internet problem

techp
techp used Ask the Experts™
on

 in our network sometimes internet explorer gets error access denied(policy_denied) and it corrects automatically after sometimes . when it gets error , we cannot ping ip of that computer from another computer . but from that computer to other computer is ok .
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
try with some other browser if its working fine then check your proxy setting in IE., uncheck automatically detect settings.

Author

Commented:

 it is not browser issue or computer issue . same with different browser and different computers . it happens only for active directory users with proxy server
check any new security settings on your network is prevented. Else network team could be trying a new policy or a proxy server to check the Usage.
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Commented:
denied(policy_denied) is an error when your proxy server denies your request to a web page. This can be due to the rules configured in the proxy server, or the proxy admin playing with policy or if your proxy give u access based on user authentication via active directory, and your userid might not be there in the internet allowed group/ID

Author

Commented:

 hello ujitnos,

  this error comes only sometimes , all other time internet works .  

Commented:
yes, happens. It might also have to do with how your proxy is configured.  It happens if you change from a Wireless to LAN connections is your proxy is set in a particular way.

Does it happen only for you or all users? If its for all users then its definitely a rule in  the proxy thats doing this.  

Are you managing the proxy ? If not did u try contacting the  proxy admin ?

Author

Commented:

 it happens for different active directory users ..so many users. some users it gets everyday .
 we have bluecoat , mcafee and also group policy internet timing rule . it was noticed that when problem happens we cannot ping ip of the computer , but computer can ping other ip . a firewall block . but it is not computer problem as formatted computer also it happened


This is a known issue with the bluecoat proxy.   I would try a policy trace and see where the users are having problems because the error is kind of generic.  It appears to be an issue with a rule that is configured on the bluecoat proxy.  

enabling a policy trace
https://kb.bluecoat.com/index?page=content&id=KB2935

Author

Commented:

 hello activedirectoryman,

    if it is issue with rule of bluecoat , why it happens only sometimes . by policy trace what can be find out ?


policy trace is simply a debugging tool that is enabled for troubleshooting access to websites. if the website should be allowed but its denied or if its allowed but should be denied then using policy trace is the best way to diagnose the issue.

Commented:
Yes i too have observed this with Bluecoat proxy.

Create a last rule for any to any  and action as "none" . Now create a "track".
Go to https://<ipaddress>:8082/policy and select the tracker name. go through the log and see which policy is causing this.

Author

Commented:

 does it mean some policy rule in blue coat making error some times "access denied(policy_denied)" ?
 does it make any issue with group policy on active directroy ?

 note : only some time for different users at different times

Commented:
with group policy u r pushing the proxy setting to user. How is the authentication set in Bluecoat, IWA and BCAAA ? Check the global settings in IWA.

the error definitely say that a policy is blocking the access.

If u have one rule that defines a set of Active directory users access to the internet and a rule below it to block access to any other user, its possible that due any given reason the user ID is not populated in the set of users who has internet access, and so the traffic is being blocked by the rule below it.

Commented:
we cannot ping ip of the computer  - what do u mean by this ? You cannot ping the user system when this error appears ? are u pinging with hostname or IP address, when u say that you are not able to ping.

Author

Commented:

 from another computer i cannot ping computer which has problem
 i can ping any ip from the computer which has problem

 as you mentioned

 its possible that due any given reason the user ID is not populated in the set of users who has internet access

 what reason may be

i can write in detail error

"Access Denied (policy_denied)

Your system policy has denied access to the requested URL.

For assistance, contact your network support team.Your request was categorized by Blue Coat Web Filter as 'search engines' "

but everything ok sometimes and sometimes get same error

 

Commented:
Ok.. when the issue happens can u ping the proxy from the system which has the issue? also do a telnet on the proxy port from the system that has the issue.

telnet <ip address> <port>

see if u are able to connect (get a blank screen or a banner). If u are able to telnet and still get the error, you will need to go through the logs (policy trace) for the user when the issue happens.

Author

Commented:
able to ping
but telnet is not sure

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial