Some computers on my network can't access www.careerbuilder.com website and others can.

I have a strange issue. Some of the computers on my network can't access the Career Builder web site and others can (www.careerbuilder.com). All of the client computers are receiving their DHCP information from the same DHCP server so they have all of the same I/P and DNS settings.
Now to make it more complicated, my computer is one of the computers that "cannot" access the website. But if I plug into my Verizon Aircard then I can access the web site. I have also tried while on my network manually entering the DNS server to be used as the public DNS server 4.2.2.2 and still I can't access their website.
So it is not an issue with my computer since I can access the site when using my Verizon Aircard, it is not an issue with the network as most computers can access the site while on the network and it is not a DNS misconfiguration because I still can't access the website using public DNS.
This is the only website that we have found that we have this issue with???

I'm at a loss...
LVL 2
premillardAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tdukie13Commented:
Hi,
Have you tried an "ipconfig /flushdns" from a command line on the affected machines? Could have some stale information...

Best,
T
0
premillardAuthor Commented:
Yes, I've tried that.
0
tdukie13Commented:
What about a ping of www.careerbuilder.com?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

premillardAuthor Commented:
I have run ping tests and they are resolving the IP correctly.
I have run Trace Routes and the route is the same on both computers one that can and one that can't access the site.
0
premillardAuthor Commented:
I hit submit to quickly.
I meant to add that i have even tried putting the IP into IE instead of the URL to verify weather it was a DNS issue or not and it still cannot connect using the IP address.
0
jfer0x01Commented:
have you tried nslookup to careerbuilder.com?

if you can ping the name to an ip, can you vistis the site on bad machines via the ip address?

are you sure the browsers on the bad machine aren't configured to use a proxy connection

can you telnet to the careerbuilder.com on oprt 80 from the bad machines and do a banner grab?

telnet careerbuilder.com 80

on the bad machine

and write any thing and a couple of enter's

Jfer
0
tdukie13Commented:
Are you using a proxy or secondary gateway?
0
premillardAuthor Commented:
Here is the results to the nslookup from a bad machine. It looks fine.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

U:\>nslookup careerbuilder.com
Server:  servad.agmotion.com
Address:  172.16.0.12

Non-authoritative answer:
Name:    careerbuilder.com
Addresses:  208.88.80.22
          208.82.5.22
          208.82.7.22
I cannot visit the site using the IP address from a bad machine.

I can telnet to careerbuilder.com but I don't receive anything back. Should I be seeing their banner returned to me?

Also, we are not using proxy and I have verified to make sure that IE wasn't accidentaly set to Proxy.
0
ahmad2121Commented:
careerbuilder website tries to figure out where you are, so it needs certain information about where you are coming from, usually provided by the webbrowser. It's possible that if this information is blocked, it wouldn't go through.

Now why it works on a different network card, that could be explained by having different network zones configured through your firewall.

Disable all and any firewalls, then try to access the site. Also if you are using strong privacy filters in your webbrowser, try disabling them.
0
premillardAuthor Commented:
I tried disabling all of the Network Cards other than the one I am connected to, still nothing.
I do not have the firewall turned on because we have a network firewall that all the machines sit behind which obviously isn't blockinng the rest of the computers from getting through.
I also tried disabling all non Microsoft services in the MSConfig to make sure it wasn't a software conflict.

When you say try dissabling privacy filters what could those be and how would I disable them?
I am running IE 7.0.6001 on Windows Vista.

Thanks,
0
ahmad2121Commented:
Sometimes certain toolbars/plugins disable certain header information from being sent to the website.

But that wouldn't make sense if on the same computer you can connect through a different network and you don't have any specific firewalls.

this is what I would do:

1. clear all cache and cookies to make sure this is not the culprit.
2. get Paros http://www.parosproxy.org/index.shtml or wireshark and compare requests/responses from the working and non-working machines.
3. Reset all TCP/IP settings (easiest way is to uninstall nic driver then reinstall)
4. disable TCP/IP v6
5. change your mac address

if none of the above works then I have no idea what would.
0
premillardAuthor Commented:
Thank you, I have to head out to my son's baseball game.
I will try this in the morning and let you know.
Much appreciated!!
0
jfer0x01Commented:
Hi

when you connect to telnet

do you get a blank screen?

that means it can establish the connection

try i different browser like firefox

that way we can rule problems out

Jfer

0
premillardAuthor Commented:
I do get a blank screen like it is connecting. I will try and download Firefox and try that out. Great suggestion.
Thanks,
0
premillardAuthor Commented:
I'm stumped...
I downloaded Firefox and it doesn't work from the bad computers either.
0
tdukie13Commented:
Put a static A record in DNS, not ideal but may do the trick.

