WHAT THE HECK?? can't resolve .gov web pages
Have a domain with one computer, (XP Pro with IE7 fully patched), that can't resolve most .gov public web pages. It can resolve our own .gov page, but not most .gov public web pages like some Coast Gaurd pages.
On that same domain, I can go to another computer (XP pro, IE7 fully patched) and it displays just fine. What I am trying to say is my domain DNS servers appear just fine.
Check this out, here is the odd part:
On the problem child computer, if you type HTTPS://(gov_webpage).gov it would load the web page. Or at least it use to. This worked for a while, and now doesn't.
On the other computers, these sites resolve just fine.
What the Heck??!!!
MY TROUBLESHOOTING:
~Checked DNS cache, it looks good.
~Checked the host file>>not configured with anything but the loopback address.
~I can resolve these sites on another PC. So, DNS is good.
~I can even ping the web page and get the right IPaddress for DNS resolution back from DNS, but the remote site has ICMP turned off. So, no replies to any PC's
~I went into internet explorer and disabled, Unchecked the option "check for HTTPS" in trusted sites. That didn't work.
~I went into control pannel and disabled windows firewall, just out of curiosity I check firewall in services and found out it was still running. So, I disabled it in services as well.
~Most sites work just fine, on the problem child. Just not .GOV sites.
~I changed from Forwarders, to root hints and back to forwarders on my servers. No, change.
~only one machine is showing these problems.
~ I have not tried firefox yet.
~I added site to trusted sites
~NO errors in event logs.
Things to note:
~According to the user, this happened about a month ago. So, I am suspect to a PATCH or SP.
No,I am not smoking any wacky weed. Does anyone know of any settings that may knock down most .GOV web sites on one machine? I can't think of anything that would cause this.
On that same domain, I can go to another computer (XP pro, IE7 fully patched) and it displays just fine. What I am trying to say is my domain DNS servers appear just fine.
Check this out, here is the odd part:
On the problem child computer, if you type HTTPS://(gov_webpage).gov it would load the web page. Or at least it use to. This worked for a while, and now doesn't.
On the other computers, these sites resolve just fine.
What the Heck??!!!
MY TROUBLESHOOTING:
~Checked DNS cache, it looks good.
~Checked the host file>>not configured with anything but the loopback address.
~I can resolve these sites on another PC. So, DNS is good.
~I can even ping the web page and get the right IPaddress for DNS resolution back from DNS, but the remote site has ICMP turned off. So, no replies to any PC's
~I went into internet explorer and disabled, Unchecked the option "check for HTTPS" in trusted sites. That didn't work.
~I went into control pannel and disabled windows firewall, just out of curiosity I check firewall in services and found out it was still running. So, I disabled it in services as well.
~Most sites work just fine, on the problem child. Just not .GOV sites.
~I changed from Forwarders, to root hints and back to forwarders on my servers. No, change.
~only one machine is showing these problems.
~ I have not tried firefox yet.
~I added site to trusted sites
~NO errors in event logs.
Things to note:
~According to the user, this happened about a month ago. So, I am suspect to a PATCH or SP.
No,I am not smoking any wacky weed. Does anyone know of any settings that may knock down most .GOV web sites on one machine? I can't think of anything that would cause this.
ASKER
You are thinking along the same lines as I originally thought.
""Did someone load a custom hosts file?""
You know, a host file is exactly what I thought at first. ...default /windows/system32/drivers/
""You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/
This I didn't know. Do you have the 411 on that?
""Does the DNS resolution on the problem child match the dns resolution on known good? ie whatever.gov = same ip on both?""
Actually, DNS resolves fine on even the problem child machine. When pining it, I get the right IP back. So, I don't think this issue comes from DNS. I am leaning more towards IE7 security. I also looked at the DNS cache of that problem child and it is exactly right.
Windows is making be bald.
""Did someone load a custom hosts file?""
You know, a host file is exactly what I thought at first. ...default /windows/system32/drivers/
""You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/
This I didn't know. Do you have the 411 on that?
""Does the DNS resolution on the problem child match the dns resolution on known good? ie whatever.gov = same ip on both?""
Actually, DNS resolves fine on even the problem child machine. When pining it, I get the right IP back. So, I don't think this issue comes from DNS. I am leaning more towards IE7 security. I also looked at the DNS cache of that problem child and it is exactly right.
Windows is making be bald.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
~I am about to do another browser.
~I will check for LMHOST files, but I am very certain that is used in the event you need WINS resolution.
LMHOST>>WINS resolution
HOST>>DNS resolution
I suppose it might help to give you one of the sites this machine is having problems with:
http://ccrf.hhs.gov/
~I will check for LMHOST files, but I am very certain that is used in the event you need WINS resolution.
LMHOST>>WINS resolution
HOST>>DNS resolution
I suppose it might help to give you one of the sites this machine is having problems with:
http://ccrf.hhs.gov/
ASKER
Here is an update:
The sites work in Firefox. So, this is a problem with IE7. I would like to get IE7 to work. So, any ideas.
We imported Internet options, cookies favorites and other things to Firefox.
Firefox is an acceptable answer, but I would like to find out what's up with IE7.
The sites work in Firefox. So, this is a problem with IE7. I would like to get IE7 to work. So, any ideas.
We imported Internet options, cookies favorites and other things to Firefox.
Firefox is an acceptable answer, but I would like to find out what's up with IE7.
Are the .gov sites or zone listed in Tools > internet options > restricted sites?
I guess that could be located via local or domain policy as well.
I guess that could be located via local or domain policy as well.
Oh I think I looked at wrong part. I was thinking Privacy > Sites.
You can define hard blocks in that area I believe.
Restricted sites just changes the security level.
You can define hard blocks in that area I believe.
Restricted sites just changes the security level.
nm test site works w/ those settings.
What about Content Advisor?? If that is enabled you can block sites with it.
ASKER
No content advisor or restricted sites
I did enable these sites in trusted sites.
I haven't checked local policy. Group policy would effect more than this one PC. I am the only administrator and know every group policy/site policy/domain policy because I built this domain on my own.
I did enable these sites in trusted sites.
I haven't checked local policy. Group policy would effect more than this one PC. I am the only administrator and know every group policy/site policy/domain policy because I built this domain on my own.
ASKER
Can't figure out why .GOV sites are problematic in IE7.
I don't see anyone else. So, full points to you for an alternative solution. I used Firefox.
I don't see anyone else. So, full points to you for an alternative solution. I used Firefox.
ASKER
It's odd that IE7 discrinates against the government. LOL
Well, I am sticking with IE7 until I can figure this out. Thanks for your input.
Well, I am sticking with IE7 until I can figure this out. Thanks for your input.
Does the DNS resolution on the problem child match the dns resolution on known good? ie whatever.gov = same ip on both?
Do you have any IP based web filtering setup like ISA, webs, surf control etc?