Solved

Can't access certain web site from Win 7 on our Lan - Windows XP is fine 500pnts

Posted on 2014-03-31
20
291 Views
Last Modified: 2014-04-02
I've ask on here before but thought I would try again

Ok so our company has a problem with certain web sites some http and some https for example we cannot access www.gov.uk from a Win 7 client.

This is what I have tried so far...

1.      Cannot access certain web sites from Win 7, server 2012 clients – Win XP, 2003 client works fine
2.      I’ve tried my Win 7 laptop works fine from home doesn’t work on WL network
3.      I’ve tried several different browsers (IE 8,9,10,11, Firefox, Chrome, Safari)
4.      I’ve tried clean boot Win 7 machine with no AV and firewall
5.      I’ve tried 32bit version on Win 7 (We use 64bit)
6.      I’ve had the Cisco Pix firewall checked and the config doesn’t block any traffic at all
7.      I’ve tried importing certificates from the Win XP machines
8.      We can telnet to port 80 and port 443 on site that won’t display in our browsers like www.gov.uk
9.      I’ve installed wireshark and followed the TCP\IP stream – I can’t see strange in the results.
10.      I’ve tried using the Google public DNS 8.8.8.8 – made no difference
11.      There are no group policy in place
12.      Make no different in the client is a member of our domain or not
0
Comment
Question by:ise438
  • 8
  • 8
  • 3
  • +1
20 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
Comment Utility
Hi,

pls put the static IP and check if you have still same issue.
0
 
LVL 9

Expert Comment

by:rfportilla
Comment Utility
Try turning off the firewall and double check that the browser is not using a proxy.  

Also, try doing an http get request from telnet.

telnet <ip address> 80
GET HTTP://<WebSiteName>

Open in new window


You will have to type in or copy the second line into the cmd prompt.  You should get back html.  If not, then even though you are making a connection, something is preventing the traffic from coming through.  Usually this would be a firewall issue.  Also, if you are not tracking it, check if the computer's IP address makes a difference.  Use one of the IP addresses that one of the WinXP machines was using on the Win7 machine.  

Good luck.
0
 
LVL 2

Expert Comment

by:Jorge Ocampo
Comment Utility
Have you checked the IE settings is set to LAN not proxy. can you provide a screenshot of source on page
0
 
LVL 9

Expert Comment

by:rfportilla
Comment Utility
@Jorge Ocampo, already stated "...double check that the browser is not using a proxy..."
0
 

Author Comment

by:ise438
Comment Utility
Tried Static address makes no difference

It's not sitting behind a proxy as I control all that stuff and there isn't one

Try "telnet <ip address> 80" - But the screen just goes blank with a little cursor flashing where would I enter GET HTTP://www.gov.uk - tried from CMD and just got GET not recognised.

Thanks for you help any other ideas?

Ian
0
 
LVL 13

Expert Comment

by:Santosh Gupta
Comment Utility
Try,,,,

Run Command Prompt as Administrator

netsh winsock reset
netsh int ipv4 reset

and reboot the system.
0
 
LVL 9

Expert Comment

by:rfportilla
Comment Utility
Try what Santosh said.  

With regard to telnet, when you get the flashing cursor, that is when you type in or coyp the GET ... into the command prompt and then hit enter.  It should return the HTTP message from the server including HTML. This is just a test to see if the problem is in networking or the browser.  If this returns ok, then it is likely something in the browser configuration or higher layer.  If it does not return ok, then there is something lower level, like what Santosh is talking about.  

 Regarding proxy, whether or not you have a proxy set up on your network, you need to check this in your browser settings.  In IE, it would be Tools->Internet Options, Connections tab, LAN settings button.  Make sure Proxy server is not checked.  You can also make sure the other boxes are not checked as this is the most common configuration.
0
 

Author Comment

by:ise438
Comment Utility
@rfportilla

Definitely no proxy set on the browsers..

The Telnet session goes blank and the cursor just blinks - Where exactly would I type in the GET command from the normal cmd prompt run as administrator?

This is what I get
C:\Windows\system32>GET HTTP://www.gov.uk
'GET' is not recognized as an
operable program or batch file

C:\Windows\system32>

I'll try what Santosh suggest now as well
0
 

Author Comment

by:ise438
Comment Utility
Tried

netsh winsock reset
netsh int ipv4 reset
reboot

Made no difference.

When I go to  www.gov.uk I get the spinning circle reading "Waiting for www.gov.uk" then it times out and I get "This page can't be displayed"
0
 
LVL 13

Expert Comment

by:Santosh Gupta
Comment Utility
try this.............

open a command prompt and do an "ipconfig /flushdns" and then an "ipconfig /registerdns"
then "netstat -r" after that "arp -d".
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 9

Expert Comment

by:rfportilla
Comment Utility
When you type in the telnet command, it will connect and you will get a blinking cursor.  That means you have a connection.  While the cursor is blinking, then type in the GET ...

This is sending the HTTP GET command across a TCP connection to the server.  But, you have to make the telnet connection first and then type the command through the telnet connection.

Also, have you tried turning off the Windows Firewall Service?  And turning off any other Firewall?  For instance, I have McAfee on my computer.  This behaves differently on Windows 7 than Windows XP.
0
 

Author Comment

by:ise438
Comment Utility
@Santosh Gupta
Tried command
Made no difference below is the text from the netstat -r command

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.2.254      192.168.2.3     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    276
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 

Author Comment

by:ise438
Comment Utility
@rfportilla

Yep tried it with no firewall at all make no difference.

