Can't access certain web site from Win 7 on our Lan - Windows XP is fine 500pnts
I've ask on here before but thought I would try again
Ok so our company has a problem with certain web sites some http and some https for example we cannot access www.gov.uk from a Win 7 client.
This is what I have tried so far...
1. Cannot access certain web sites from Win 7, server 2012 clients – Win XP, 2003 client works fine
2. I’ve tried my Win 7 laptop works fine from home doesn’t work on WL network
3. I’ve tried several different browsers (IE 8,9,10,11, Firefox, Chrome, Safari)
4. I’ve tried clean boot Win 7 machine with no AV and firewall
5. I’ve tried 32bit version on Win 7 (We use 64bit)
6. I’ve had the Cisco Pix firewall checked and the config doesn’t block any traffic at all
7. I’ve tried importing certificates from the Win XP machines
8. We can telnet to port 80 and port 443 on site that won’t display in our browsers like www.gov.uk
9. I’ve installed wireshark and followed the TCP\IP stream – I can’t see strange in the results.
10. I’ve tried using the Google public DNS 8.8.8.8 – made no difference
11. There are no group policy in place
12. Make no different in the client is a member of our domain or not
Ok so our company has a problem with certain web sites some http and some https for example we cannot access www.gov.uk from a Win 7 client.
This is what I have tried so far...
1. Cannot access certain web sites from Win 7, server 2012 clients – Win XP, 2003 client works fine
2. I’ve tried my Win 7 laptop works fine from home doesn’t work on WL network
3. I’ve tried several different browsers (IE 8,9,10,11, Firefox, Chrome, Safari)
4. I’ve tried clean boot Win 7 machine with no AV and firewall
5. I’ve tried 32bit version on Win 7 (We use 64bit)
6. I’ve had the Cisco Pix firewall checked and the config doesn’t block any traffic at all
7. I’ve tried importing certificates from the Win XP machines
8. We can telnet to port 80 and port 443 on site that won’t display in our browsers like www.gov.uk
9. I’ve installed wireshark and followed the TCP\IP stream – I can’t see strange in the results.
10. I’ve tried using the Google public DNS 8.8.8.8 – made no difference
11. There are no group policy in place
12. Make no different in the client is a member of our domain or not
Try turning off the firewall and double check that the browser is not using a proxy.
Also, try doing an http get request from telnet.
You will have to type in or copy the second line into the cmd prompt. You should get back html. If not, then even though you are making a connection, something is preventing the traffic from coming through. Usually this would be a firewall issue. Also, if you are not tracking it, check if the computer's IP address makes a difference. Use one of the IP addresses that one of the WinXP machines was using on the Win7 machine.
Good luck.
Also, try doing an http get request from telnet.
telnet <ip address> 80
GET HTTP://<WebSiteName>You will have to type in or copy the second line into the cmd prompt. You should get back html. If not, then even though you are making a connection, something is preventing the traffic from coming through. Usually this would be a firewall issue. Also, if you are not tracking it, check if the computer's IP address makes a difference. Use one of the IP addresses that one of the WinXP machines was using on the Win7 machine.
Good luck.
Have you checked the IE settings is set to LAN not proxy. can you provide a screenshot of source on page
@Jorge Ocampo, already stated "...double check that the browser is not using a proxy..."
ASKER
Tried Static address makes no difference
It's not sitting behind a proxy as I control all that stuff and there isn't one
Try "telnet <ip address> 80" - But the screen just goes blank with a little cursor flashing where would I enter GET HTTP://www.gov.uk - tried from CMD and just got GET not recognised.
Thanks for you help any other ideas?
Ian
It's not sitting behind a proxy as I control all that stuff and there isn't one
Try "telnet <ip address> 80" - But the screen just goes blank with a little cursor flashing where would I enter GET HTTP://www.gov.uk - tried from CMD and just got GET not recognised.
Thanks for you help any other ideas?
Ian
Try,,,,
Run Command Prompt as Administrator
netsh winsock reset
netsh int ipv4 reset
and reboot the system.
Run Command Prompt as Administrator
netsh winsock reset
netsh int ipv4 reset
and reboot the system.
Try what Santosh said.
