Link to home
Create AccountLog in
Avatar of CATHY-IT
CATHY-ITFlag for Canada

asked on

Can't open certain websites

Now have two unit at one remote branch that are unable to open sites such as and are two I know for sure. Home Page opens fine at,, etc open fine.

I've tried on one them, with Firefox and Google Chrome -still not able to open these two sites.

I thought it was DNS, but I've even tried Google's Public DNS. Don't believe this was an issue prior to upgrading to New SonicWall routers at all 5 remote branches, the other branches are working fine to my knowledge and I can't find anything that stands out on this Branches Router that would effect browsing these two sites from loading. I've turned off the UTM security services on the WAN zone on their SonicWall TZ100 router to see if any difference, none

Run Symantec Endpoint client Ver 12.1 the same on all our workstation, but I tried disabling auto protect to check, firewall in Windows is Off and still an issue

Note sure what else to check or how to trace why its not opening these two pages.

Any Suggestions on what to check for would be appreciated, I need to get this resolved today.
Avatar of David_Hagerman
Flag of South Africa image

Can you let us know a little more info?

- what error you are getting on the clients browser?
- I take you have checked and nothing is set to block these users
- Can anyone behind this firewall hit these sites?
Avatar of CATHY-IT


I do not get any errors, just sits there searching, waiting to load the page, screen stays pretty much blank for along time.

Blocking these Users.. I'm currently logged into the Desktop that's having the issue as the Network Administrator of our Domain, I have no issues here at Head office, though I'm new to Sonicwall TZ100 router, so I'm not sure if there is anything within that I should be checking.

FYI: this Desktop was just re-formatted and XP re-installed with SP3 and all updates applied.
Installed Firefox a few moments ago,, was able to open but not westjet or
Other PCs's have access to these sites: I do not have access to another unit at that remote branch at this moment, but that is definitely something I want to find out.
Avatar of Don Thomson
from a command prompt - at each of the problem locations do an ipconfig /all

Look at the DNS entries - If it's pointing to a local router then the DNS settings in that router may be off. It it's pointing to a local server - the server's DNS configuration may not be up to date
Usually I have the DNS pointing to our DNS server which is also the DC here at head office so that can browse their Mapped drives, but to rule that out I change it back to auto detect and it now has the WAN DNS s which are setup automatically by the ISP PPPOE connection this office and the others a like use, Head Office is using Static IP via Fiber connection and I also tried setting this workstation DNS to Google's public DNS change
Have you checked to see if there are any VPN connections between the DC location and this location. That would cause exactly the problem you are experiencing
Yes.. all our sites are  VPN Site to Site connections via the Sonicwall Routers TZ100 at all five branches and TZ210 here at Head Office.. and I just check on a desktop from another branch and that workstation can open these websites just fine.. Wondering if something in the VPN site to Site settings of this particular Branch that  maybe different, anything I should check for?
I would open up a CMD box at that location and do a
Ping   or to any sites that you are not able to get into - Then Ping the same sites from a location that you know you can access those same sites.

If the ping returns the proper IP at the bad location but can't get a reply - and get the proper replies from a good location then you have a block on some of those sites.

If it doesn't even get an iP back from the ping - but does at the good site then start looking at the DNS process
I had tried this a bit earlier, but decided I do it again to be more thorough.

From My Workstation - I CAN browse these sites Via IE 9.0 on Win 7 pings to with no response pings to with no response pings to - Responses - go to IE type in this IP and it resolves to and Opens fine

Branch Workstation - Can NOT browse these sites via IE V8.0 pings to with no response pings to with no response pings to with RESPONSE - note last IP section is different then above but I was able to ping the IP I received from on the branch workstation as well.. In IE - type in the IP - resolutes to and then hangs loading same as if I had enter in the address bar.

it appears DNS is working find from my understand
Confirmed.. a laptop at the same branch office as the Desktop and other laptop that can't browse these sites, was able to open them find.

Before the above was confirmed though, I have been checking the VPN site to site settings and made a change to have them exactly the same as the other 4, didn't make any difference.

