can't open one website

hi
I have one cisco SA-540 firewall and one 2003 domain server, since last Friday, I can't open this website in IE 8, https://dod-emall.dla.mil (only can open in IE), I have reboot the domain server and change the new firewall , but still has problem. but very strange is I can open this website on domain server, but all other computer can't do it. IE just said can't open this webpage. I have run ipconfig/flushdns on the domain server. check the service the DNS server and client is on. on the firewall I setup the static ipadress and DNS there.

And our other branch office using the same firewall and 2008 SBS, we can open no problem.
any idea for that?
Simon ChenNetwork AdministratorAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Simon ChenConnect With a Mentor Network AdministratorAuthor Commented:
one communication said is DNS issue, and still working on that. don't know what else I can do ,only can temporally add 8.8.8.8 for some computer to use.
0
 
pony10usCommented:
The site does mention that there are some issues they are working on as it relates to IE:

***DOD EMALL-NMCI IE 7.0 ISSUES***
DOD EMALL is aware of the Internet Explorer issues affecting our Department of the Navy and Coast Guard customers. We are working diligently to fully identify and implement a solution as quickly as possible. Updates to this issue will be available here on the DOD EMALL homepage. A potential way to alleviate this issue would be, if you have the authorization, to download Internet Explorer 8.

However it seems that your issue is with IE8. I do get a certificate warning when I first go there but checking the certificate it looks okay.
0
 
Simon ChenNetwork AdministratorAuthor Commented:
but the problem is other branch office all computer can open it without any issue, and this location only the domain can open it. did it make sense?
and my laptop when go to this location, can't open the website, but after I am back to another branch office, I can open without problem.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
pony10usCommented:
Can you see the log on the ASA to see if it has any valuable information?
0
 
Simon ChenNetwork AdministratorAuthor Commented:
The DNS server was unable to complete directory service enumeration of zone _msdcs.*******.domain.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

I saw this error message on the log DNS server tap.
0
 
Simon ChenNetwork AdministratorAuthor Commented:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

that's another issue I found on the domain server log.

I setup the DNS on the firewall , is  our domain server still be the DNS server ?
0
 
Dave BaldwinFixer of ProblemsCommented:
From my Windows XP computer (with all updates), Firefox is the only browser that accepts the security certificate from that web site.  IE8, Chrome, Safari, and Opera all reject it.  Opera says the certificate chain is broken and some steps are not registered.
0
 
Simon ChenNetwork AdministratorAuthor Commented:
that's strange, I only can open it in IE8, all other browse is not working. and I also using XP pro sp3, and the same computer in this location can't open  the website, but after back to another branch ,it works again.
0
 
pony10usCommented:
Try changing your DNS to 8.8.8.8 and see if you can get there
0
 
Simon ChenNetwork AdministratorAuthor Commented:
you mean the Fire wall DNS? this is Google's DNS, is that good for our company ?
0
 
pony10usCommented:
This is just a test to see if it is something in your network.  Please add it as either secondary or tertiary.  Do so on a machine that is not able to access the site and not the firewall
0
 
Dave BaldwinFixer of ProblemsCommented:
I sent an email to the 'webmaster' listed at the bottom of the page.  I'll let you know if they respond.
0
 
Simon ChenNetwork AdministratorAuthor Commented:
good news, I manually added the 8.8.8.8 in one pc as second DNS and it works, is that mean our internet supplier's DNS mix up?
0
 
pony10usCommented:
It certainly shows that there is an issue with DNS somewhere.  What was the PC originally set for?  Was it the addresses provided by your ISP or to some internal server?
0
 
Simon ChenNetwork AdministratorAuthor Commented:
originally is firewall as the Gateway and DNS and DHCP server, i didn't change anything, the ip address is provided by ISP. from our T1 internet supplier.
0
 
pony10usCommented:
I would think that you should be using the ISP's DNS.  Who is the ISP?
0
 
Simon ChenNetwork AdministratorAuthor Commented:
it's one communication,  US supplier.
0
 
pony10usCommented:
One Communications DNS servers are:

64.65.208.6
64.65.223.6
64.65.196.6


You should set your primary and secondary DNS to any two of the above.
0
 
Simon ChenNetwork AdministratorAuthor Commented:
yes, the first 2 is my DNS now.
0
 
pony10usCommented:
When you removed 8.8.8.8 were you still able to get to the site?  Be sure and clear your browser cache to test.
0
 
Simon ChenNetwork AdministratorAuthor Commented:
good help, but still has problem with the supplier
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.