Blank https page.

Dear Experts,
We are not able to open some https site from our branch office. The branches are connected with head office.
HO: 10.10.1.0
Branch Offices 10.10.5.0, 10.10.13.0 and so on.
The network between HO and branch offices are done by ISP through DSL Data Line and 4G Wifi. Before few days DSL data lines are being upgraded  to 4G. After changing the connection none of the branches which are upgraded able to open some of https site. We noticed this to the ISP but they found that they can able to telnet from new 4G data router to https hotmail.com and many other sites. We have given full access in the firewall (10.10.1.35) to the pcs behind those network (10.10.13.60, 10.10.5.72, etc). No changes have been done on firewall since the up gradation. We have multiple ISP for internet also and tried to route traffice to both the ISP as well but with no luck. For backup every branch is connected with two ISP data. If we switch the problematic pc to other isp data line the problem solves. What could be the problem. Please advice.
Thanks.
LVL 12
ibu1Senior System AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented:
Is this happening with IE only or any browser eg Firefox, Chrome, Safari, Opera, etc

If just IE, try adding the sites to trusted sites
0
ibu1Senior System AdministratorAuthor Commented:
Happening with all browser.
thanks.
0
AkinsdNetwork AdministratorCommented:
Some sensitive sites only grant access based on prior contact with their IT. They grant access only to approved IP addresses. With the change you made, you public IP definitely changed also. You may need to re-register your new public IP with those companies.

You mentioned "some" sites, meaning not all https sites return blank pages, correct?

If your firewalls are open, the only other thing to concentrate on is the certificates from those sites
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

ibu1Senior System AdministratorAuthor Commented:
The branch offices are connected with private IP Address.
HO- 10.10.1.0
Branches offices: 10.10.2.0, 10.10.3.0, 10.10.4.0 ,etc.
The public IP address will remain the same as these as there private are being natted to only two wan ip addresses. I tried to changed the natting to both public ip address but same problem.
0
AkinsdNetwork AdministratorCommented:
In that case, confirm that the ip addresses from those sites are allowed through your firewall. You v=can also check connectivity to those sites on port 443 using port checkers like portquery. There are online services you can use also.

http://www.microsoft.com/en-us/download/details.aspx?id=24009
http://www.focusedit.co.uk/blog/25-port-query-tool-portqry-exe-in-windows-7

If this returns listening message, then your the sites are not blocking you, but rather, your firewall may not be allowing traffic from those sites back into your network.

Certificates could be an issue but not likely in this case.
0
ibu1Senior System AdministratorAuthor Commented:
The query is successful. If the firewall is not allowing traffic back to our network, it would be for the whole network but some ip subnets are able to access the https hotmail.com. The problem is only for the network which are upgrade to 4G. Before upgrading to 4G there was no issue with DSL data line.
0
AkinsdNetwork AdministratorCommented:
Did you run the test from a computer having trouble?

The other possibilities I can think of are routes and DNS. If connection through 1 ISP works but the other ISP does not work, the problem will be on the ISP side.

If you ping Hotmail.com from affected PC, what is the TTL value.
Also, do a tracert from the one affected PC and another from a working PC and compare the paths
0
ibu1Senior System AdministratorAuthor Commented:
Did you run the test from a computer having trouble? Yes.
I changed the dns also for that pc to 8.8.8.8. Tracer route successfully ends in the problematic pc. Compare the trace route ip address of live.com with the working pc and added that ip in the problematic pc's hosts file to match the same but still the same problem.
thanks.
0
ibu1Senior System AdministratorAuthor Commented:
Blank white page at "establishing secure connection".
0
AkinsdNetwork AdministratorCommented:
Try running windows update on the computers. Also, reset the browser cache

The negotiation between your computer and the site is not completing.

You can also try resetting your NIC
netsh ip int reset
netsh winsock reset
0
ibu1Senior System AdministratorAuthor Commented:
Run the above command. Reset browser cache for all the browser but same problem.
0
AkinsdNetwork AdministratorCommented:
How about windows update?
0
ibu1Senior System AdministratorAuthor Commented:
Not yet, but same problem with the windows 7 PC as well.
0
AkinsdNetwork AdministratorCommented:
Not an upgrade but an update.
There may be a security patch that would solve that problem. The W7 may not have the update.
You can google "establishing secure connection" to see other things people have tried. The bottom line is, your computers are not completing credential exchange with the website and there are several things that can cause that. You may try several before you hit the mark.
0
ibu1Senior System AdministratorAuthor Commented:
yes, but I mean some bugs of windows XP are fixed in Windows 7. Anyways, I am preparing for Windows update.
Thanx.
0
ibu1Senior System AdministratorAuthor Commented:
Same problem even after updating windows xp.
0
AkinsdNetwork AdministratorCommented:
How about the LAN property settings
Check if "Automatically Detect LAN settings" is checked. Make sure there is no Proxy Setting checked unless you have a proxy server, in which case you will need to specify the proxy settings
0
ibu1Senior System AdministratorAuthor Commented:
All of the above are unchecked.
0
AkinsdNetwork AdministratorCommented:
Check the "Automatically Detect LAN settings" so the computers can negotiate connection automatically
0
ibu1Senior System AdministratorAuthor Commented:
Checked now but same.
0
AkinsdNetwork AdministratorCommented:
You may have to contact your ISP. I think the problem at this point is on their side, based on information you provided
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ibu1Senior System AdministratorAuthor Commented:
Yesterday, I again called the ISP. For their troubleshooting, they disable the subnet from where we can successfully able to access the hotmail.com site and provide that subnet to the problem subnet to check if there is problem with routing or policy in the firewall.They found that after switching the subnet, the issue remained same. Have already opened ticket with them and will let experts know if we find the solution.
Thanks for your prompt response.
0
ibu1Senior System AdministratorAuthor Commented:
Solved now by ISP. The only answer provided by them is they increased the MTU in the cisco gateway router.
Thanks.
0
AkinsdNetwork AdministratorCommented:
Awesome.
It looks like they may be running EIGRP. There probably was a mismatch in the MTU
Thanks for the update
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.