[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

Blank https page.

Dear Experts,
We are not able to open some https site from our branch office. The branches are connected with head office.
HO: 10.10.1.0
Branch Offices 10.10.5.0, 10.10.13.0 and so on.
The network between HO and branch offices are done by ISP through DSL Data Line and 4G Wifi. Before few days DSL data lines are being upgraded  to 4G. After changing the connection none of the branches which are upgraded able to open some of https site. We noticed this to the ISP but they found that they can able to telnet from new 4G data router to https hotmail.com and many other sites. We have given full access in the firewall (10.10.1.35) to the pcs behind those network (10.10.13.60, 10.10.5.72, etc). No changes have been done on firewall since the up gradation. We have multiple ISP for internet also and tried to route traffice to both the ISP as well but with no luck. For backup every branch is connected with two ISP data. If we switch the problematic pc to other isp data line the problem solves. What could be the problem. Please advice.
Thanks.
0
ibu1
Asked:
ibu1
  • 13
  • 11
1 Solution
 
AkinsdNetwork AdministratorCommented:
Is this happening with IE only or any browser eg Firefox, Chrome, Safari, Opera, etc

If just IE, try adding the sites to trusted sites
0
 
ibu1Author Commented:
Happening with all browser.
thanks.
0
 
AkinsdNetwork AdministratorCommented:
Some sensitive sites only grant access based on prior contact with their IT. They grant access only to approved IP addresses. With the change you made, you public IP definitely changed also. You may need to re-register your new public IP with those companies.

You mentioned "some" sites, meaning not all https sites return blank pages, correct?

If your firewalls are open, the only other thing to concentrate on is the certificates from those sites
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
ibu1Author Commented:
The branch offices are connected with private IP Address.
HO- 10.10.1.0
Branches offices: 10.10.2.0, 10.10.3.0, 10.10.4.0 ,etc.
The public IP address will remain the same as these as there private are being natted to only two wan ip addresses. I tried to changed the natting to both public ip address but same problem.
0
 
AkinsdNetwork AdministratorCommented:
In that case, confirm that the ip addresses from those sites are allowed through your firewall. You v=can also check connectivity to those sites on port 443 using port checkers like portquery. There are online services you can use also.

http://www.microsoft.com/en-us/download/details.aspx?id=24009
http://www.focusedit.co.uk/blog/25-port-query-tool-portqry-exe-in-windows-7

If this returns listening message, then your the sites are not blocking you, but rather, your firewall may not be allowing traffic from those sites back into your network.

Certificates could be an issue but not likely in this case.
0
 
ibu1Author Commented:
The query is successful. If the firewall is not allowing traffic back to our network, it would be for the whole network but some ip subnets are able to access the https hotmail.com. The problem is only for the network which are upgrade to 4G. Before upgrading to 4G there was no issue with DSL data line.
0
 
AkinsdNetwork AdministratorCommented:
Did you run the test from a computer having trouble?

The other possibilities I can think of are routes and DNS. If connection through 1 ISP works but the other ISP does not work, the problem will be on the ISP side.

If you ping Hotmail.com from affected PC, what is the TTL value.
Also, do a tracert from the one affected PC and another from a working PC and compare the paths
0
 
ibu1Author Commented:
Did you run the test from a computer having trouble? Yes.
I changed the dns also for that pc to 8.8.8.8. Tracer route successfully ends in the problematic pc. Compare the trace route ip address of live.com with the working pc and added that ip in the problematic pc's hosts file to match the same but still the same problem.
thanks.
0
 
ibu1Author Commented:
Blank white page at "establishing secure connection".
0
 
AkinsdNetwork AdministratorCommented:
Try running windows update on the computers. Also, reset the browser cache

The negotiation between your computer and the site is not completing.

You can also try resetting your NIC
netsh ip int reset
netsh winsock reset
0
 
ibu1Author Commented:
Run the above command. Reset browser cache for all the browser but same problem.
0
 
AkinsdNetwork AdministratorCommented:
How about windows update?
0
 
ibu1Author Commented:
Not yet, but same problem with the windows 7 PC as well.
0
 
AkinsdNetwork AdministratorCommented:
Not an upgrade but an update.
There may be a security patch that would solve that problem. The W7 may not have the update.
You can google "establishing secure connection" to see other things people have tried. The bottom line is, your computers are not completing credential exchange with the website and there are several things that can cause that. You may try several before you hit the mark.
0
 
ibu1Author Commented:
yes, but I mean some bugs of windows XP are fixed in Windows 7. Anyways, I am preparing for Windows update.
Thanx.
0
 
ibu1Author Commented:
Same problem even after updating windows xp.
0
 
AkinsdNetwork AdministratorCommented:
How about the LAN property settings
Check if "Automatically Detect LAN settings" is checked. Make sure there is no Proxy Setting checked unless you have a proxy server, in which case you will need to specify the proxy settings
0
 
ibu1Author Commented:
All of the above are unchecked.
0
 
AkinsdNetwork AdministratorCommented:
Check the "Automatically Detect LAN settings" so the computers can negotiate connection automatically
0
 
ibu1Author Commented:
Checked now but same.
0
 
AkinsdNetwork AdministratorCommented:
You may have to contact your ISP. I think the problem at this point is on their side, based on information you provided
0
 
ibu1Author Commented:
Yesterday, I again called the ISP. For their troubleshooting, they disable the subnet from where we can successfully able to access the hotmail.com site and provide that subnet to the problem subnet to check if there is problem with routing or policy in the firewall.They found that after switching the subnet, the issue remained same. Have already opened ticket with them and will let experts know if we find the solution.
Thanks for your prompt response.
0
 
ibu1Author Commented:
Solved now by ISP. The only answer provided by them is they increased the MTU in the cisco gateway router.
Thanks.
0
 
AkinsdNetwork AdministratorCommented:
Awesome.
It looks like they may be running EIGRP. There probably was a mismatch in the MTU
Thanks for the update
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 13
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now