Best,
T
0
premillardAuthor Commented:
I had already tried entering it into my host file and that still didn't work. Same end result as entering a static A record in DNS.
It is resolving the DNS but just doesn't open up the web page.
0
jfer0x01Commented:
Ok,

put http://208.82.5.22

this is the ip for CB i found after nslookup

Are you the admin of the net by any chance?

Are the machines that are bad in same subnet?

Can you assign static ip to machine, with DNS of your Dns server?

I believe this can be a Layer Three Issue, since you mentioned u cannot visit by ip

Move the machine outside of company firewalls if possible, to the closest device to the ISP


Jfer
0
jfer0x01Commented:
I think maybe someone doesnt want u getting a new job!!
0
premillardAuthor Commented:
No doubt!! It's actually our CEO who is trying

I am the Domain Admin. I tried using the static IP for CB. I also tried giving the computer a static IP and even tried using public DNS 4.2.2.2.
0
YourPCMedic2Commented:
Is everything on the network going through the same router/security appliance? Take a tower/laptop that is not working, and move it to a station that IS working. hook it up there and see if it makes a differnece. If it does, then it could be a hardware firewall issue.
0
YourPCMedic2Commented:
"I'm stumped...
I downloaded Firefox and it doesn't work from the bad computers either."

  Why would you have expected it to? We have allready established that it is not a browser issue, because you can connect while using your aircard. It has to be something on the network end as the problem goes away when you bypass your network. I wish people would stop perpetuating this myth that firefox is somehow better than I.E. It just isn't true. Cut it out.
0
jfer0x01Commented:
Try to move devices beyond firewall, closets to ISP,

Jfer
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
premillardAuthor Commented:
Well, I went ahead and kept moving closer to the ISP. Makes sense but the only reason I didn't before was because we are all on the same subnet and we all connect through the same security appliance, a cisco PIX 515E. As it turns out once I put my computer (a bad one) on the other side of the PIX I was able to pull up the site.
Why would the PIX cause issues with only some of the comuters connecting to the side? Should be all or none??
So should I get Cisco on the phone and see what they have to say? Seems like my only option.
0
jfer0x01Commented:
Nope,

just make sure the to view what effective policies the pix is pushing onto the subnet group

i figured that the bad ones where in the same subnet,

in any case check the logs on the Pix, as you load the site, post the failure or block reason

Jfer
0
premillardAuthor Commented:
Again, all computers are on the same subnet. All policies affect all computers.
I will see if I can get a log from the PIX.
0
jfer0x01Commented:
any progress?
0
premillardAuthor Commented:
Sorry I was on vacation for 3 days.
Here is what I am getting from the PIX whenever I try and access the web site. Note: the 172.16.0.77 IP address is my computer's IP address.

305006: regular translation creation failed for udp src inside:172.16.0.77/55039 dst DMZ:10.10.1.101/161

It seems odd that it shows anything to do with the DMZ port because it's not even being used??
0
premillardAuthor Commented:
OK, well it took quite a bit of work and it even stumped the techs at Cisco.
They have been taking and analyzing all kinds of monitoring reports and were able to verify that the packets were just being dropped by the firewall for no reason. Finally we upgraded the PIX firmware version to 6.3.5 and it magically started working. All they can figure is that there is a bug in the code.
Upgrading the firmware version fixed the issue.
Thank you jfer0x01 for your help. Your suggestion of moving the bad machine closer to the ISP at least helped me verify that the issue was in fact caused by the firewall.
How should I work this as far as points? Even though your answer didn't solve the problem it helped me find the device that was the issue and I would like to give you points for that but I'm not sure what the protocol is in a case like this?
Please advise,
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.