Can't open certain websites

Can you let us know a little more info?

- what error you are getting on the clients browser?
- I take you have checked and nothing is set to block these users
- Can anyone behind this firewall hit these sites?

I do not get any errors, just sits there searching, waiting to load the page, screen stays pretty much blank for along time.

Blocking these Users.. I'm currently logged into the Desktop that's having the issue as the Network Administrator of our Domain, I have no issues here at Head office, though I'm new to Sonicwall TZ100 router, so I'm not sure if there is anything within that I should be checking.

FYI: this Desktop was just re-formatted and XP re-installed with SP3 and all updates applied.
Installed Firefox a few moments ago,, was able to open www.adobe.com but not westjet or box.com
Other PCs's have access to these sites: I do not have access to another unit at that remote branch at this moment, but that is definitely something I want to find out.

from a command prompt - at each of the problem locations do an ipconfig /all

Look at the DNS entries - If it's pointing to a local router then the DNS settings in that router may be off. It it's pointing to a local server - the server's DNS configuration may not be up to date

Usually I have the DNS pointing to our DNS server which is also the DC here at head office so that can browse their Mapped drives, but to rule that out I change it back to auto detect and it now has the WAN DNS s which are setup automatically by the ISP PPPOE connection this office and the others a like use, Head Office is using Static IP via Fiber connection and I also tried setting this workstation DNS to Google's public DNS 8.8.8.8..no change

Have you checked to see if there are any VPN connections between the DC location and this location. That would cause exactly the problem you are experiencing

Yes.. all our sites are  VPN Site to Site connections via the Sonicwall Routers TZ100 at all five branches and TZ210 here at Head Office.. and I just check on a desktop from another branch and that workstation can open these websites just fine.. Wondering if something in the VPN site to Site settings of this particular Branch that  maybe different, anything I should check for?

I would open up a CMD box at that location and do a
Ping westjet.ca   or to any sites that you are not able to get into - Then Ping the same sites from a location that you know you can access those same sites.

If the ping returns the proper IP at the bad location but can't get a reply - and get the proper replies from a good location then you have a block on some of those sites.

If it doesn't even get an iP back from the ping - but does at the good site then start looking at the DNS process

I had tried this a bit earlier, but decided I do it again to be more thorough.

From My Workstation - I CAN browse these sites Via IE 9.0 on Win 7

www.westjet.com pings to 72.29.231.101 with no response
www.adobe.com pings to 192.150.16.64 with no response
www.box.com pings to 74.112.184.198 - Responses - go to IE type in this IP and it resolves to www.box.com and Opens fine

Branch Workstation - Can NOT browse these sites via IE V8.0

www.westjet.com pings to 72.29.231.101 with no response
www.adobe.com pings to 192.150.16.64 with no response
www.box.com pings to 74.112.184.70 with RESPONSE - note last IP section is different then above but I was able to ping the IP I received from www.box.com on the branch workstation as well.. In IE - type in the IP 74.112.184.70 - resolutes to www.box.com and then hangs loading same as if I had enter www.box.com in the address bar.

it appears DNS is working find from my understand

Confirmed.. a laptop at the same branch office as the Desktop and other laptop that can't browse these sites, was able to open them find.

Before the above was confirmed though, I have been checking the VPN site to site settings and made a change to have them exactly the same as the other 4, didn't make any difference.

I'm getting stumped here bad, Can't be the router is thus far at least one other computer is able to browse these sites....... any more ideas?

Give this a try.

On Sonciwall admin go to logs -> Name Resolution. Change the setting to "DNS" if it is not already set that way. Be sure to click Accept.

I know this is supposed to be just for name resolution in the logs, but this change has solved the very same problem at other sites.

instead of using ping try using a tracert to trace the route to the web server of interest

If you ping www.box.com and DON'T get 74.112.184.198 (Which is the correct IP address - then somewhere in the world a DNS server is routing improperly.

I tend to agree with ve3ofa  above - try it with tracert www.box.com  at some point.