Ok so I am use HyperTerminal for the Telnet Client - I connect to the site but the when I try and type "GET" it will not type anything
0
 
LVL 9

Expert Comment

by:rfportilla
Comment Utility
It may not be echoing locally.  That does not mean that it is not sending.  Additionally, for this test I would recommend typing out "GET http://sitename.com" in notepad and making sure there are not typos and then copying it to telnet after the connection is made.  Replace sitename with the site you are trying to reach but can't.
0
 
LVL 9

Expert Comment

by:rfportilla
Comment Utility
Can you do a tracert to one of these sites on both machines and compare the two?
0
 

Author Comment

by:ise438
Comment Utility
Ok so I pasted GET http://www.gov.uk into HyperTerminal once it was connected but still nothing returned

Tracert to www.gov.uk is the same on Win 7 and Win XP

C:\Windows\system32>tracert www.gov.uk

Tracing route to www-gov-uk.map.fastly.net [185.31.16.144]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.2.228
  2     5 ms     4 ms     4 ms  172.18.0.117
  3     6 ms     5 ms     6 ms  10.167.50.250
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.

What you gut feeling about this @Rfportilla?
0
 
LVL 9

Expert Comment

by:rfportilla
Comment Utility
Stupid question.  Did you press enter after sending the Get request?  

It looks like the IP layer is doing it's job.  For some reason the TCP layer is blocking this.  This is almost always a firewall error.  The only other thing I have is what was already recommended:

netsh winsock reset
netsh int ipv4 reset
reboot

If you tried this, then i don't know.  There is something along the way that is blocking the traffic.  How many Win7/2012 computers are exhibiting this behavior?  

Do you have an antivirus running?
0
 

Author Comment

by:ise438
Comment Utility
@Rfportilla

Yep pressed enter after sending the GET request
We use Kaspersky Endpoint 10 - but it make no different if the firewall is on or off, clean computer with no AV and no windows firewall react the same way.

This is the config from our Cisco Pix

From what I understand the first two lines indicate that there should be a problem passing traffic from the outside in...

I really appreciate you help - have you got any more ideas?

PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password lDQ1e86P2tr0BHxt encrypted
passwd RT97Q1q4kvGhHIRQ encrypted
hostname manorpark
domain-name wiseman.co.uk
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
no fixup protocol h323 1720
no fixup protocol rsh 514
no fixup protocol rtsp 554
no fixup protocol sqlnet 1521
no fixup protocol sip 5060
no fixup protocol skinny 2000
names
access-list mail permit tcp any host 77.73.11.54 eq smtp
access-list mail permit tcp any host 77.73.11.52 eq www
access-list mail permit tcp any host 77.73.11.52 eq 443
pager lines 24
logging on
logging buffered errors
logging trap notifications
interface ethernet0 auto
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 77.73.11.52 255.255.255.240
ip address inside 192.168.6.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pool2 10.44.0.181-10.44.0.187
no pdm history enable
arp timeout 14400
global (outside) 1 77.73.11.55
nat (inside) 1 172.18.0.0 255.255.255.0 0 0
nat (inside) 1 172.18.5.0 255.255.255.0 0 0
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
nat (inside) 1 192.168.2.0 255.255.255.0 0 0
nat (inside) 1 192.168.3.0 255.255.255.0 0 0
nat (inside) 1 192.168.5.0 255.255.255.0 0 0
nat (inside) 1 192.168.6.0 255.255.255.0 0 0
nat (inside) 1 192.168.216.0 255.255.255.0 0 0
static (inside,outside) 77.73.11.54 192.168.2.239 netmask 255.255.255.255 0 0
static (inside,outside) 77.73.11.52 192.168.2.250 netmask 255.255.255.255 0 0
access-group mail in interface outside
route outside 0.0.0.0 0.0.0.0 77.73.11.51 1
route inside 172.18.0.0 255.255.255.0 192.168.6.2 1
route inside 172.18.5.0 255.255.255.0 192.168.6.2 1
route inside 192.168.0.0 255.255.255.0 192.168.6.2 1
route inside 192.168.2.0 255.255.255.0 192.168.6.2 1
route inside 192.168.3.0 255.255.255.0 192.168.6.2 1
route inside 192.168.5.0 255.255.255.0 192.168.6.2 1
route inside 192.168.216.0 255.255.255.0 192.168.6.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 s
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt ipsec pl-compatible
no sysopt route dnat
telnet 192.168.6.0 255.255.255.0 inside
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.3.0 255.255.255.0 inside
telnet 192.168.5.0 255.255.255.0 inside
telnet timeout 5
ssh 205.243.102.0 255.255.255.0 inside
ssh timeout 5
terminal width 80
Cryptochecksum:b7202158dfba66d172f6a98572d95cfe
manorpark#
0
 
LVL 9

Accepted Solution

by:
rfportilla earned 500 total points
Comment Utility
Unfortunately, I can't think of anything else.  We have covered a lot of ground.  

I would retry the telnet on other known working sites just to make sure it is being done correctly.  If some sites are working with telnet and others aren't, then there is a low level thing not working properly.  We can exclude browser issues, for instance.  This would point to firewall.  Under the current circumstances, I wouldn't think it would be an external firewall.  It would have to be something that is happening in Windows differently.

I don't know what the difference would be between XP and 7.  I know this is probably driving you crazy, but the only thing I can think to do is to continue going through the configurations to see what is different.  

I'll let you know if I come up with anything else.
0
 

Author Closing Comment

by:ise438
Comment Utility
Thank you for your support although we didn't find a solution we did indeed cover alot of ground.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

When you use the right mouse button (assuming you're right handed) to click something in Windows, you usually get what is called a "context menu".  It's called that because the items in the menu vary according to context, that is, according to where…
By now, it is common knowledge that Windows 7 has been successfully been able to live up to the hype of being touted as Microsoft’s most anticipated O.S. ever. This latest 2010 Windows release builds up on its predecessor’s positives, adding new…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now