With regard to telnet, when you get the flashing cursor, that is when you type in or coyp the GET ... into the command prompt and then hit enter. It should return the HTTP message from the server including HTML. This is just a test to see if the problem is in networking or the browser. If this returns ok, then it is likely something in the browser configuration or higher layer. If it does not return ok, then there is something lower level, like what Santosh is talking about.
Regarding proxy, whether or not you have a proxy set up on your network, you need to check this in your browser settings. In IE, it would be Tools->Internet Options, Connections tab, LAN settings button. Make sure Proxy server is not checked. You can also make sure the other boxes are not checked as this is the most common configuration.
With regard to telnet, when you get the flashing cursor, that is when you type in or coyp the GET ... into the command prompt and then hit enter. It should return the HTTP message from the server including HTML. This is just a test to see if the problem is in networking or the browser. If this returns ok, then it is likely something in the browser configuration or higher layer. If it does not return ok, then there is something lower level, like what Santosh is talking about.
Regarding proxy, whether or not you have a proxy set up on your network, you need to check this in your browser settings. In IE, it would be Tools->Internet Options, Connections tab, LAN settings button. Make sure Proxy server is not checked. You can also make sure the other boxes are not checked as this is the most common configuration.
ASKER
@rfportilla
Definitely no proxy set on the browsers..
The Telnet session goes blank and the cursor just blinks - Where exactly would I type in the GET command from the normal cmd prompt run as administrator?
This is what I get
C:\Windows\system32>GET HTTP://www.gov.uk
'GET' is not recognized as an
operable program or batch file
C:\Windows\system32>
I'll try what Santosh suggest now as well
Definitely no proxy set on the browsers..
The Telnet session goes blank and the cursor just blinks - Where exactly would I type in the GET command from the normal cmd prompt run as administrator?
This is what I get
C:\Windows\system32>GET HTTP://www.gov.uk
'GET' is not recognized as an
operable program or batch file
C:\Windows\system32>
I'll try what Santosh suggest now as well
ASKER
Tried
netsh winsock reset
netsh int ipv4 reset
reboot
Made no difference.
When I go to www.gov.uk I get the spinning circle reading "Waiting for www.gov.uk" then it times out and I get "This page can't be displayed"
netsh winsock reset
netsh int ipv4 reset
reboot
Made no difference.
When I go to www.gov.uk I get the spinning circle reading "Waiting for www.gov.uk" then it times out and I get "This page can't be displayed"
try this.............
open a command prompt and do an "ipconfig /flushdns" and then an "ipconfig /registerdns"
then "netstat -r" after that "arp -d".
open a command prompt and do an "ipconfig /flushdns" and then an "ipconfig /registerdns"
then "netstat -r" after that "arp -d".
When you type in the telnet command, it will connect and you will get a blinking cursor. That means you have a connection. While the cursor is blinking, then type in the GET ...
This is sending the HTTP GET command across a TCP connection to the server. But, you have to make the telnet connection first and then type the command through the telnet connection.
Also, have you tried turning off the Windows Firewall Service? And turning off any other Firewall? For instance, I have McAfee on my computer. This behaves differently on Windows 7 than Windows XP.
This is sending the HTTP GET command across a TCP connection to the server. But, you have to make the telnet connection first and then type the command through the telnet connection.
Also, have you tried turning off the Windows Firewall Service? And turning off any other Firewall? For instance, I have McAfee on my computer. This behaves differently on Windows 7 than Windows XP.
ASKER
@Santosh Gupta
Tried command
Made no difference below is the text from the netstat -r command
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.254 192.168.2.3 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 276
192.168.2.3 255.255.255.255 On-link 192.168.2.3 276
192.168.2.255 255.255.255.255 On-link 192.168.2.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 276
==========================
Persistent Routes:
None
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
==========================
Persistent Routes:
None
Tried command
Made no difference below is the text from the netstat -r command
IPv4 Route Table
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.254 192.168.2.3 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 276
192.168.2.3 255.255.255.255 On-link 192.168.2.3 276
192.168.2.255 255.255.255.255 On-link 192.168.2.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 276
==========================
Persistent Routes:
None
IPv6 Route Table
==========================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
==========================
Persistent Routes:
None
ASKER
@rfportilla
Yep tried it with no firewall at all make no difference.
