Solved

Blank https page.

Posted on 2014-10-12
24
102 Views
Last Modified: 2014-10-20
Dear Experts,
We are not able to open some https site from our branch office. The branches are connected with head office.
HO: 10.10.1.0
Branch Offices 10.10.5.0, 10.10.13.0 and so on.
The network between HO and branch offices are done by ISP through DSL Data Line and 4G Wifi. Before few days DSL data lines are being upgraded  to 4G. After changing the connection none of the branches which are upgraded able to open some of https site. We noticed this to the ISP but they found that they can able to telnet from new 4G data router to https hotmail.com and many other sites. We have given full access in the firewall (10.10.1.35) to the pcs behind those network (10.10.13.60, 10.10.5.72, etc). No changes have been done on firewall since the up gradation. We have multiple ISP for internet also and tried to route traffice to both the ISP as well but with no luck. For backup every branch is connected with two ISP data. If we switch the problematic pc to other isp data line the problem solves. What could be the problem. Please advice.
Thanks.
0
Comment
Question by:ibu1
  • 13
  • 11
24 Comments
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Is this happening with IE only or any browser eg Firefox, Chrome, Safari, Opera, etc

If just IE, try adding the sites to trusted sites
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Happening with all browser.
thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Some sensitive sites only grant access based on prior contact with their IT. They grant access only to approved IP addresses. With the change you made, you public IP definitely changed also. You may need to re-register your new public IP with those companies.

You mentioned "some" sites, meaning not all https sites return blank pages, correct?

If your firewalls are open, the only other thing to concentrate on is the certificates from those sites
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
The branch offices are connected with private IP Address.
HO- 10.10.1.0
Branches offices: 10.10.2.0, 10.10.3.0, 10.10.4.0 ,etc.
The public IP address will remain the same as these as there private are being natted to only two wan ip addresses. I tried to changed the natting to both public ip address but same problem.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
In that case, confirm that the ip addresses from those sites are allowed through your firewall. You v=can also check connectivity to those sites on port 443 using port checkers like portquery. There are online services you can use also.

http://www.microsoft.com/en-us/download/details.aspx?id=24009
http://www.focusedit.co.uk/blog/25-port-query-tool-portqry-exe-in-windows-7

If this returns listening message, then your the sites are not blocking you, but rather, your firewall may not be allowing traffic from those sites back into your network.

Certificates could be an issue but not likely in this case.
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
The query is successful. If the firewall is not allowing traffic back to our network, it would be for the whole network but some ip subnets are able to access the https hotmail.com. The problem is only for the network which are upgrade to 4G. Before upgrading to 4G there was no issue with DSL data line.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Did you run the test from a computer having trouble?

The other possibilities I can think of are routes and DNS. If connection through 1 ISP works but the other ISP does not work, the problem will be on the ISP side.

If you ping Hotmail.com from affected PC, what is the TTL value.
Also, do a tracert from the one affected PC and another from a working PC and compare the paths
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Did you run the test from a computer having trouble? Yes.
I changed the dns also for that pc to 8.8.8.8. Tracer route successfully ends in the problematic pc. Compare the trace route ip address of live.com with the working pc and added that ip in the problematic pc's hosts file to match the same but still the same problem.
thanks.
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Blank white page at "establishing secure connection".
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Try running windows update on the computers. Also, reset the browser cache

The negotiation between your computer and the site is not completing.

You can also try resetting your NIC
netsh ip int reset
netsh winsock reset
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Run the above command. Reset browser cache for all the browser but same problem.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
How about windows update?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Author Comment

by:ibu1
Comment Utility
Not yet, but same problem with the windows 7 PC as well.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Not an upgrade but an update.
There may be a security patch that would solve that problem. The W7 may not have the update.
You can google "establishing secure connection" to see other things people have tried. The bottom line is, your computers are not completing credential exchange with the website and there are several things that can cause that. You may try several before you hit the mark.
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
yes, but I mean some bugs of windows XP are fixed in Windows 7. Anyways, I am preparing for Windows update.
Thanx.
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Same problem even after updating windows xp.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
How about the LAN property settings
Check if "Automatically Detect LAN settings" is checked. Make sure there is no Proxy Setting checked unless you have a proxy server, in which case you will need to specify the proxy settings
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
All of the above are unchecked.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Check the "Automatically Detect LAN settings" so the computers can negotiate connection automatically
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Checked now but same.
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
Comment Utility
You may have to contact your ISP. I think the problem at this point is on their side, based on information you provided
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Yesterday, I again called the ISP. For their troubleshooting, they disable the subnet from where we can successfully able to access the hotmail.com site and provide that subnet to the problem subnet to check if there is problem with routing or policy in the firewall.They found that after switching the subnet, the issue remained same. Have already opened ticket with them and will let experts know if we find the solution.
Thanks for your prompt response.
0
 
LVL 12

Author Comment

by:ibu1
Comment Utility
Solved now by ISP. The only answer provided by them is they increased the MTU in the cisco gateway router.
Thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Awesome.
It looks like they may be running EIGRP. There probably was a mismatch in the MTU
Thanks for the update
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now