Solved

Can't open certain websites

Posted on 2012-03-13
38
2,061 Views
Last Modified: 2012-04-02
Now have two unit at one remote branch that are unable to open sites such as www.westjet.ca and www.adobe.com are two I know for sure. Home Page opens fine at www.google.ca, www.msn.ca, ca.yahoo.com etc open fine.

I've tried on one them, with Firefox and Google Chrome -still not able to open these two sites.

I thought it was DNS, but I've even tried Google's Public DNS. Don't believe this was an issue prior to upgrading to New SonicWall routers at all 5 remote branches, the other branches are working fine to my knowledge and I can't find anything that stands out on this Branches Router that would effect browsing these two sites from loading. I've turned off the UTM security services on the WAN zone on their SonicWall TZ100 router to see if any difference, none

Run Symantec Endpoint client Ver 12.1 the same on all our workstation, but I tried disabling auto protect to check, firewall in Windows is Off and still an issue

Note sure what else to check or how to trace why its not opening these two pages.

Any Suggestions on what to check for would be appreciated, I need to get this resolved today.
0
Comment
Question by:CATHY-IT
  • 19
  • 10
  • 5
  • +2
38 Comments
 
LVL 7

Expert Comment

by:David_Hagerman
ID: 37714877
Can you let us know a little more info?

- what error you are getting on the clients browser?
- I take you have checked and nothing is set to block these users
- Can anyone behind this firewall hit these sites?
0
 

Author Comment

by:CATHY-IT
ID: 37714985
I do not get any errors, just sits there searching, waiting to load the page, screen stays pretty much blank for along time.

Blocking these Users.. I'm currently logged into the Desktop that's having the issue as the Network Administrator of our Domain, I have no issues here at Head office, though I'm new to Sonicwall TZ100 router, so I'm not sure if there is anything within that I should be checking.

FYI: this Desktop was just re-formatted and XP re-installed with SP3 and all updates applied.
Installed Firefox a few moments ago,, was able to open www.adobe.com but not westjet or box.com
Other PCs's have access to these sites: I do not have access to another unit at that remote branch at this moment, but that is definitely something I want to find out.
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37715121
from a command prompt - at each of the problem locations do an ipconfig /all

Look at the DNS entries - If it's pointing to a local router then the DNS settings in that router may be off. It it's pointing to a local server - the server's DNS configuration may not be up to date
0
 

Author Comment

by:CATHY-IT
ID: 37715178
Usually I have the DNS pointing to our DNS server which is also the DC here at head office so that can browse their Mapped drives, but to rule that out I change it back to auto detect and it now has the WAN DNS s which are setup automatically by the ISP PPPOE connection this office and the others a like use, Head Office is using Static IP via Fiber connection and I also tried setting this workstation DNS to Google's public DNS 8.8.8.8..no change
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37715310
Have you checked to see if there are any VPN connections between the DC location and this location. That would cause exactly the problem you are experiencing
0
 

Author Comment

by:CATHY-IT
ID: 37715379
Yes.. all our sites are  VPN Site to Site connections via the Sonicwall Routers TZ100 at all five branches and TZ210 here at Head Office.. and I just check on a desktop from another branch and that workstation can open these websites just fine.. Wondering if something in the VPN site to Site settings of this particular Branch that  maybe different, anything I should check for?
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37715495
I would open up a CMD box at that location and do a
Ping westjet.ca   or to any sites that you are not able to get into - Then Ping the same sites from a location that you know you can access those same sites.

If the ping returns the proper IP at the bad location but can't get a reply - and get the proper replies from a good location then you have a block on some of those sites.

If it doesn't even get an iP back from the ping - but does at the good site then start looking at the DNS process
0
 

Author Comment

by:CATHY-IT
ID: 37715722
I had tried this a bit earlier, but decided I do it again to be more thorough.