Ok so I am use HyperTerminal for the Telnet Client - I connect to the site but the when I try and type "GET" it will not type anything
Yep tried it with no firewall at all make no difference.
Ok so I am use HyperTerminal for the Telnet Client - I connect to the site but the when I try and type "GET" it will not type anything
It may not be echoing locally. That does not mean that it is not sending. Additionally, for this test I would recommend typing out "GET http://sitename.com" in notepad and making sure there are not typos and then copying it to telnet after the connection is made. Replace sitename with the site you are trying to reach but can't.
Can you do a tracert to one of these sites on both machines and compare the two?
ASKER
Ok so I pasted GET http://www.gov.uk into HyperTerminal once it was connected but still nothing returned
Tracert to www.gov.uk is the same on Win 7 and Win XP
C:\Windows\system32>tracer
Tracing route to www-gov-uk.map.fastly.net [185.31.16.144]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.2.228
2 5 ms 4 ms 4 ms 172.18.0.117
3 6 ms 5 ms 6 ms 10.167.50.250
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
What you gut feeling about this @Rfportilla?
Tracert to www.gov.uk is the same on Win 7 and Win XP
C:\Windows\system32>tracer
Tracing route to www-gov-uk.map.fastly.net [185.31.16.144]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.2.228
2 5 ms 4 ms 4 ms 172.18.0.117
3 6 ms 5 ms 6 ms 10.167.50.250
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
What you gut feeling about this @Rfportilla?
Stupid question. Did you press enter after sending the Get request?
It looks like the IP layer is doing it's job. For some reason the TCP layer is blocking this. This is almost always a firewall error. The only other thing I have is what was already recommended:
netsh winsock reset
netsh int ipv4 reset
reboot
If you tried this, then i don't know. There is something along the way that is blocking the traffic. How many Win7/2012 computers are exhibiting this behavior?
Do you have an antivirus running?
It looks like the IP layer is doing it's job. For some reason the TCP layer is blocking this. This is almost always a firewall error. The only other thing I have is what was already recommended:
netsh winsock reset
netsh int ipv4 reset
reboot
If you tried this, then i don't know. There is something along the way that is blocking the traffic. How many Win7/2012 computers are exhibiting this behavior?
Do you have an antivirus running?
ASKER
@Rfportilla
Yep pressed enter after sending the GET request
We use Kaspersky Endpoint 10 - but it make no different if the firewall is on or off, clean computer with no AV and no windows firewall react the same way.
This is the config from our Cisco Pix
From what I understand the first two lines indicate that there should be a problem passing traffic from the outside in...
I really appreciate you help - have you got any more ideas?
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password lDQ1e86P2tr0BHxt encrypted
passwd RT97Q1q4kvGhHIRQ encrypted
hostname manorpark
domain-name wiseman.co.uk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
no fixup protocol h323 1720
no fixup protocol rsh 514
no fixup protocol rtsp 554
no fixup protocol sqlnet 1521
no fixup protocol sip 5060
no fixup protocol skinny 2000
names
access-list mail permit tcp any host 77.73.11.54 eq smtp
access-list mail permit tcp any host 77.73.11.52 eq www
access-list mail permit tcp any host 77.73.11.52 eq 443
pager lines 24
logging on
logging buffered errors
logging trap notifications
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 77.73.11.52 255.255.255.240
ip address inside 192.168.6.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pool2 10.44.0.181-10.44.0.187
no pdm history enable
arp timeout 14400
global (outside) 1 77.73.11.55
nat (inside) 1 172.18.0.0 255.255.255.0 0 0
nat (inside) 1 172.18.5.0 255.255.255.0 0 0
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
nat (inside) 1 192.168.2.0 255.255.255.0 0 0
nat (inside) 1 192.168.3.0 255.255.255.0 0 0
