• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 626
  • Last Modified:

WHAT THE HECK?? can't resolve .gov web pages

Have a domain with one computer, (XP Pro with IE7 fully patched), that can't resolve most .gov public web pages. It can resolve our own .gov page, but not most .gov public web pages like some Coast Gaurd pages.

On that same domain, I can go to another computer (XP pro, IE7 fully patched) and it displays just fine. What I am trying to say is my domain DNS servers appear just fine.

Check this out, here is the odd part:

On the problem child computer, if you type HTTPS://(gov_webpage).gov it would load the web page. Or at least it use to. This worked for a while, and now doesn't.

On the other computers, these sites resolve just fine.

What the Heck??!!!

MY TROUBLESHOOTING:
~Checked DNS cache, it looks good.
~Checked the host file>>not configured with anything but the loopback address.
~I can resolve these sites on another PC. So, DNS is good.
~I can even ping the web page and get the right IPaddress for DNS resolution back from DNS, but the remote site has ICMP turned off. So, no replies to any PC's
~I went into internet explorer and disabled, Unchecked the option "check for HTTPS" in trusted sites. That didn't work.
~I went into control pannel and disabled windows firewall, just out of curiosity I check firewall in services and found out it was still running. So, I disabled it in services as well.  
~Most sites work just fine, on the problem child. Just not .GOV sites.
~I changed from Forwarders, to root hints and back to forwarders on my servers. No, change.
~only one machine is showing these problems.
~ I have not tried firefox yet.
~I added site to trusted sites
~NO errors in event logs.

Things to note:
~According to the user, this happened about a month ago. So, I am suspect to a PATCH or SP.

No,I am not smoking any wacky weed. Does anyone know of any settings that may knock down most .GOV web sites on one machine? I can't think of anything that would cause this.



0
ChiefIT
Asked:
ChiefIT
  • 6
  • 6
1 Solution
 
MikealclCommented:
Did someone load a custom hosts file?  You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/etc if I remember.

Does the DNS resolution on the problem child match the dns resolution on known good?  ie whatever.gov = same ip on both?

Do you have any IP based web filtering setup like ISA, webs, surf control etc?
0
 
ChiefITAuthor Commented:
You are thinking along the same lines as I originally thought.

""Did someone load a custom hosts file?""
You know, a host file is exactly what I thought at first. ...default /windows/system32/drivers/etc I checked.

""You can select a host file to load in the network adapter configuration instead of using the default /windows/system32/drivers/etc if I remember.""

This I didn't know. Do you have the 411 on that?

""Does the DNS resolution on the problem child match the dns resolution on known good?  ie whatever.gov = same ip on both?""

Actually, DNS resolves fine on even the problem child machine. When pining it, I get the right IP back. So, I don't think this issue comes from DNS. I am leaning more towards IE7 security. I also looked at the DNS cache of that problem child and it is exactly right.

Windows is making be bald.


0
 
MikealclCommented:
adaptor > properties > tcpip > advanced > WINS > Enable LMHOSTS lookup > Import LMHOSTS
Not sure how you tell if something is already loaded though.


Have you tried using another browser to see if it works?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ChiefITAuthor Commented:
~I am about to do another browser.

~I will check for LMHOST files, but I am very certain that is used in the event you need WINS resolution.

LMHOST>>WINS resolution
HOST>>DNS resolution

I suppose it might help to give you one of the sites this machine is having problems with:
http://ccrf.hhs.gov/
0
 
ChiefITAuthor Commented:
Here is an update:

The sites work in Firefox. So, this is a problem with IE7. I would like to get IE7 to work. So, any ideas.

We imported Internet options, cookies favorites and other things to Firefox.

Firefox is an acceptable answer, but I would like to find out what's up with IE7.
0
 
MikealclCommented:
Are the .gov sites or zone listed in Tools > internet options > restricted sites?

I guess that could be located via local or domain policy as well.
0
 
MikealclCommented:
Oh I think I looked at wrong part.  I was thinking Privacy  > Sites.  
You can define hard blocks in that area I believe.  

Restricted sites just changes the security level.
0
 
MikealclCommented:
nm test site works w/ those settings.
0
 
MikealclCommented:
What about Content Advisor??  If that is enabled you can block sites with it.
0
 
ChiefITAuthor Commented:
No content advisor or restricted sites

I did enable these sites in trusted sites.

I haven't checked local policy. Group policy would effect more than this one PC. I am the only administrator and know every group policy/site policy/domain policy because I built this domain on my own.
0
 
ChiefITAuthor Commented:
Can't figure out why .GOV sites are problematic in IE7.

I don't see anyone else. So, full points to you for an alternative solution. I used Firefox.
0
 
ChiefITAuthor Commented:
It's odd that IE7 discrinates against the government. LOL

Well, I am sticking with IE7 until I can figure this out. Thanks for your input.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now