Solved

Blank https page.

Posted on 2014-10-12
24
111 Views
Last Modified: 2014-10-20
Dear Experts,
We are not able to open some https site from our branch office. The branches are connected with head office.
HO: 10.10.1.0
Branch Offices 10.10.5.0, 10.10.13.0 and so on.
The network between HO and branch offices are done by ISP through DSL Data Line and 4G Wifi. Before few days DSL data lines are being upgraded  to 4G. After changing the connection none of the branches which are upgraded able to open some of https site. We noticed this to the ISP but they found that they can able to telnet from new 4G data router to https hotmail.com and many other sites. We have given full access in the firewall (10.10.1.35) to the pcs behind those network (10.10.13.60, 10.10.5.72, etc). No changes have been done on firewall since the up gradation. We have multiple ISP for internet also and tried to route traffice to both the ISP as well but with no luck. For backup every branch is connected with two ISP data. If we switch the problematic pc to other isp data line the problem solves. What could be the problem. Please advice.
Thanks.
0
Comment
Question by:ibu1
  • 13
  • 11
24 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376401
Is this happening with IE only or any browser eg Firefox, Chrome, Safari, Opera, etc

If just IE, try adding the sites to trusted sites
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376403
Happening with all browser.
thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376407
Some sensitive sites only grant access based on prior contact with their IT. They grant access only to approved IP addresses. With the change you made, you public IP definitely changed also. You may need to re-register your new public IP with those companies.

You mentioned "some" sites, meaning not all https sites return blank pages, correct?

If your firewalls are open, the only other thing to concentrate on is the certificates from those sites
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 12

Author Comment

by:ibu1
ID: 40376416
The branch offices are connected with private IP Address.
HO- 10.10.1.0
Branches offices: 10.10.2.0, 10.10.3.0, 10.10.4.0 ,etc.
The public IP address will remain the same as these as there private are being natted to only two wan ip addresses. I tried to changed the natting to both public ip address but same problem.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376429
In that case, confirm that the ip addresses from those sites are allowed through your firewall. You v=can also check connectivity to those sites on port 443 using port checkers like portquery. There are online services you can use also.

http://www.microsoft.com/en-us/download/details.aspx?id=24009
http://www.focusedit.co.uk/blog/25-port-query-tool-portqry-exe-in-windows-7

If this returns listening message, then your the sites are not blocking you, but rather, your firewall may not be allowing traffic from those sites back into your network.

Certificates could be an issue but not likely in this case.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376463
The query is successful. If the firewall is not allowing traffic back to our network, it would be for the whole network but some ip subnets are able to access the https hotmail.com. The problem is only for the network which are upgrade to 4G. Before upgrading to 4G there was no issue with DSL data line.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376484
Did you run the test from a computer having trouble?

The other possibilities I can think of are routes and DNS. If connection through 1 ISP works but the other ISP does not work, the problem will be on the ISP side.

If you ping Hotmail.com from affected PC, what is the TTL value.
Also, do a tracert from the one affected PC and another from a working PC and compare the paths
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376518
Did you run the test from a computer having trouble? Yes.
I changed the dns also for that pc to 8.8.8.8. Tracer route successfully ends in the problematic pc. Compare the trace route ip address of live.com with the working pc and added that ip in the problematic pc's hosts file to match the same but still the same problem.
thanks.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376520
Blank white page at "establishing secure connection".
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376544
Try running windows update on the computers. Also, reset the browser cache

The negotiation between your computer and the site is not completing.

You can also try resetting your NIC
netsh ip int reset
netsh winsock reset
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376560
Run the above command. Reset browser cache for all the browser but same problem.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376564
How about windows update?
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376577
Not yet, but same problem with the windows 7 PC as well.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376581
Not an upgrade but an update.
There may be a security patch that would solve that problem. The W7 may not have the update.
You can google "establishing secure connection" to see other things people have tried. The bottom line is, your computers are not completing credential exchange with the website and there are several things that can cause that. You may try several before you hit the mark.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376585
yes, but I mean some bugs of windows XP are fixed in Windows 7. Anyways, I am preparing for Windows update.
Thanx.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376666
Same problem even after updating windows xp.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376718
How about the LAN property settings
Check if "Automatically Detect LAN settings" is checked. Make sure there is no Proxy Setting checked unless you have a proxy server, in which case you will need to specify the proxy settings
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376783
All of the above are unchecked.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40378293
Check the "Automatically Detect LAN settings" so the computers can negotiate connection automatically
0
 
LVL 12

Author Comment

by:ibu1
ID: 40379326
Checked now but same.
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 40379364
You may have to contact your ISP. I think the problem at this point is on their side, based on information you provided
0
 
LVL 12

Author Comment

by:ibu1
ID: 40379369
Yesterday, I again called the ISP. For their troubleshooting, they disable the subnet from where we can successfully able to access the hotmail.com site and provide that subnet to the problem subnet to check if there is problem with routing or policy in the firewall.They found that after switching the subnet, the issue remained same. Have already opened ticket with them and will let experts know if we find the solution.
Thanks for your prompt response.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40391977
Solved now by ISP. The only answer provided by them is they increased the MTU in the cisco gateway router.
Thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40393204
Awesome.
It looks like they may be running EIGRP. There probably was a mismatch in the MTU
Thanks for the update
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASE reports it as spam 2 286
Palo Alto Networks: Truly No Hit Count? 2 43
How analyse your IT Outsourcing provider 3 30
What problem can Native VLAN mismatch causes 4 33
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now