but the remote site has ICMP turned off. So, no replies to any PC's
~I went into internet explorer and disabled, Unchecked the option "check for HTTPS" in trusted sites. That didn't work.
~I went into control pannel and disabled windows firewall, just out of curiosity I check firewall in services and found out it was still running. So, I disabled it in services as well.  
~Most sites work just fine, on the problem child. Just not .GOV sites.
~I changed from Forwarders, to root hints and back to forwarders on my servers. No, change.
~only one machine is showing these problems.
~ I have not tried firefox yet.
~I added site to trusted sites
~NO errors in event logs.

Things to note:
~According to the user, this happened about a month ago. So, I am suspect to a PATCH or SP.

No,I am not smoking any wacky weed. Does anyone know of any settings that may knock down most .GOV web sites on one machine? I can't think of anything that would cause this.



0
Comment
Question by:ChiefIT
  • 6
  • 6
12 Comments
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22825284
Did someone load a custom hosts file?  You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/etc if I remember.

Does the DNS resolution on the problem child match the dns resolution on known good?  ie whatever.gov = same ip on both?

Do you have any IP based web filtering setup like ISA, webs, surf control etc?
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22825374
You are thinking along the same lines as I originally thought.

""Did someone load a custom hosts file?""
You know, a host file is exactly what I thought at first. ...default /windows/system32/drivers/etc I checked.

""You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/etc if I remember.""

This I didn't know. Do you have the 411 on that?

""Does the DNS resolution on the problem child match the dns resolution on known good?  ie whatever.gov = same ip on both?""

Actually, DNS resolves fine on even the problem child machine. When pining it, I get the right IP back. So, I don't think this issue comes from DNS. I am leaning more towards IE7 security. I also looked at the DNS cache of that problem child and it is exactly right.

Windows is making be bald.


0
 
LVL 7

Accepted Solution

by:
Mikealcl earned 500 total points
ID: 22825416
adaptor > properties > tcpip > advanced > WINS > Enable LMHOSTS lookup > Import LMHOSTS
Not sure how you tell if something is already loaded though.


Have you tried using another browser to see if it works?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 38

Author Comment

by:ChiefIT
ID: 22825486
~I am about to do another browser.

~I will check for LMHOST files, but I am very certain that is used in the event you need WINS resolution.

LMHOST>>WINS resolution
HOST>>DNS resolution

I suppose it might help to give you one of the sites this machine is having problems with:
http://ccrf.hhs.gov/
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22826466
Here is an update:

The sites work in Firefox. So, this is a problem with IE7. I would like to get IE7 to work. So, any ideas.

We imported Internet options, cookies favorites and other things to Firefox.

Firefox is an acceptable answer, but I would like to find out what's up with IE7.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826603
Are the .gov sites or zone listed in Tools > internet options > restricted sites?

I guess that could be located via local or domain policy as well.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826622
Oh I think I looked at wrong part.  I was thinking Privacy  > Sites.  
You can define hard blocks in that area I believe.  

Restricted sites just changes the security level.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826633
nm test site works w/ those settings.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826642
What about Content Advisor??  If that is enabled you can block sites with it.
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22826829
No content advisor or restricted sites

I did enable these sites in trusted sites.

I haven't checked local policy. Group policy would effect more than this one PC. I am the only administrator and know every group policy/site policy/domain policy because I built this domain on my own.
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22829922
Can't figure out why .GOV sites are problematic in IE7.

I don't see anyone else. So, full points to you for an alternative solution. I used Firefox.
0
 
LVL 38

Author Closing Comment

by:ChiefIT
ID: 31510902
It's odd that IE7 discrinates against the government. LOL

Well, I am sticking with IE7 until I can figure this out. Thanks for your input.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question