Solved

WHAT THE HECK?? can't resolve .gov web pages

Posted on 2008-10-28
12
603 Views
Last Modified: 2013-12-08
Have a domain with one computer, (XP Pro with IE7 fully patched), that can't resolve most .gov public web pages. It can resolve our own .gov page, but not most .gov public web pages like some Coast Gaurd pages.

On that same domain, I can go to another computer (XP pro, IE7 fully patched) and it displays just fine. What I am trying to say is my domain DNS servers appear just fine.

Check this out, here is the odd part:

On the problem child computer, if you type HTTPS://(gov_webpage).gov it would load the web page. Or at least it use to. This worked for a while, and now doesn't.

On the other computers, these sites resolve just fine.

What the Heck??!!!

MY TROUBLESHOOTING:
~Checked DNS cache, it looks good.
~Checked the host file>>not configured with anything but the loopback address.
~I can resolve these sites on another PC. So, DNS is good.
~I can even ping the web page and get the right IPaddress for DNS resolution back from DNS, but the remote site has ICMP turned off. So, no replies to any PC's
~I went into internet explorer and disabled, Unchecked the option "check for HTTPS" in trusted sites. That didn't work.
~I went into control pannel and disabled windows firewall, just out of curiosity I check firewall in services and found out it was still running. So, I disabled it in services as well.  
~Most sites work just fine, on the problem child. Just not .GOV sites.
~I changed from Forwarders, to root hints and back to forwarders on my servers. No, change.
~only one machine is showing these problems.
~ I have not tried firefox yet.
~I added site to trusted sites
~NO errors in event logs.

Things to note:
~According to the user, this happened about a month ago. So, I am suspect to a PATCH or SP.

No,I am not smoking any wacky weed. Does anyone know of any settings that may knock down most .GOV web sites on one machine? I can't think of anything that would cause this.



0
Comment
Question by:ChiefIT
  • 6
  • 6
12 Comments
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22825284
Did someone load a custom hosts file?  You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/etc if I remember.

Does the DNS resolution on the problem child match the dns resolution on known good?  ie whatever.gov = same ip on both?

Do you have any IP based web filtering setup like ISA, webs, surf control etc?
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22825374
You are thinking along the same lines as I originally thought.

""Did someone load a custom hosts file?""
You know, a host file is exactly what I thought at first. ...default /windows/system32/drivers/etc I checked.

""You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/etc if I remember.""

This I didn't know. Do you have the 411 on that?

""Does the DNS resolution on the problem child match the dns resolution on known good?  ie whatever.gov = same ip on both?""

Actually, DNS resolves fine on even the problem child machine. When pining it, I get the right IP back. So, I don't think this issue comes from DNS. I am leaning more towards IE7 security. I also looked at the DNS cache of that problem child and it is exactly right.

Windows is making be bald.


0
 
LVL 7

Accepted Solution

by:
Mikealcl earned 500 total points
ID: 22825416
adaptor > properties > tcpip > advanced > WINS > Enable LMHOSTS lookup > Import LMHOSTS
Not sure how you tell if something is already loaded though.


Have you tried using another browser to see if it works?
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22825486
~I am about to do another browser.

~I will check for LMHOST files, but I am very certain that is used in the event you need WINS resolution.

LMHOST>>WINS resolution
HOST>>DNS resolution

I suppose it might help to give you one of the sites this machine is having problems with:
http://ccrf.hhs.gov/
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22826466
Here is an update:

The sites work in Firefox. So, this is a problem with IE7. I would like to get IE7 to work. So, any ideas.

We imported Internet options, cookies favorites and other things to Firefox.

Firefox is an acceptable answer, but I would like to find out what's up with IE7.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826603
Are the .gov sites or zone listed in Tools > internet options > restricted sites?

I guess that could be located via local or domain policy as well.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826622
Oh I think I looked at wrong part.  I was thinking Privacy  > Sites.  
You can define hard blocks in that area I believe.  

Restricted sites just changes the security level.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826633
nm test site works w/ those settings.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22826642
What about Content Advisor??  If that is enabled you can block sites with it.
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22826829
No content advisor or restricted sites

I did enable these sites in trusted sites.

I haven't checked local policy. Group policy would effect more than this one PC. I am the only administrator and know every group policy/site policy/domain policy because I built this domain on my own.
0
 
LVL 38

Author Comment

by:ChiefIT
ID: 22829922
Can't figure out why .GOV sites are problematic in IE7.

I don't see anyone else. So, full points to you for an alternative solution. I used Firefox.
0
 
LVL 38

Author Closing Comment

by:ChiefIT
ID: 31510902
It's odd that IE7 discrinates against the government. LOL

Well, I am sticking with IE7 until I can figure this out. Thanks for your input.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now