Solved

Access to Facebook blocked

Posted on 2012-09-03
663 Views
Last Modified: 2013-11-19
OK - If I had any hair I'd be pulling it out by now.
I've just been asked to look at a small domain which was set up for a small business. A previous Admin, at the owners request, blocked access to Facebook. There has now been a change in policy and it has been decided to remove the block.

The issue is that I can't see where/how it was blocked. Its a very simple set-up. One 2008 DC and Windows 7 clients. The DC providing the DNS and forwarding to the ISPs DNS, no proxy server.

I've checked group policies and can't find anything
I've checked DNS for entries on the DC and can't find anything
I've checked the local machine hosts file and there is nothing.

Yet when I try to go to facebook I just get 'Internet Explorer Cannot display the web page'
If I run the diagnostic from the page it just reports that it can't diagnose the problem.

If I try to access Facebook from Chrome I get 'This webpage is not available'

Any suggestions on where to look next ?
0
Question by:KCTS
    22 Comments
     
    LVL 10

    Expert Comment

    by:scriven_j
    Have a look at the hardware firewall/router as this can be used to block access to sites.

    What hardware is on the physical border of the route to the Internet?
    0
     
    LVL 2

    Expert Comment

    by:fourck
    Have you checked your router configuration? maybe it is on router level.
    0
     
    LVL 18

    Expert Comment

    by:Sushil Sonawane
    Assign public IP Address (Provide by ISP)  to machine then try to access facebook if you able to access then Check on your hardware firewall or router from there your request pass to outside the your network.
    0
     
    LVL 1

    Expert Comment

    by:bakfaloni
    also some admin block some web site by the file host you can find in

    %systemroot% \system32\drivers\etc
    0
     
    LVL 17

    Expert Comment

    by:selvol
    RUN Box type
    CMD
    then type
    ping facebook.com

    if you get timeouts you can not connect  and it is not a browser issue.
    0
     
    LVL 17

    Expert Comment

    by:sgsm81
    check the ip address and default gateway (gateway may contain a filter)

    also run a ping and tracert to facebook site

    check firewall, router, iis, internet explorer etc

    however if its affecting everyone it may be on the server
    0
     
    LVL 25

    Expert Comment

    by:madunix
    Check the internet router, it might be  

    - dropping direct HTTPS connections (by adding a filter to block port 443 – HTTPS from internal network to ‘any’)
    - filtering Facebook’s IP address ranges to Null0, block by Routing  to null0 interface
    ip route 69.63.176.0 255.255.240.0 Null0
    ip route 204.15.20.0 255.255.252.0 Null0
    ip route 66.220.144.0 255.255.240.0 Null0
    ip route 69.171.224.0 255.255.224.0 Null0
    ip route 69.171.224.0 255.255.240.0 Null0
    ip route 69.171.240.0 255.255.240.0 Null0


    [@linux1 ~]$ dig facebook.com

    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> facebook.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12769
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 13, ADDITIONAL: 9

    ;; QUESTION SECTION:
    ;facebook.com.                  IN      A

    ;; ANSWER SECTION:
    facebook.com.           753     IN      A       66.220.149.88
    facebook.com.           753     IN      A       66.220.152.16
    facebook.com.           753     IN      A       66.220.158.70
    facebook.com.           753     IN      A       69.171.234.21
    facebook.com.           753     IN      A       69.171.237.16
    facebook.com.           753     IN      A       69.171.247.21
    0
     
    LVL 5

    Expert Comment

    by:schima_cz
    How were You testing DNS?
    Try this:
    Run - CMD - nslookup
    Write facebook.com and post there result.
    It could be hosts file on DNS server
    0
     
    LVL 70

    Author Comment

    by:KCTS
    Ping of facebook seems to suggest its resolving OK

    C:\>ping facebook.com
    Pinging facebook.com [69.171.247.21] with 32 bytes of
    Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
    Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
    Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
    Reply from 69.171.247.21: bytes=32 time=102ms TTL=245

    Ping statistics for 69.171.247.21:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss
    Approximate round trip times in milli-seconds:
        Minimum = 102ms, Maximum = 102ms, Average = 102ms


    nslookup results
    C:\>nslookup
    253.1.168.192.in-addr.arp
            primary name server = localhost
            responsible mail addr nobody.invalid
            serial  = 1
            refresh = 600 (10 mins)
            retry   = 1200 (20 mins)
            expire  = 604800 (7 days)
            default TTL = 10800 (3 hours)
    Default Server:  UnKnown
    Address:  192.168.1.253