nat (inside) 1 192.168.5.0 255.255.255.0 0 0
nat (inside) 1 192.168.6.0 255.255.255.0 0 0
nat (inside) 1 192.168.216.0 255.255.255.0 0 0
static (inside,outside) 77.73.11.54 192.168.2.239 netmask 255.255.255.255 0 0
static (inside,outside) 77.73.11.52 192.168.2.250 netmask 255.255.255.255 0 0
access-group mail in interface outside
route outside 0.0.0.0 0.0.0.0 77.73.11.51 1
route inside 172.18.0.0 255.255.255.0 192.168.6.2 1
route inside 172.18.5.0 255.255.255.0 192.168.6.2 1
route inside 192.168.0.0 255.255.255.0 192.168.6.2 1
route inside 192.168.2.0 255.255.255.0 192.168.6.2 1
route inside 192.168.3.0 255.255.255.0 192.168.6.2 1
route inside 192.168.5.0 255.255.255.0 192.168.6.2 1
route inside 192.168.216.0 255.255.255.0 192.168.6.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 s
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
no sysopt route dnat
telnet 192.168.6.0 255.255.255.0 inside
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.3.0 255.255.255.0 inside
telnet 192.168.5.0 255.255.255.0 inside
telnet timeout 5
ssh 205.243.102.0 255.255.255.0 inside
ssh timeout 5
terminal width 80
Cryptochecksum:b7202158dfb
manorpark#
Yep pressed enter after sending the GET request
We use Kaspersky Endpoint 10 - but it make no different if the firewall is on or off, clean computer with no AV and no windows firewall react the same way.
This is the config from our Cisco Pix
From what I understand the first two lines indicate that there should be a problem passing traffic from the outside in...
I really appreciate you help - have you got any more ideas?
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password lDQ1e86P2tr0BHxt encrypted
passwd RT97Q1q4kvGhHIRQ encrypted
hostname manorpark
domain-name wiseman.co.uk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
no fixup protocol h323 1720
no fixup protocol rsh 514
no fixup protocol rtsp 554
no fixup protocol sqlnet 1521
no fixup protocol sip 5060
no fixup protocol skinny 2000
names
access-list mail permit tcp any host 77.73.11.54 eq smtp
access-list mail permit tcp any host 77.73.11.52 eq www
access-list mail permit tcp any host 77.73.11.52 eq 443
pager lines 24
logging on
logging buffered errors
logging trap notifications
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 77.73.11.52 255.255.255.240
ip address inside 192.168.6.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pool2 10.44.0.181-10.44.0.187
no pdm history enable
arp timeout 14400
global (outside) 1 77.73.11.55
nat (inside) 1 172.18.0.0 255.255.255.0 0 0
nat (inside) 1 172.18.5.0 255.255.255.0 0 0
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
nat (inside) 1 192.168.2.0 255.255.255.0 0 0
nat (inside) 1 192.168.3.0 255.255.255.0 0 0
nat (inside) 1 192.168.5.0 255.255.255.0 0 0
nat (inside) 1 192.168.6.0 255.255.255.0 0 0
nat (inside) 1 192.168.216.0 255.255.255.0 0 0
static (inside,outside) 77.73.11.54 192.168.2.239 netmask 255.255.255.255 0 0
static (inside,outside) 77.73.11.52 192.168.2.250 netmask 255.255.255.255 0 0
access-group mail in interface outside
route outside 0.0.0.0 0.0.0.0 77.73.11.51 1
route inside 172.18.0.0 255.255.255.0 192.168.6.2 1
route inside 172.18.5.0 255.255.255.0 192.168.6.2 1
route inside 192.168.0.0 255.255.255.0 192.168.6.2 1
route inside 192.168.2.0 255.255.255.0 192.168.6.2 1
route inside 192.168.3.0 255.255.255.0 192.168.6.2 1
route inside 192.168.5.0 255.255.255.0 192.168.6.2 1
route inside 192.168.216.0 255.255.255.0 192.168.6.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 s
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
no sysopt route dnat
telnet 192.168.6.0 255.255.255.0 inside
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.3.0 255.255.255.0 inside
telnet 192.168.5.0 255.255.255.0 inside
telnet timeout 5
ssh 205.243.102.0 255.255.255.0 inside
ssh timeout 5
terminal width 80
Cryptochecksum:b7202158dfb
manorpark#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your support although we didn't find a solution we did indeed cover alot of ground.
pls put the static IP and check if you have still same issue.