Some computers on my network can't access www.careerbuilder.com website and others can.
I have a strange issue. Some of the computers on my network can't access the Career Builder web site and others can (www.careerbuilder.com). All of the client computers are receiving their DHCP information from the same DHCP server so they have all of the same I/P and DNS settings.
Now to make it more complicated, my computer is one of the computers that "cannot" access the website. But if I plug into my Verizon Aircard then I can access the web site. I have also tried while on my network manually entering the DNS server to be used as the public DNS server 4.2.2.2 and still I can't access their website.
So it is not an issue with my computer since I can access the site when using my Verizon Aircard, it is not an issue with the network as most computers can access the site while on the network and it is not a DNS misconfiguration because I still can't access the website using public DNS.
This is the only website that we have found that we have this issue with???
I'm at a loss...
Now to make it more complicated, my computer is one of the computers that "cannot" access the website. But if I plug into my Verizon Aircard then I can access the web site. I have also tried while on my network manually entering the DNS server to be used as the public DNS server 4.2.2.2 and still I can't access their website.
So it is not an issue with my computer since I can access the site when using my Verizon Aircard, it is not an issue with the network as most computers can access the site while on the network and it is not a DNS misconfiguration because I still can't access the website using public DNS.
This is the only website that we have found that we have this issue with???
I'm at a loss...
ASKER
Yes, I've tried that.
What about a ping of www.careerbuilder.com?
ASKER
I have run ping tests and they are resolving the IP correctly.
I have run Trace Routes and the route is the same on both computers one that can and one that can't access the site.
I have run Trace Routes and the route is the same on both computers one that can and one that can't access the site.
ASKER
I hit submit to quickly.
I meant to add that i have even tried putting the IP into IE instead of the URL to verify weather it was a DNS issue or not and it still cannot connect using the IP address.
I meant to add that i have even tried putting the IP into IE instead of the URL to verify weather it was a DNS issue or not and it still cannot connect using the IP address.
have you tried nslookup to careerbuilder.com?
if you can ping the name to an ip, can you vistis the site on bad machines via the ip address?
are you sure the browsers on the bad machine aren't configured to use a proxy connection
can you telnet to the careerbuilder.com on oprt 80 from the bad machines and do a banner grab?
telnet careerbuilder.com 80
on the bad machine
and write any thing and a couple of enter's
Jfer
if you can ping the name to an ip, can you vistis the site on bad machines via the ip address?
are you sure the browsers on the bad machine aren't configured to use a proxy connection
can you telnet to the careerbuilder.com on oprt 80 from the bad machines and do a banner grab?
telnet careerbuilder.com 80
on the bad machine
and write any thing and a couple of enter's
Jfer
Are you using a proxy or secondary gateway?
ASKER
Here is the results to the nslookup from a bad machine. It looks fine.
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
U:\>nslookup careerbuilder.com
Server: servad.agmotion.com
Address: 172.16.0.12
Non-authoritative answer:
Name: careerbuilder.com
Addresses: 208.88.80.22
208.82.5.22
208.82.7.22
I cannot visit the site using the IP address from a bad machine.
I can telnet to careerbuilder.com but I don't receive anything back. Should I be seeing their banner returned to me?
Also, we are not using proxy and I have verified to make sure that IE wasn't accidentaly set to Proxy.
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
U:\>nslookup careerbuilder.com
Server: servad.agmotion.com
Address: 172.16.0.12
Non-authoritative answer:
Name: careerbuilder.com
Addresses: 208.88.80.22
208.82.5.22
208.82.7.22
I cannot visit the site using the IP address from a bad machine.
I can telnet to careerbuilder.com but I don't receive anything back. Should I be seeing their banner returned to me?
Also, we are not using proxy and I have verified to make sure that IE wasn't accidentaly set to Proxy.
careerbuilder website tries to figure out where you are, so it needs certain information about where you are coming from, usually provided by the webbrowser. It's possible that if this information is blocked, it wouldn't go through.
Now why it works on a different network card, that could be explained by having different network zones configured through your firewall.
Disable all and any firewalls, then try to access the site. Also if you are using strong privacy filters in your webbrowser, try disabling them.
