Solved

can't open one website

Posted on 2013-01-15
21
417 Views
Last Modified: 2013-01-26
hi
I have one cisco SA-540 firewall and one 2003 domain server, since last Friday, I can't open this website in IE 8, https://dod-emall.dla.mil (only can open in IE), I have reboot the domain server and change the new firewall , but still has problem. but very strange is I can open this website on domain server, but all other computer can't do it. IE just said can't open this webpage. I have run ipconfig/flushdns on the domain server. check the service the DNS server and client is on. on the firewall I setup the static ipadress and DNS there.

And our other branch office using the same firewall and 2008 SBS, we can open no problem.
any idea for that?
0
Comment
Question by:irietek
  • 11
  • 8
  • 2
21 Comments
 
LVL 26

Expert Comment

by:pony10us
ID: 38780107
The site does mention that there are some issues they are working on as it relates to IE:

***DOD EMALL-NMCI IE 7.0 ISSUES***
DOD EMALL is aware of the Internet Explorer issues affecting our Department of the Navy and Coast Guard customers. We are working diligently to fully identify and implement a solution as quickly as possible. Updates to this issue will be available here on the DOD EMALL homepage. A potential way to alleviate this issue would be, if you have the authorization, to download Internet Explorer 8.

However it seems that your issue is with IE8. I do get a certificate warning when I first go there but checking the certificate it looks okay.
0
 

Author Comment

by:irietek
ID: 38780177
but the problem is other branch office all computer can open it without any issue, and this location only the domain can open it. did it make sense?
and my laptop when go to this location, can't open the website, but after I am back to another branch office, I can open without problem.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38780259
Can you see the log on the ASA to see if it has any valuable information?
0
 

Author Comment

by:irietek
ID: 38780289
The DNS server was unable to complete directory service enumeration of zone _msdcs.*******.domain.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

I saw this error message on the log DNS server tap.
0
 

Author Comment

by:irietek
ID: 38780307
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

that's another issue I found on the domain server log.

I setup the DNS on the firewall , is  our domain server still be the DNS server ?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38780342
From my Windows XP computer (with all updates), Firefox is the only browser that accepts the security certificate from that web site.  IE8, Chrome, Safari, and Opera all reject it.  Opera says the certificate chain is broken and some steps are not registered.
0
 

Author Comment

by:irietek
ID: 38780347
that's strange, I only can open it in IE8, all other browse is not working. and I also using XP pro sp3, and the same computer in this location can't open  the website, but after back to another branch ,it works again.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38780392
Try changing your DNS to 8.8.8.8 and see if you can get there
0
 

Author Comment

by:irietek
ID: 38780398
you mean the Fire wall DNS? this is Google's DNS, is that good for our company ?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38780418
This is just a test to see if it is something in your network.  Please add it as either secondary or tertiary.  Do so on a machine that is not able to access the site and not the firewall
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38780421
I sent an email to the 'webmaster' listed at the bottom of the page.  I'll let you know if they respond.
0
 

Author Comment

by:irietek
ID: 38780490
good news, I manually added the 8.8.8.8 in one pc as second DNS and it works, is that mean our internet supplier's DNS mix up?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38780521
It certainly shows that there is an issue with DNS somewhere.  What was the PC originally set for?  Was it the addresses provided by your ISP or to some internal server?
0
 

Author Comment

by:irietek
ID: 38780543
originally is firewall as the Gateway and DNS and DHCP server, i didn't change anything, the ip address is provided by ISP. from our T1 internet supplier.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38780552
I would think that you should be using the ISP's DNS.  Who is the ISP?
0
 

Author Comment

by:irietek
ID: 38780556
it's one communication,  US supplier.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38780569
One Communications DNS servers are:

64.65.208.6
64.65.223.6
64.65.196.6


You should set your primary and secondary DNS to any two of the above.
0
 

Author Comment

by:irietek
ID: 38780595
yes, the first 2 is my DNS now.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38780613
When you removed 8.8.8.8 were you still able to get to the site?  Be sure and clear your browser cache to test.
0
 

Accepted Solution

by:
irietek earned 0 total points
ID: 38801787
one communication said is DNS issue, and still working on that. don't know what else I can do ,only can temporally add 8.8.8.8 for some computer to use.
0
 

Author Closing Comment

by:irietek
ID: 38821809
good help, but still has problem with the supplier
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Resolve DNS query failed errors for Exchange
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now