    > facebook.com
    Server:  UnKnown
    Address:  192.168.1.253

    Non-authoritative answer:
    Name:    facebook.com
    Addresses:  2a03:2880:10:
              2a03:2880:2110:
              2a03:2880:2110:
              2a03:2880:10:8f
              66.220.149.88
              66.220.152.16
              66.220.158.70
              69.171.234.21
              69.171.237.16
              69.171.247.21


    Nothing in hosts file
    no conditional forwarders - only forwarder to ISP
    simple ADSL router - no filtering enabled
    nothing (obvious) in group policy
    0
     
    LVL 70

    Author Comment

    by:KCTS
    Tracert result - seems OK


    C:\>tracert facebook.com

    Tracing route to facebook.com [69.171.247.21]
    over a maximum of 30 hops:

      1     2 ms     1 ms     1 ms  172.16.1.254
      2    18 ms    18 ms    17 ms  82.153.1.61
      3    18 ms    18 ms    18 ms  91.85.10.21
      4    36 ms    46 ms    55 ms  62.164.130.53
      5    35 ms    18 ms    17 ms  vl-38.lon-th1cr.spn.kcom.com [86.54.183.249]
      6    18 ms    18 ms    18 ms  linx.br02.lhr1.tfbnw.net [195.66.225.121]
      7    93 ms   144 ms    92 ms  ae18.bb02.iad2.tfbnw.net [74.119.79.202]
      8   105 ms   106 ms   105 ms  ae9.bb02.frc1.tfbnw.net [31.13.24.48]
      9   102 ms   102 ms   102 ms  ae2.dr03.frc1.tfbnw.net [31.13.27.78]
     10   103 ms   103 ms   103 ms  po1020.csw03d.frc1.tfbnw.net [31.13.26.165]
     11   102 ms   102 ms   102 ms  www-slb-10-03-frc1.facebook.com [69.171.247.21]


    Trace complete.

    C:\>
    0
     
    LVL 10

    Expert Comment

    by:scriven_j
    Still sounds like hardware to me.  Have you checked the hardware connecting this site to the Internet yet?  A number of hardware firewalls / routers allow you to block HTTP traffic to certain sites.  If Pings are getting through and DNS is resolving correctly, then this sounds to me like the most likely cause.
    0
     
    LVL 10

    Expert Comment

    by:scriven_j
    Oh, just realised you posted twice sayingh simple ADSL router - no filtering.

    Are you sure there is nothing firewally before the ADSL router?

    The other option is something in GPO - such as in:-

    "Windows Settings" > "Security Settings" > "IP security Policies".

    I would run RSOP.MSC or GPMC to look at the accumulative effect of all the policies in case there is something in there.
    0
     
    LVL 10

    Expert Comment

    by:scriven_j
    Also, have you checked any security software on the clients (or server) as some policy may have been rolled out centrally?
    0
     
    LVL 17

    Expert Comment

    by:sgsm81
    check antivirus software as some have filtering built in

    as you can "see" facebook then its not a routing issue

    check firewall settings and check ADUC for group policies

    do you get the same error if you logon as domain admin (as GPO's aren't always attributed to domain admins)
    0
     
    LVL 10

    Expert Comment

    by:ajwuk
    Have you tried browsing to http://69.171.247.21  ?
    Is you 2008 DC using 192.168.1.253 ?
    0
     
    LVL 23

    Expert Comment

    by:Nagendra Pratap Singh
    Try using a workgroup computer (freshly installed). This will bypass the GPOs etc.


    Also locate the Admin on linkedin and ask him if he can help.
    0
     
    LVL 5

    Expert Comment

    by:schima_cz
    Could You setup Google DNS as the only DNS server on workstation (override DHCP)? And after that try browsing facebook
    0
     
    LVL 70

    Author Comment

    by:KCTS
    Tried a (non-domain) laptop on the network - it can't access facebook either - so its not a GPO
    set the DNS to be the router - still can't access facebook - suggests its the router or something at the ISP - I will try replacing the router tommorrow.

    (BTW: yes the DC is 192.168.1.253, the router is 192.168.1.254)
    0
     
    LVL 10

    Expert Comment

    by:scriven_j
    Did you try schima_cz's suggestion of using Google's DNS server (8.8.8.8 and 8.8.4.4) and seeing if that resolves it?

    Could be a DNS Injection problem....
    0
     
    LVL 70

    Author Comment

    by:KCTS
    Still not resolved - got ISPs tech team looking at the issue
    0
     
    LVL 70

    Accepted Solution

    by:
    IP resolved the issue - not sure what they did - they're reluctant to say - but it was a problem at their end which has now been sorted
    0
     
    LVL 70

    Author Closing Comment

    by:KCTS
    ISP issue
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
    Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    702 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now