Now why it works on a different network card, that could be explained by having different network zones configured through your firewall.
Disable all and any firewalls, then try to access the site. Also if you are using strong privacy filters in your webbrowser, try disabling them.
ASKER
I tried disabling all of the Network Cards other than the one I am connected to, still nothing.
I do not have the firewall turned on because we have a network firewall that all the machines sit behind which obviously isn't blockinng the rest of the computers from getting through.
I also tried disabling all non Microsoft services in the MSConfig to make sure it wasn't a software conflict.
When you say try dissabling privacy filters what could those be and how would I disable them?
I am running IE 7.0.6001 on Windows Vista.
Thanks,
I do not have the firewall turned on because we have a network firewall that all the machines sit behind which obviously isn't blockinng the rest of the computers from getting through.
I also tried disabling all non Microsoft services in the MSConfig to make sure it wasn't a software conflict.
When you say try dissabling privacy filters what could those be and how would I disable them?
I am running IE 7.0.6001 on Windows Vista.
Thanks,
Sometimes certain toolbars/plugins disable certain header information from being sent to the website.
But that wouldn't make sense if on the same computer you can connect through a different network and you don't have any specific firewalls.
this is what I would do:
1. clear all cache and cookies to make sure this is not the culprit.
2. get Paros http://www.parosproxy.org/index.shtml or wireshark and compare requests/responses from the working and non-working machines.
3. Reset all TCP/IP settings (easiest way is to uninstall nic driver then reinstall)
4. disable TCP/IP v6
5. change your mac address
if none of the above works then I have no idea what would.
But that wouldn't make sense if on the same computer you can connect through a different network and you don't have any specific firewalls.
this is what I would do:
1. clear all cache and cookies to make sure this is not the culprit.
2. get Paros http://www.parosproxy.org/index.shtml or wireshark and compare requests/responses from the working and non-working machines.
3. Reset all TCP/IP settings (easiest way is to uninstall nic driver then reinstall)
4. disable TCP/IP v6
5. change your mac address
if none of the above works then I have no idea what would.
ASKER
Thank you, I have to head out to my son's baseball game.
I will try this in the morning and let you know.
Much appreciated!!
I will try this in the morning and let you know.
Much appreciated!!
Hi
when you connect to telnet
do you get a blank screen?
that means it can establish the connection
try i different browser like firefox
that way we can rule problems out
Jfer
when you connect to telnet
do you get a blank screen?
that means it can establish the connection
try i different browser like firefox
that way we can rule problems out
Jfer
ASKER
I do get a blank screen like it is connecting. I will try and download Firefox and try that out. Great suggestion.
Thanks,
Thanks,
ASKER
I'm stumped...
I downloaded Firefox and it doesn't work from the bad computers either.
I downloaded Firefox and it doesn't work from the bad computers either.
Put a static A record in DNS, not ideal but may do the trick.
Best,
T
Best,
T
ASKER
I had already tried entering it into my host file and that still didn't work. Same end result as entering a static A record in DNS.
It is resolving the DNS but just doesn't open up the web page.
It is resolving the DNS but just doesn't open up the web page.
Ok,
put http://208.82.5.22
this is the ip for CB i found after nslookup
Are you the admin of the net by any chance?
Are the machines that are bad in same subnet?
Can you assign static ip to machine, with DNS of your Dns server?
I believe this can be a Layer Three Issue, since you mentioned u cannot visit by ip
Move the machine outside of company firewalls if possible, to the closest device to the ISP
Jfer
put http://208.82.5.22
this is the ip for CB i found after nslookup
Are you the admin of the net by any chance?
Are the machines that are bad in same subnet?
Can you assign static ip to machine, with DNS of your Dns server?
I believe this can be a Layer Three Issue, since you mentioned u cannot visit by ip
Move the machine outside of company firewalls if possible, to the closest device to the ISP
Jfer
I think maybe someone doesnt want u getting a new job!!
ASKER
No doubt!! It's actually our CEO who is trying
I am the Domain Admin. I tried using the static IP for CB. I also tried giving the computer a static IP and even tried using public DNS 4.2.2.2.
I am the Domain Admin. I tried using the static IP for CB. I also tried giving the computer a static IP and even tried using public DNS 4.2.2.2.
Is everything on the network going through the same router/security appliance? Take a tower/laptop that is not working, and move it to a station that IS working. hook it up there and see if it makes a differnece. If it does, then it could be a hardware firewall issue.
"I'm stumped...
I downloaded Firefox and it doesn't work from the bad computers either."
Why would you have expected it to? We have allready established that it is not a browser issue, because you can connect while using your aircard. It has to be something on the network end as the problem goes away when you bypass your network. I wish people would stop perpetuating this myth that firefox is somehow better than I.E. It just isn't true. Cut it out.
I downloaded Firefox and it doesn't work from the bad computers either."
Why would you have expected it to? We have allready established that it is not a browser issue, because you can connect while using your aircard. It has to be something on the network end as the problem goes away when you bypass your network. I wish people would stop perpetuating this myth that firefox is somehow better than I.E. It just isn't true. Cut it out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, I went ahead and kept moving closer to the ISP. Makes sense but the only reason I didn't before was because we are all on the same subnet and we all connect through the same security appliance, a cisco PIX 515E. As it turns out once I put my computer (a bad one) on the other side of the PIX I was able to pull up the site.
Why would the PIX cause issues with only some of the comuters connecting to the side? Should be all or none??
So should I get Cisco on the phone and see what they have to say? Seems like my only option.
Why would the PIX cause issues with only some of the comuters connecting to the side? Should be all or none??
So should I get Cisco on the phone and see what they have to say? Seems like my only option.
Nope,
just make sure the to view what effective policies the pix is pushing onto the subnet group
i figured that the bad ones where in the same subnet,
in any case check the logs on the Pix, as you load the site, post the failure or block reason
Jfer
just make sure the to view what effective policies the pix is pushing onto the subnet group
i figured that the bad ones where in the same subnet,
in any case check the logs on the Pix, as you load the site, post the failure or block reason
Jfer
ASKER
Again, all computers are on the same subnet. All policies affect all computers.
I will see if I can get a log from the PIX.
I will see if I can get a log from the PIX.
any progress?
ASKER
Sorry I was on vacation for 3 days.
Here is what I am getting from the PIX whenever I try and access the web site. Note: the 172.16.0.77 IP address is my computer's IP address.
305006: regular translation creation failed for udp src inside:172.16.0.77/55039 dst DMZ:10.10.1.101/161
It seems odd that it shows anything to do with the DMZ port because it's not even being used??
Here is what I am getting from the PIX whenever I try and access the web site. Note: the 172.16.0.77 IP address is my computer's IP address.
305006: regular translation creation failed for udp src inside:172.16.0.77/55039 dst DMZ:10.10.1.101/161
It seems odd that it shows anything to do with the DMZ port because it's not even being used??
ASKER
OK, well it took quite a bit of work and it even stumped the techs at Cisco.
They have been taking and analyzing all kinds of monitoring reports and were able to verify that the packets were just being dropped by the firewall for no reason. Finally we upgraded the PIX firmware version to 6.3.5 and it magically started working. All they can figure is that there is a bug in the code.
Upgrading the firmware version fixed the issue.
Thank you jfer0x01 for your help. Your suggestion of moving the bad machine closer to the ISP at least helped me verify that the issue was in fact caused by the firewall.
How should I work this as far as points? Even though your answer didn't solve the problem it helped me find the device that was the issue and I would like to give you points for that but I'm not sure what the protocol is in a case like this?
Please advise,
They have been taking and analyzing all kinds of monitoring reports and were able to verify that the packets were just being dropped by the firewall for no reason. Finally we upgraded the PIX firmware version to 6.3.5 and it magically started working. All they can figure is that there is a bug in the code.
Upgrading the firmware version fixed the issue.
Thank you jfer0x01 for your help. Your suggestion of moving the bad machine closer to the ISP at least helped me verify that the issue was in fact caused by the firewall.
How should I work this as far as points? Even though your answer didn't solve the problem it helped me find the device that was the issue and I would like to give you points for that but I'm not sure what the protocol is in a case like this?
Please advise,
Have you tried an "ipconfig /flushdns" from a command line on the affected machines? Could have some stale information...
Best,
T