From My Workstation - I CAN browse these sites Via IE 9.0 on Win 7

www.westjet.com pings to 72.29.231.101 with no response
www.adobe.com pings to 192.150.16.64 with no response
www.box.com pings to 74.112.184.198 - Responses - go to IE type in this IP and it resolves to www.box.com and Opens fine

Branch Workstation - Can NOT browse these sites via IE V8.0

www.westjet.com pings to 72.29.231.101 with no response
www.adobe.com pings to 192.150.16.64 with no response
www.box.com pings to 74.112.184.70 with RESPONSE - note last IP section is different then above but I was able to ping the IP I received from www.box.com on the branch workstation as well.. In IE - type in the IP 74.112.184.70 - resolutes to www.box.com and then hangs loading same as if I had enter www.box.com in the address bar.

it appears DNS is working find from my understand
0
 

Author Comment

by:CATHY-IT
ID: 37716133
Confirmed.. a laptop at the same branch office as the Desktop and other laptop that can't browse these sites, was able to open them find.

Before the above was confirmed though, I have been checking the VPN site to site settings and made a change to have them exactly the same as the other 4, didn't make any difference.

I'm getting stumped here bad, Can't be the router is thus far at least one other computer is able to browse these sites....... any more ideas?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37719249
Give this a try.

On Sonciwall admin go to logs -> Name Resolution. Change the setting to "DNS" if it is not already set that way. Be sure to click Accept.

I know this is supposed to be just for name resolution in the logs, but this change has solved the very same problem at other sites.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 37719522
instead of using ping try using a tracert to trace the route to the web server of interest
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37719630
If you ping www.box.com and DON'T get 74.112.184.198 (Which is the correct IP address - then somewhere in the world a DNS server is routing improperly.

I tend to agree with ve3ofa  above - try it with tracert www.box.com  at some point.

Now - just to confuse the matter - try going to just box.com  vs www.box.com  - It takes you to 2 different IP addresses. Someone has entered the MX records wrong for this company - It also looks like they both go to the company web site - but they may have multiple copies of the web site running on different IP addresses.

I think the Sonicwall may be you problem - Some setting in there is redirecting the DNS to a dns server that is still live but is not being updated
0
 

Author Comment

by:CATHY-IT
ID: 37724509
I will check out these last two suggestions.. sorry about delay in responding was not in the office yesterday.. had a funeral to attend... Post back as soon as I check out the trace.
0
 

Author Comment

by:CATHY-IT
ID: 37729018
CarlMD - Made the change in the sonicwall router for the Branch Office, and accepted.. no change but i was wondering, I see a button to reset name cache, should I do that to clear old entries?

I ran the tracert with www.box.com.. not sure what I'm looking for.

today when I ping from the branch workstation - www.box.com I got 74.112.184.198 responding and ping just box.com responded to 74.112.184.201

In IE just box.com still doesn't load and if I try their old domain. www.box.net.. it resolves to www.box.com in teh details but still doesn't open.
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 37729057
I assume that you have checked the HOSTS file on the PCs that can't connect to make sure that someone or something has not put a false entry in them
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 37729066
www.box.com is behind a load balancer everytime you do a nslookup on it you will get another address either 74.112.184.70 or 74.112.184.198 there name servers are also load balanced and box.com will recieve 74.112.184.201 or 74.112.184.73 same goes with their mx records also load balanced 64.18.5.xx


resetting your name cache wouldn't hurt.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37729195
Yes, you can reset the name cache on the Sonicwall.

Does the branch location access the internet directly via their ISP, or is the internet traffic directed over the VPN, and accesses the internet via the main location ISP?

Have you looked in the Sonciwall logs when you try to ping or access these sites, to see if it is recording anything?
0
 

Author Comment

by:CATHY-IT
ID: 37729910
I reset the Name Cache -stated nothing changed in the status area.
I checked the host file - Nothing looks wrong, I had added our two server IPs and their full domain name in as part of our DNS setup.