I'm getting stumped here bad, Can't be the router is thus far at least one other computer is able to browse these sites....... any more ideas?
Give this a try.

On Sonciwall admin go to logs -> Name Resolution. Change the setting to "DNS" if it is not already set that way. Be sure to click Accept.

I know this is supposed to be just for name resolution in the logs, but this change has solved the very same problem at other sites.
instead of using ping try using a tracert to trace the route to the web server of interest
If you ping and DON'T get (Which is the correct IP address - then somewhere in the world a DNS server is routing improperly.

I tend to agree with ve3ofa  above - try it with tracert  at some point.

Now - just to confuse the matter - try going to just  vs  - It takes you to 2 different IP addresses. Someone has entered the MX records wrong for this company - It also looks like they both go to the company web site - but they may have multiple copies of the web site running on different IP addresses.

I think the Sonicwall may be you problem - Some setting in there is redirecting the DNS to a dns server that is still live but is not being updated
I will check out these last two suggestions.. sorry about delay in responding was not in the office yesterday.. had a funeral to attend... Post back as soon as I check out the trace.
CarlMD - Made the change in the sonicwall router for the Branch Office, and accepted.. no change but i was wondering, I see a button to reset name cache, should I do that to clear old entries?

I ran the tracert with not sure what I'm looking for.

today when I ping from the branch workstation - I got responding and ping just responded to

In IE just still doesn't load and if I try their old domain. it resolves to in teh details but still doesn't open.
I assume that you have checked the HOSTS file on the PCs that can't connect to make sure that someone or something has not put a false entry in them is behind a load balancer everytime you do a nslookup on it you will get another address either or there name servers are also load balanced and will recieve or same goes with their mx records also load balanced 64.18.5.xx

resetting your name cache wouldn't hurt.
Yes, you can reset the name cache on the Sonicwall.

Does the branch location access the internet directly via their ISP, or is the internet traffic directed over the VPN, and accesses the internet via the main location ISP?

Have you looked in the Sonciwall logs when you try to ping or access these sites, to see if it is recording anything?
I reset the Name Cache -stated nothing changed in the status area.
I checked the host file - Nothing looks wrong, I had added our two server IPs and their full domain name in as part of our DNS setup.

The VPN is a site to site and if I understand correctly, I don't have that option to tell it the VPN  gateway is the default, as I do when I setup a GlobalVPN connection.. correct me if I'm wrong.  So I believe they use the Internet directly Local, the ISP is a ADSL modem plugged into the Sonicwall Router and PPPoE is configured on the sonicwall. also I have the UTM services such as content filtering, Gateway anti-virus etc..all disable on the LAN and WAN zones to rule out any blocking there.
I don't see anything in the logs, but not really sure what I'm looking for

Thinking I will download the latest Firmware for this Sonicwall on Monday..though its not that old I just did it in December, I have other branches running with version before this ones. but never know and Updating would be in the schedule eventually to thinking and remembering, when I had been trying to figure this exact same issue out on the original laptop that first started having the issue, I recall using this Desktop unit as my shared drive to download software (Firefox and Google Chrome) to install on the laptop that wasn't letting me get to those sites.. so this Desktop was able to browse before it was re-formatted and had XP sp3 re-installed.. Now wondering if a NIC driver issue maybe involved, thoughts on that?

FYI- I only work here part-time.. . I will continue this on Monday.. really appreciate all the ideas
Not likely it has anything to do with firmware since other pc's on the LAN work ok.

You cannot tell it the VPN is the gateway, but by writing rules you could force all http traffic to the main site if you wanted to. The way you have it set up is ok, using the local ISP.

On one of the non working PC's under network connections, Advanced TCP/IP settings, make sure "Enable LMHOSTS lookup" is not checked. If it was checked, make this one change and try again. If still not working the in the same place try disabling NetBIOS over TCP/IP and try again. Note what the original setting was since you might need to put it back. Also, before you make any of these change look at a pc that is working and compare the two.
I just got finished checkout out the Working Laptop and nothing appears to be different. checked the TCP/IP setting as asked above made no difference, I put the settings back and they are the same settings as on the working laptop.

