Solved

Blank https page.

Posted on 2014-10-12
24
113 Views
Last Modified: 2014-10-20
Dear Experts,
We are not able to open some https site from our branch office. The branches are connected with head office.
HO: 10.10.1.0
Branch Offices 10.10.5.0, 10.10.13.0 and so on.
The network between HO and branch offices are done by ISP through DSL Data Line and 4G Wifi. Before few days DSL data lines are being upgraded  to 4G. After changing the connection none of the branches which are upgraded able to open some of https site. We noticed this to the ISP but they found that they can able to telnet from new 4G data router to https hotmail.com and many other sites. We have given full access in the firewall (10.10.1.35) to the pcs behind those network (10.10.13.60, 10.10.5.72, etc). No changes have been done on firewall since the up gradation. We have multiple ISP for internet also and tried to route traffice to both the ISP as well but with no luck. For backup every branch is connected with two ISP data. If we switch the problematic pc to other isp data line the problem solves. What could be the problem. Please advice.
Thanks.
0
Comment
Question by:ibu1
  • 13
  • 11
24 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376401
Is this happening with IE only or any browser eg Firefox, Chrome, Safari, Opera, etc

If just IE, try adding the sites to trusted sites
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376403
Happening with all browser.
thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376407
Some sensitive sites only grant access based on prior contact with their IT. They grant access only to approved IP addresses. With the change you made, you public IP definitely changed also. You may need to re-register your new public IP with those companies.

You mentioned "some" sites, meaning not all https sites return blank pages, correct?

If your firewalls are open, the only other thing to concentrate on is the certificates from those sites
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 12

Author Comment

by:ibu1
ID: 40376416
The branch offices are connected with private IP Address.
HO- 10.10.1.0
Branches offices: 10.10.2.0, 10.10.3.0, 10.10.4.0 ,etc.
The public IP address will remain the same as these as there private are being natted to only two wan ip addresses. I tried to changed the natting to both public ip address but same problem.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376429
In that case, confirm that the ip addresses from those sites are allowed through your firewall. You v=can also check connectivity to those sites on port 443 using port checkers like portquery. There are online services you can use also.

http://www.microsoft.com/en-us/download/details.aspx?id=24009
http://www.focusedit.co.uk/blog/25-port-query-tool-portqry-exe-in-windows-7

If this returns listening message, then your the sites are not blocking you, but rather, your firewall may not be allowing traffic from those sites back into your network.

Certificates could be an issue but not likely in this case.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376463
The query is successful. If the firewall is not allowing traffic back to our network, it would be for the whole network but some ip subnets are able to access the https hotmail.com. The problem is only for the network which are upgrade to 4G. Before upgrading to 4G there was no issue with DSL data line.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376484
Did you run the test from a computer having trouble?

The other possibilities I can think of are routes and DNS. If connection through 1 ISP works but the other ISP does not work, the problem will be on the ISP side.

If you ping Hotmail.com from affected PC, what is the TTL value.
Also, do a tracert from the one affected PC and another from a working PC and compare the paths
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376518
Did you run the test from a computer having trouble? Yes.
I changed the dns also for that pc to 8.8.8.8. Tracer route successfully ends in the problematic pc. Compare the trace route ip address of live.com with the working pc and added that ip in the problematic pc's hosts file to match the same but still the same problem.
thanks.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376520
Blank white page at "establishing secure connection".
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376544
Try running windows update on the computers. Also, reset the browser cache

The negotiation between your computer and the site is not completing.

You can also try resetting your NIC
netsh ip int reset
netsh winsock reset
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376560
Run the above command. Reset browser cache for all the browser but same problem.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376564
How about windows update?
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376577
Not yet, but same problem with the windows 7 PC as well.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376581
Not an upgrade but an update.
There may be a security patch that would solve that problem. The W7 may not have the update.
You can google "establishing secure connection" to see other things people have tried. The bottom line is, your computers are not completing credential exchange with the website and there are several things that can cause that. You may try several before you hit the mark.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376585
yes, but I mean some bugs of windows XP are fixed in Windows 7. Anyways, I am preparing for Windows update.
Thanx.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376666
Same problem even after updating windows xp.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40376718
How about the LAN property settings
Check if "Automatically Detect LAN settings" is checked. Make sure there is no Proxy Setting checked unless you have a proxy server, in which case you will need to specify the proxy settings
0
 
LVL 12

Author Comment

by:ibu1
ID: 40376783
All of the above are unchecked.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40378293
Check the "Automatically Detect LAN settings" so the computers can negotiate connection automatically
0
 
LVL 12

Author Comment

by:ibu1
ID: 40379326
Checked now but same.
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 40379364
You may have to contact your ISP. I think the problem at this point is on their side, based on information you provided
0
 
LVL 12

Author Comment

by:ibu1
ID: 40379369
Yesterday, I again called the ISP. For their troubleshooting, they disable the subnet from where we can successfully able to access the hotmail.com site and provide that subnet to the problem subnet to check if there is problem with routing or policy in the firewall.They found that after switching the subnet, the issue remained same. Have already opened ticket with them and will let experts know if we find the solution.
Thanks for your prompt response.
0
 
LVL 12

Author Comment

by:ibu1
ID: 40391977
Solved now by ISP. The only answer provided by them is they increased the MTU in the cisco gateway router.
Thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40393204
Awesome.
It looks like they may be running EIGRP. There probably was a mismatch in the MTU
Thanks for the update
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port 808 is being blocked 9 121
Routing between two networks? 10 76
Public IP Address - Subnet 4 35
Connectivity issues after power outage 5 33
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question