The VPN is a site to site and if I understand correctly, I don't have that option to tell it the VPN  gateway is the default, as I do when I setup a GlobalVPN connection.. correct me if I'm wrong.  So I believe they use the Internet directly Local, the ISP is a ADSL modem plugged into the Sonicwall Router and PPPoE is configured on the sonicwall. also I have the UTM services such as content filtering, Gateway anti-virus etc..all disable on the LAN and WAN zones to rule out any blocking there.
I don't see anything in the logs, but not really sure what I'm looking for

Thinking I will download the latest Firmware for this Sonicwall on Monday..though its not that old I just did it in December, I have other branches running with version before this ones. but never know and Updating would be in the schedule eventually

also..got to thinking and remembering, when I had been trying to figure this exact same issue out on the original laptop that first started having the issue, I recall using this Desktop unit as my shared drive to download software (Firefox and Google Chrome) to install on the laptop that wasn't letting me get to those sites.. so this Desktop was able to browse before it was re-formatted and had XP sp3 re-installed.. Now wondering if a NIC driver issue maybe involved, thoughts on that?

FYI- I only work here part-time.. . I will continue this on Monday.. really appreciate all the ideas
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37729966
Not likely it has anything to do with firmware since other pc's on the LAN work ok.

You cannot tell it the VPN is the gateway, but by writing rules you could force all http traffic to the main site if you wanted to. The way you have it set up is ok, using the local ISP.

On one of the non working PC's under network connections, Advanced TCP/IP settings, make sure "Enable LMHOSTS lookup" is not checked. If it was checked, make this one change and try again. If still not working the in the same place try disabling NetBIOS over TCP/IP and try again. Note what the original setting was since you might need to put it back. Also, before you make any of these change look at a pc that is working and compare the two.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:CATHY-IT
ID: 37739035
I just got finished checkout out the Working Laptop and nothing appears to be different. checked the TCP/IP setting as asked above made no difference, I put the settings back and they are the same settings as on the working laptop.

Still stumped... did ask the branch manager to email me new pictures of the physical setup of Sonicwall Router and ADSL etc to see if anything out of place, since they were the ones that physically installed the new Sonicwall Router in Jan of this year and branch managers said something about a Cisco.Hummm...that I'm not aware they have..so I'm anxious to see what I will see in these new photos.. Will post back as soon as I get them and determine if this is a hardware setup issue. Otherwise I'm totally out of ideas that make sense.
0
 

Author Comment

by:CATHY-IT
ID: 37742644
I upgraded the NIC drivers as I stated I would above, no change.

The branch does have a Cisco 2960 switch but everyone is plugged into the switch and switch into SonicWall (LAN) port and then ADSL into Sonicwall WAN port. and that all appears to be OK, from what they've showed me. and since other units can browse.

Did some more google searching and came across this forum post that sound like exactly what is happening here at:
http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/cannot-access-few-websites-in-internet-explorer-8/4cf7c0f4-6deb-4f7f-814f-c64b05dc225e?page=3

The answer they state has to do with IE not able to download the CSS files (style sheets) and then another part of answer is talking about Your UserAgent is a bit long, I already downloaded and re did the UserAgent as the post stated, made no difference.
I also found tried the HTTP Watch tool they suggested  and I've attached a screen shot of a HTTP Watch Log file while trying to open www.box.com.

Hoping something here might make sense to someone

Keep in mind that Firefox, will NOT open www.box.com either but CAN open www.adobe.com, not sure why, so its not totally a IE 8.0 issue.

Also ,This post at one point mentioned about old installed security suites and got me to thinking that the User had installed Windows Defender, which I had orginally un-installed from Control Panel, is there  a tool to check that its truely removed.

Thanks
HttpWatch-Boxcom-Log-File.docx
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37742733
Do the pc's that work and don't, have the same version of IE and Firefox? Are they the latest? If not, suggest you try updating say firefox to 11.0 and try again.

I assume you have already tried clearing cache, cookies, etc...