Now - just to confuse the matter - try going to just box.com  vs www.box.com  - It takes you to 2 different IP addresses. Someone has entered the MX records wrong for this company - It also looks like they both go to the company web site - but they may have multiple copies of the web site running on different IP addresses.

I think the Sonicwall may be you problem - Some setting in there is redirecting the DNS to a dns server that is still live but is not being updated

I will check out these last two suggestions.. sorry about delay in responding was not in the office yesterday.. had a funeral to attend... Post back as soon as I check out the trace.

CarlMD - Made the change in the sonicwall router for the Branch Office, and accepted.. no change but i was wondering, I see a button to reset name cache, should I do that to clear old entries?

I ran the tracert with www.box.com.. not sure what I'm looking for.

today when I ping from the branch workstation - www.box.com I got 74.112.184.198 responding and ping just box.com responded to 74.112.184.201

In IE just box.com still doesn't load and if I try their old domain. www.box.net.. it resolves to www.box.com in teh details but still doesn't open.

I assume that you have checked the HOSTS file on the PCs that can't connect to make sure that someone or something has not put a false entry in them

www.box.com is behind a load balancer everytime you do a nslookup on it you will get another address either 74.112.184.70 or 74.112.184.198 there name servers are also load balanced and box.com will recieve 74.112.184.201 or 74.112.184.73 same goes with their mx records also load balanced 64.18.5.xx


resetting your name cache wouldn't hurt.

Yes, you can reset the name cache on the Sonicwall.

Does the branch location access the internet directly via their ISP, or is the internet traffic directed over the VPN, and accesses the internet via the main location ISP?

Have you looked in the Sonciwall logs when you try to ping or access these sites, to see if it is recording anything?

I reset the Name Cache -stated nothing changed in the status area.
I checked the host file - Nothing looks wrong, I had added our two server IPs and their full domain name in as part of our DNS setup.

The VPN is a site to site and if I understand correctly, I don't have that option to tell it the VPN  gateway is the default, as I do when I setup a GlobalVPN connection.. correct me if I'm wrong.  So I believe they use the Internet directly Local, the ISP is a ADSL modem plugged into the Sonicwall Router and PPPoE is configured on the sonicwall. also I have the UTM services such as content filtering, Gateway anti-virus etc..all disable on the LAN and WAN zones to rule out any blocking there.
I don't see anything in the logs, but not really sure what I'm looking for

Thinking I will download the latest Firmware for this Sonicwall on Monday..though its not that old I just did it in December, I have other branches running with version before this ones. but never know and Updating would be in the schedule eventually

also..got to thinking and remembering, when I had been trying to figure this exact same issue out on the original laptop that first started having the issue, I recall using this Desktop unit as my shared drive to download software (Firefox and Google Chrome) to install on the laptop that wasn't letting me get to those sites.. so this Desktop was able to browse before it was re-formatted and had XP sp3 re-installed.. Now wondering if a NIC driver issue maybe involved, thoughts on that?

FYI- I only work here part-time.. . I will continue this on Monday.. really appreciate all the ideas

Not likely it has anything to do with firmware since other pc's on the LAN work ok.

You cannot tell it the VPN is the gateway, but by writing rules you could force all http traffic to the main site if you wanted to. The way you have it set up is ok, using the local ISP.

On one of the non working PC's under network connections, Advanced TCP/IP settings, make sure "Enable LMHOSTS lookup" is not checked. If it was checked, make this one change and try again. If still not working the in the same place try disabling NetBIOS over TCP/IP and try again. Note what the original setting was since you might need to put it back. Also, before you make any of these change look at a pc that is working and compare the two.

I just got finished checkout out the Working Laptop and nothing appears to be different. checked the TCP/IP setting as asked above made no difference, I put the settings back and they are the same settings as on the working laptop.