Still stumped... did ask the branch manager to email me new pictures of the physical setup of Sonicwall Router and ADSL etc to see if anything out of place, since they were the ones that physically installed the new Sonicwall Router in Jan of this year and branch managers said something about a Cisco.Hummm...that I'm not aware they I'm anxious to see what I will see in these new photos.. Will post back as soon as I get them and determine if this is a hardware setup issue. Otherwise I'm totally out of ideas that make sense.
I upgraded the NIC drivers as I stated I would above, no change.

The branch does have a Cisco 2960 switch but everyone is plugged into the switch and switch into SonicWall (LAN) port and then ADSL into Sonicwall WAN port. and that all appears to be OK, from what they've showed me. and since other units can browse.

Did some more google searching and came across this forum post that sound like exactly what is happening here at:

The answer they state has to do with IE not able to download the CSS files (style sheets) and then another part of answer is talking about Your UserAgent is a bit long, I already downloaded and re did the UserAgent as the post stated, made no difference.
I also found tried the HTTP Watch tool they suggested  and I've attached a screen shot of a HTTP Watch Log file while trying to open

Hoping something here might make sense to someone

Keep in mind that Firefox, will NOT open either but CAN open, not sure why, so its not totally a IE 8.0 issue.

Also ,This post at one point mentioned about old installed security suites and got me to thinking that the User had installed Windows Defender, which I had orginally un-installed from Control Panel, is there  a tool to check that its truely removed.

Do the pc's that work and don't, have the same version of IE and Firefox? Are they the latest? If not, suggest you try updating say firefox to 11.0 and try again.

I assume you have already tried clearing cache, cookies, etc...

Here is a link that should answer you question about Defender
The Link I believe is only relevent for Vista/Win 7. this unit is XP SP3.

Yes, I did clear the cache and i've tried in two other profiles as well, just in case it was particular files within a certain profile causing the issue.  

Firefox upgraded from 10.0 to 11.. no change

Was hesitating to install IE9.0 since most of our User still with XP unit use 8.0, should I consider this, perhaps it will correct any windows DLL corruption issues
did you already do an sfc /scannow ?

were you able or not able to connect and view the web page at The screen shots seen to indicate that you were able to.

you might also want to try a netsh winsock reset , reboot the computer and see if the problem still exists
IE9 can't be  installed on XP, only Windows 7 or Vista.

If you go to Control Panel, Add/Remove Programs, and Windows Defender is not there then you have unistalled it. Also check Administrative Tools, Services to insure it is not there as well.

Are you using DHCP or fixed ip addresses on the LAN with the issues. If fixed, can you try changing the ip address of a pc with issues. If DHCP, release the address to get a new one.
IE9.0 not for XP.. that explains why it never prompted to upgrade LOL.. I didn't want to go there anyway, hence the reason I never bothered with it. Its on our Windows 7 Units only.
No.. that screen shot is the HTTPWatch log and DIDN'T open for it at all.. just states it waiting for in the info area the bottom left of IE page and is still showing on the IE screen itself.
I apologize if the following two inquires seem like stupid questions, but I dont' want to lose my ability to connect to this unit.
I'm connecting to the unit remotely, via LogMeIN Pro and have access to the Sonicwall Router directly from my IE with the VPN configuration so for the Release and renew of DHCP - believe unit will get a new IP on its own after I go into the Sonicwall and release it and then I can reconnect after it goes back online??
For the request to run netsh winsock reset , reboot the computer will I lose connection when I run this command remotely with LogMeIn?

I was in the process of running the  SFC /scannow this AM..waiting for a User there to insert the XP cd for me, hoping he'll get to it soon.

I also just finished this AM re-registring a group of DLL's suggested by a MS article KB813444.. with no results.

