Solved

Certain HTTPS sites will not load - no errors - company wide

Posted on 2014-01-17
5
330 Views
Last Modified: 2014-01-22
Environment:
Servers: Windows 2008 R2 Enterprise, Hyper-V, one virtual machine is office domain controller, another slice is Exchange.

Back Story:
On Monday, on of our techs performed a driver update on the Hyper-V's NICs.  Starting then, mail would not flow inbound.  About the same time (not entirely sure), IE stopped working properly.  Tuesday evening, we found that, if we modified the MTU on the network to 1464, we could get mail flowing.  The change was made on the firewall, not the server.

Wed/Thu: IE was working except for some HTTPS sites (ex: https://orders.dominos.com).  Others worked fine (https://secure.experts-exchange.com).  Lots of stuff was done to fix this - including replacing the firewall - EXCEPT removing the updated NIC driver.

Friday:  Still happening on all systems on the network (not just the servers).

Does anyone have a clue?  Could it be the NIC driver on the Hyper-V?  How would that cause other workstations to fail?  I am going to look into removing the driver update but I am not yet convinced it is the problem (not this one anyway).

The NIC is an HP NC382i and the driver is 7.8.21.0.

Help?
0
Comment
Question by:crapshooter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:crapshooter
ID: 39789733
FYI: I just rolled back to the previous driver.  No change in behavior.
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39790421
Can you try setting the MTU back to 1500 on the firewall, then see what you get when you use the following command on the mail server...

ping www.google.com -f -l 1472
0
 

Author Comment

by:crapshooter
ID: 39791315
OK, it seems to have worked.  Still waiting for confirmation from the client.  Why did you choose that specific packet size?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39791330
1472 is the maximum packet size which will pass through a standard Ethernet port (before overheads are applied)

If you can pass a packet with a size of 1472 bytes at the ping command it will tell you that MTU is fine across the network.

Now that you've set the MTU back to 1500 are you still seeing the problem?
0
 

Author Comment

by:crapshooter
ID: 39795317
Nope.  At 1500, all is well.  I wonder if the systems were trying to send SSL packets that were larger than what the firewall would handle and the firewall dropped them.  Still, it only happened for some SSL sites.  And it was consistent across all systems on the network.  So it is still pretty weird.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question