Still stumped... did ask the branch manager to email me new pictures of the physical setup of Sonicwall Router and ADSL etc to see if anything out of place, since they were the ones that physically installed the new Sonicwall Router in Jan of this year and branch managers said something about a Cisco.Hummm...that I'm not aware they have..so I'm anxious to see what I will see in these new photos.. Will post back as soon as I get them and determine if this is a hardware setup issue. Otherwise I'm totally out of ideas that make sense.

I upgraded the NIC drivers as I stated I would above, no change.

The branch does have a Cisco 2960 switch but everyone is plugged into the switch and switch into SonicWall (LAN) port and then ADSL into Sonicwall WAN port. and that all appears to be OK, from what they've showed me. and since other units can browse.

Did some more google searching and came across this forum post that sound like exactly what is happening here at:
http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/cannot-access-few-websites-in-internet-explorer-8/4cf7c0f4-6deb-4f7f-814f-c64b05dc225e?page=3

The answer they state has to do with IE not able to download the CSS files (style sheets) and then another part of answer is talking about Your UserAgent is a bit long, I already downloaded and re did the UserAgent as the post stated, made no difference.
I also found tried the HTTP Watch tool they suggested  and I've attached a screen shot of a HTTP Watch Log file while trying to open www.box.com.

Hoping something here might make sense to someone

Keep in mind that Firefox, will NOT open www.box.com either but CAN open www.adobe.com, not sure why, so its not totally a IE 8.0 issue.

Also ,This post at one point mentioned about old installed security suites and got me to thinking that the User had installed Windows Defender, which I had orginally un-installed from Control Panel, is there  a tool to check that its truely removed.

Thanks
HttpWatch-Boxcom-Log-File.docx

Do the pc's that work and don't, have the same version of IE and Firefox? Are they the latest? If not, suggest you try updating say firefox to 11.0 and try again.

I assume you have already tried clearing cache, cookies, etc...

Here is a link that should answer you question about Defender

http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/

The Link I believe is only relevent for Vista/Win 7. this unit is XP SP3.

Yes, I did clear the cache and i've tried in two other profiles as well, just in case it was particular files within a certain profile causing the issue.  

Firefox upgraded from 10.0 to 11.. no change

Was hesitating to install IE9.0 since most of our User still with XP unit use 8.0, should I consider this, perhaps it will correct any windows DLL corruption issues

did you already do an sfc /scannow ?

were you able or not able to connect and view the web page at box.com? The screen shots seen to indicate that you were able to.

you might also want to try a netsh winsock reset , reboot the computer and see if the problem still exists

IE9 can't be  installed on XP, only Windows 7 or Vista.

If you go to Control Panel, Add/Remove Programs, and Windows Defender is not there then you have unistalled it. Also check Administrative Tools, Services to insure it is not there as well.

Are you using DHCP or fixed ip addresses on the LAN with the issues. If fixed, can you try changing the ip address of a pc with issues. If DHCP, release the address to get a new one.

IE9.0 not for XP.. that explains why it never prompted to upgrade LOL.. I didn't want to go there anyway, hence the reason I never bothered with it. Its on our Windows 7 Units only.
No.. that screen shot is the HTTPWatch log and Box.com DIDN'T open for it at all.. just states it waiting for in the info area the bottom left of IE page and google.ca is still showing on the IE screen itself.
I apologize if the following two inquires seem like stupid questions, but I dont' want to lose my ability to connect to this unit.
I'm connecting to the unit remotely, via LogMeIN Pro and have access to the Sonicwall Router directly from my IE with the VPN configuration so for the Release and renew of DHCP - believe unit will get a new IP on its own after I go into the Sonicwall and release it and then I can reconnect after it goes back online??
For the request to run netsh winsock reset , reboot the computer will I lose connection when I run this command remotely with LogMeIn?

I was in the process of running the  SFC /scannow this AM..waiting for a User there to insert the XP cd for me, hoping he'll get to it soon.

I also just finished this AM re-registring a group of DLL's suggested by a MS article KB813444.. with no results.

I believe the Windows Defender is gone to.. find nothing loading in regards to it.