Here is a link that should answer you question about Defender

http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/
0
 

Author Comment

by:CATHY-IT
ID: 37743567
The Link I believe is only relevent for Vista/Win 7. this unit is XP SP3.

Yes, I did clear the cache and i've tried in two other profiles as well, just in case it was particular files within a certain profile causing the issue.  

Firefox upgraded from 10.0 to 11.. no change

Was hesitating to install IE9.0 since most of our User still with XP unit use 8.0, should I consider this, perhaps it will correct any windows DLL corruption issues
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 37744854
did you already do an sfc /scannow ?

were you able or not able to connect and view the web page at box.com? The screen shots seen to indicate that you were able to.

you might also want to try a netsh winsock reset , reboot the computer and see if the problem still exists
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37746432
IE9 can't be  installed on XP, only Windows 7 or Vista.

If you go to Control Panel, Add/Remove Programs, and Windows Defender is not there then you have unistalled it. Also check Administrative Tools, Services to insure it is not there as well.

Are you using DHCP or fixed ip addresses on the LAN with the issues. If fixed, can you try changing the ip address of a pc with issues. If DHCP, release the address to get a new one.
0
 

Author Comment

by:CATHY-IT
ID: 37747254
IE9.0 not for XP.. that explains why it never prompted to upgrade LOL.. I didn't want to go there anyway, hence the reason I never bothered with it. Its on our Windows 7 Units only.
No.. that screen shot is the HTTPWatch log and Box.com DIDN'T open for it at all.. just states it waiting for in the info area the bottom left of IE page and google.ca is still showing on the IE screen itself.
I apologize if the following two inquires seem like stupid questions, but I dont' want to lose my ability to connect to this unit.
I'm connecting to the unit remotely, via LogMeIN Pro and have access to the Sonicwall Router directly from my IE with the VPN configuration so for the Release and renew of DHCP - believe unit will get a new IP on its own after I go into the Sonicwall and release it and then I can reconnect after it goes back online??
For the request to run netsh winsock reset , reboot the computer will I lose connection when I run this command remotely with LogMeIn?

I was in the process of running the  SFC /scannow this AM..waiting for a User there to insert the XP cd for me, hoping he'll get to it soon.

I also just finished this AM re-registring a group of DLL's suggested by a MS article KB813444.. with no results.

I believe the Windows Defender is gone to.. find nothing loading in regards to it.
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37747885
LogMeIN uses the web browser on the remote pc to establish the connection, so this traffic is not going over the STS VPN. Since you have the STS VPN you could directly use Remote Desktop by enabling that connection on the remote pc and address that local LAN address from your site.

If you login to the Sonicwall as admin and relase the ip on that device if will disconnect your LogMeIN session (if you are connected) but you should be able to start over again once a new ip has been established.

Yes you will loose your connect if you reboot the remote pc, but should be able to get it back again once it is up.

One new question, do you have more than one ISP (with shared load or failover?) at that remote site?
0
 

Author Comment

by:CATHY-IT
ID: 37748075
No, only one ISP at the remote site..
I knew I would lose access via logmein or any Internet based connection if and when the remote PC reboots.. my concern is when I run the winsock reset, will I lose connection before I am able to reboot the workstation, thus not being able to get re-connected without bothering the User to reboot for me...they are out of the office alot of day.
And as for the DHCP reset.same thing I was quite sure it would get a new IP right away and then I could re-connect once it refreshed.. wanted to confirm.. thanks
I will run the winsock reset soon and get back to you.. hoping its the one thing I haven't done that will finally resolve this issue, its getting old and time consuming
0
 

Author Comment

by:CATHY-IT
ID: 37748489
Netsh winsock reset did NOT solve the issue and fyi.. I didn't lose Internet connection when I ran it either, allowing me to manually restart the workstation.

Trying to run SFC /scannow so how so it will not prompt for CD.. changed source location in registry after I copied the XP sp 2 files to a windows folder, but this is SP3 and the Service Pack folder is there.