I believe the Windows Defender is gone to.. find nothing loading in regards to it.
LogMeIN uses the web browser on the remote pc to establish the connection, so this traffic is not going over the STS VPN. Since you have the STS VPN you could directly use Remote Desktop by enabling that connection on the remote pc and address that local LAN address from your site.

If you login to the Sonicwall as admin and relase the ip on that device if will disconnect your LogMeIN session (if you are connected) but you should be able to start over again once a new ip has been established.

Yes you will loose your connect if you reboot the remote pc, but should be able to get it back again once it is up.

One new question, do you have more than one ISP (with shared load or failover?) at that remote site?
No, only one ISP at the remote site..
I knew I would lose access via logmein or any Internet based connection if and when the remote PC reboots.. my concern is when I run the winsock reset, will I lose connection before I am able to reboot the workstation, thus not being able to get re-connected without bothering the User to reboot for me...they are out of the office alot of day.
And as for the DHCP reset.same thing I was quite sure it would get a new IP right away and then I could re-connect once it refreshed.. wanted to confirm.. thanks
I will run the winsock reset soon and get back to you.. hoping its the one thing I haven't done that will finally resolve this issue, its getting old and time consuming
Netsh winsock reset did NOT solve the issue and fyi.. I didn't lose Internet connection when I ran it either, allowing me to manually restart the workstation.

Trying to run SFC /scannow so how so it will not prompt for CD.. changed source location in registry after I copied the XP sp 2 files to a windows folder, but this is SP3 and the Service Pack folder is there.

Released the DHCP from Sonicwall and then on the workstation I had to issue the Repair in connection properties and workstation was given a new IP. No Change..
Avatar of Carl Dula
Carl Dula
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
YES!!!! I was able to get to the and within this public proxy...  and Westjet gave the following message at top of their page.

"Unfortunately, we've detected that your browser doesn't have JavaScript enabled. To take advantage of all our great features, JavaScript is required.
If you prefer to continue with the settings you're using, you can still visit, although you may not be able to use the site to its full extent." also opens,but only showing the full color background and a few of the Home page areas.. rest just appear to not loaded.

So..what does this mean to you?  not within my experience and knowledge.. never used a public proxy before.. thanks for the link.. I note that one.. Wondering does Java having anything to do with this issue?
Yes javascript does matter. Check both browsers you are using to see if it is turned on.

In firefox tools->options->Content make sure "enable javascipt" box is checked.

In IE8:

1.On the Tools menu, click Internet Options, and then click the Security tab.
2.Click the Internet zone.
3.Click Custom Level.
4.In the Security Settings – Internet Zone dialog box, click Enable for Active Scripting in the Scripting section.
5.Click the Back button to return to the previous page, and then click the Refresh button to run scripts.

Try it again without the proxy. Does this change anything now?
Java Scripting is already enabled on both browsers
In my opinion something on the individual pc is blocking your success at getting to these sites without using the proxy. Since other pc's at the same location can access them, I would rule out the Sonicwall assuming you are not assigning access by groups based upon a user network login.

I would again check to make sure that on the individual pc all firewalls, filtering, etc programs are turned off. Also I would compare all the settings in one of the browsers with those of a pc that works.

If you can't find anything, then I would try downloading Google Chrome, and trying the sites in that browser. The idea here is to get a fresh install of another browser.
I've updated the sonicwall to the latest full firmware release and no change. notice there's a licensing issue, but I don't think its the cause since I've taken all UTM services off all Zones, but I'm going to call SonicWall Tech support as soon as I get a change, I've had to put this on the back burner a bit, getting behind in other IT obligations. and now that I've got three unit having the same issue, it must be something with the Router that is not obvious, perhaps the Router's UI is not working 100% I just don't know at this point. Will keep you posted once I speak with them.. perhaps later today.. thanks
Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Glad to see you got an answer!

Like you, not sure why some pc's would work and others not, since the Sonicwall setting applies to all.

Lets chalk this up to a "huh?" and move on the to the next.....

You can award points by closing the question and selecting the answer you want to award points to, any assist, and a grade.

Thanks again for all the support!!...