LogMeIN uses the web browser on the remote pc to establish the connection, so this traffic is not going over the STS VPN. Since you have the STS VPN you could directly use Remote Desktop by enabling that connection on the remote pc and address that local LAN address from your site.

If you login to the Sonicwall as admin and relase the ip on that device if will disconnect your LogMeIN session (if you are connected) but you should be able to start over again once a new ip has been established.

Yes you will loose your connect if you reboot the remote pc, but should be able to get it back again once it is up.

One new question, do you have more than one ISP (with shared load or failover?) at that remote site?

No, only one ISP at the remote site..
I knew I would lose access via logmein or any Internet based connection if and when the remote PC reboots.. my concern is when I run the winsock reset, will I lose connection before I am able to reboot the workstation, thus not being able to get re-connected without bothering the User to reboot for me...they are out of the office alot of day.
And as for the DHCP reset.same thing I was quite sure it would get a new IP right away and then I could re-connect once it refreshed.. wanted to confirm.. thanks
I will run the winsock reset soon and get back to you.. hoping its the one thing I haven't done that will finally resolve this issue, its getting old and time consuming

Netsh winsock reset did NOT solve the issue and fyi.. I didn't lose Internet connection when I ran it either, allowing me to manually restart the workstation.

Trying to run SFC /scannow so how so it will not prompt for CD.. changed source location in registry after I copied the XP sp 2 files to a windows folder, but this is SP3 and the Service Pack folder is there.

Released the DHCP from Sonicwall and then on the workstation I had to issue the Repair in connection properties and workstation was given a new IP. No Change..

YES!!!! I was able to get to the www.box.com. www.adobe.com and www.westjet.ca within this public proxy...  and Westjet gave the following message at top of their page.

"Unfortunately, we've detected that your browser doesn't have JavaScript enabled. To take advantage of all our great features, JavaScript is required.
If you prefer to continue with the settings you're using, you can still visit westjet.com, although you may not be able to use the site to its full extent."

www.intel.com also opens,but only showing the full color background and a few of the Home page areas.. rest just appear to not loaded.

So..what does this mean to you?  not within my experience and knowledge.. never used a public proxy before.. thanks for the link.. I note that one.. Wondering does Java having anything to do with this issue?

Yes javascript does matter. Check both browsers you are using to see if it is turned on.

In firefox tools->options->Content make sure "enable javascipt" box is checked.

In IE8:

1.On the Tools menu, click Internet Options, and then click the Security tab.
2.Click the Internet zone.
3.Click Custom Level.
4.In the Security Settings – Internet Zone dialog box, click Enable for Active Scripting in the Scripting section.
5.Click the Back button to return to the previous page, and then click the Refresh button to run scripts.

Try it again without the proxy. Does this change anything now?

Java Scripting is already enabled on both browsers

In my opinion something on the individual pc is blocking your success at getting to these sites without using the proxy. Since other pc's at the same location can access them, I would rule out the Sonicwall assuming you are not assigning access by groups based upon a user network login.

I would again check to make sure that on the individual pc all firewalls, filtering, etc programs are turned off. Also I would compare all the settings in one of the browsers with those of a pc that works.

If you can't find anything, then I would try downloading Google Chrome, and trying the sites in that browser. The idea here is to get a fresh install of another browser.

I've updated the sonicwall to the latest full firmware release and no change. notice there's a licensing issue, but I don't think its the cause since I've taken all UTM services off all Zones, but I'm going to call SonicWall Tech support as soon as I get a change, I've had to put this on the back burner a bit, getting behind in other IT obligations. and now that I've got three unit having the same issue, it must be something with the Router that is not obvious, perhaps the Router's UI is not working 100% I just don't know at this point. Will keep you posted once I speak with them.. perhaps later today.. thanks

Glad to see you got an answer!

Like you, not sure why some pc's would work and others not, since the Sonicwall setting applies to all.

Lets chalk this up to a "huh?" and move on the to the next.....

You can award points by closing the question and selecting the answer you want to award points to, any assist, and a grade.

thanks...

Thanks again for all the support!!...