Released the DHCP from Sonicwall and then on the workstation I had to issue the Repair in connection properties and workstation was given a new IP. No Change..
0
 
LVL 20

Assisted Solution

by:carlmd
carlmd earned 500 total points
ID: 37748571
Lets try using a free public proxy server and see if you can get the pages that won't otherwise load.

From the problem pc open a browser and go to
              http://anonysafe.info

In the box at the BOTTOM of the page put in the url of one of the problem sites and hit GO.

Does it work?
0
 

Author Comment

by:CATHY-IT
ID: 37752232
YES!!!! I was able to get to the www.box.com. www.adobe.com and www.westjet.ca within this public proxy...  and Westjet gave the following message at top of their page.

"Unfortunately, we've detected that your browser doesn't have JavaScript enabled. To take advantage of all our great features, JavaScript is required.
If you prefer to continue with the settings you're using, you can still visit westjet.com, although you may not be able to use the site to its full extent."

www.intel.com also opens,but only showing the full color background and a few of the Home page areas.. rest just appear to not loaded.

So..what does this mean to you?  not within my experience and knowledge.. never used a public proxy before.. thanks for the link.. I note that one.. Wondering does Java having anything to do with this issue?
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37752269
Yes javascript does matter. Check both browsers you are using to see if it is turned on.

In firefox tools->options->Content make sure "enable javascipt" box is checked.

In IE8:

1.On the Tools menu, click Internet Options, and then click the Security tab.
2.Click the Internet zone.
3.Click Custom Level.
4.In the Security Settings – Internet Zone dialog box, click Enable for Active Scripting in the Scripting section.
5.Click the Back button to return to the previous page, and then click the Refresh button to run scripts.

Try it again without the proxy. Does this change anything now?
0
 

Author Comment

by:CATHY-IT
ID: 37752293
Java Scripting is already enabled on both browsers
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37752341
In my opinion something on the individual pc is blocking your success at getting to these sites without using the proxy. Since other pc's at the same location can access them, I would rule out the Sonicwall assuming you are not assigning access by groups based upon a user network login.

I would again check to make sure that on the individual pc all firewalls, filtering, etc programs are turned off. Also I would compare all the settings in one of the browsers with those of a pc that works.

If you can't find anything, then I would try downloading Google Chrome, and trying the sites in that browser. The idea here is to get a fresh install of another browser.
0
 

Author Comment

by:CATHY-IT
ID: 37767207
I've updated the sonicwall to the latest full firmware release and no change. notice there's a licensing issue, but I don't think its the cause since I've taken all UTM services off all Zones, but I'm going to call SonicWall Tech support as soon as I get a change, I've had to put this on the back burner a bit, getting behind in other IT obligations. and now that I've got three unit having the same issue, it must be something with the Router that is not obvious, perhaps the Router's UI is not working 100% I just don't know at this point. Will keep you posted once I speak with them.. perhaps later today.. thanks
0
 

Accepted Solution

by:
CATHY-IT earned 0 total points
ID: 37773276
Problem has been solved by SonicWall Support -

Needed to change the MTU which was defaulted to 1500, changed it to 1492 and now all browsing is working fine.  

Though this still doesn't explain why one of four workstations was able to browse these sites with no issues and this unit was on the same switch and Router as the others.

I would like to award the points to CARLMD for sticking it out with me.. this was quite annoying to say the least and I figured it was going to be a simple setting somewhere after all that we had done to troubleshoot.

Let me know how I should go about stating this post is the answer but give CarlMD the point perhaps choose this post as assisted
0
 
LVL 20

Expert Comment

by:carlmd
ID: 37773326
Glad to see you got an answer!

Like you, not sure why some pc's would work and others not, since the Sonicwall setting applies to all.

Lets chalk this up to a "huh?" and move on the to the next.....

You can award points by closing the question and selecting the answer you want to award points to, any assist, and a grade.

thanks...
0
 

Author Closing Comment

by:CATHY-IT
ID: 37795062
Thanks again for all the support!!...
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now