Solved

Certain HTTPS sites will not load - no errors - company wide

Posted on 2014-01-17
5
320 Views
Last Modified: 2014-01-22
Environment:
Servers: Windows 2008 R2 Enterprise, Hyper-V, one virtual machine is office domain controller, another slice is Exchange.

Back Story:
On Monday, on of our techs performed a driver update on the Hyper-V's NICs.  Starting then, mail would not flow inbound.  About the same time (not entirely sure), IE stopped working properly.  Tuesday evening, we found that, if we modified the MTU on the network to 1464, we could get mail flowing.  The change was made on the firewall, not the server.

Wed/Thu: IE was working except for some HTTPS sites (ex: https://orders.dominos.com).  Others worked fine (https://secure.experts-exchange.com).  Lots of stuff was done to fix this - including replacing the firewall - EXCEPT removing the updated NIC driver.

Friday:  Still happening on all systems on the network (not just the servers).

Does anyone have a clue?  Could it be the NIC driver on the Hyper-V?  How would that cause other workstations to fail?  I am going to look into removing the driver update but I am not yet convinced it is the problem (not this one anyway).

The NIC is an HP NC382i and the driver is 7.8.21.0.

Help?
0
Comment
Question by:crapshooter
  • 3
  • 2
5 Comments
 

Author Comment

by:crapshooter
Comment Utility
FYI: I just rolled back to the previous driver.  No change in behavior.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
Comment Utility
Can you try setting the MTU back to 1500 on the firewall, then see what you get when you use the following command on the mail server...

ping www.google.com -f -l 1472
0
 

Author Comment

by:crapshooter
Comment Utility
OK, it seems to have worked.  Still waiting for confirmation from the client.  Why did you choose that specific packet size?
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
1472 is the maximum packet size which will pass through a standard Ethernet port (before overheads are applied)

If you can pass a packet with a size of 1472 bytes at the ping command it will tell you that MTU is fine across the network.

Now that you've set the MTU back to 1500 are you still seeing the problem?
0
 

Author Comment

by:crapshooter
Comment Utility
Nope.  At 1500, all is well.  I wonder if the systems were trying to send SSL packets that were larger than what the firewall would handle and the firewall dropped them.  Still, it only happened for some SSL sites.  And it was consistent across all systems on the network.  So it is still pretty weird.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now