Cannot access barclaycardus.com website
I have a network that runs behind a Sonicwall TZ-215. There is no content filtering or any other licensed protection setup on the unit. The server using IE11 and Chrome can get to the site https://www.barclaycardus.com or juniper.com (company they merged with). The problem is that all the workstations cannot get to the site - they get " this page can't be displayed" I thought this may be a malware issue, however running RogueKiller, CCleaner, and Malwarebytes have not resolved the issue and they are running clean scans. I also thought this may be a DNS issue, however using nslookup on the desktops and server all resolve the website name fine. I also tried to use https://192.107.16.41 in hopes of getting a SSL certificate error, but I received the same "this page can't be displayed" message. I checked the proxy settings and they are set to automatically detect and there are no entries under the proxy sever. I find it hard to believe that all systems in this network are infected with something that is preventing the site from being accessed. I am seeing many posts of people running into this same issue, but no apparent resolution
ASKER
Yes I received a response. checked for host file entries, nothing uncommented. tracert locates the site fine. I can get to the site on my phone, on my home machine, from the server that is on the LAN, and my laptop that was carried in. I have firewall turned off on the machines I am working with. I will check GPO
if only computers whitin your LAN which are in the domain are affected then it looks like for some rule in your GPO or Antivirus.
If it would be a malware I do not see a reason why all workstations are infected but server(s) not, but for GPO or AV rule it could be server OU is excluded and on devices not in domain (home laptop, smartphone) is not applied.
I also assume you do not have separate VLANs, special for workstations.
If it would be a malware I do not see a reason why all workstations are infected but server(s) not, but for GPO or AV rule it could be server OU is excluded and on devices not in domain (home laptop, smartphone) is not applied.
I also assume you do not have separate VLANs, special for workstations.
ASKER
You are correct, no VLANS
ASKER
Disabled Vipre Business (AV) and disabled GPO (with update/force. rebooted both test workstations and still no website
check applied GPOs with command
gpresult /R
or exported as html file with
gpresult /H c:\report.html
gpresult /R
or exported as html file with
gpresult /H c:\report.html
Here is a link covering a few issues with https sites giving "page cannot be displayed" that I would run through.
http://support.microsoft.com/kb/968089
Some https sites need matching date/time set on workstations, and some add-ons may mess it up. If you find a fix in this list above, then sounds like you need it in GPO.
http://support.microsoft.com/kb/968089
Some https sites need matching date/time set on workstations, and some add-ons may mess it up. If you find a fix in this list above, then sounds like you need it in GPO.
I noticed I made my time/date way off by days and still can access, so that's probably not it.
ASKER
I reviewed and even went as far as disabling the GPO did a GP update and even waited another 20 minutes on top of that (very small network) and the site still does not display.
Darn huh?
These links from EE ...
https://www.experts-exchange.com/questions/28458645/Non-SSL-Cart-Not-Displayed-in-SSL-secured-site.html
https://www.experts-exchange.com/questions/28385458/Internet-explorer-refuses-secure-links-HTTPS.html
https://www.experts-exchange.com/questions/28086816/HELP-Cannot-get-SSL-redirection-to-work-on-SharePoint-2010.html
have some similar comments you may find useful. Since it's EE you can easily contact any expert directly to inquire about your particular situation. Did you check on cryptographic services?
Sorry I couldn't spend more time just now. The below excerpt is from an article and brings up cryptographic services.
and the article is ...
https://www.experts-exchange.com/Software/Internet_Email/Web_Browsers/A_2630-Rectifying-internet-explorer-browser-problems-in-Windows.html
These links from EE ...
https://www.experts-exchange.com/questions/28458645/Non-SSL-Cart-Not-Displayed-in-SSL-secured-site.html
https://www.experts-exchange.com/questions/28385458/Internet-explorer-refuses-secure-links-HTTPS.html
https://www.experts-exchange.com/questions/28086816/HELP-Cannot-get-SSL-redirection-to-work-on-SharePoint-2010.html
have some similar comments you may find useful. Since it's EE you can easily contact any expert directly to inquire about your particular situation. Did you check on cryptographic services?
Sorry I couldn't spend more time just now. The below excerpt is from an article and brings up cryptographic services.
and the article is ...
https://www.experts-exchange.com/Software/Internet_Email/Web_Browsers/A_2630-Rectifying-internet-explorer-browser-problems-in-Windows.html
ASKER
Christopher,
Thanks, ran through this last set of recommendations, still no go. This is very puzzling. Even the article from Ravi, sent me to a couple of settings I would not have checked, but again, no go.
Thanks, ran through this last set of recommendations, still no go. This is very puzzling. Even the article from Ravi, sent me to a couple of settings I would not have checked, but again, no go.
Are the workstations plugged in?
:) Sorry, couldn't resist.
I just sent a request for help to a few experts in the links I posted above and you are copied on the request. Haven't done it before so hope I did it correctly. Let's see if anyone can help you out.
:) Sorry, couldn't resist.
I just sent a request for help to a few experts in the links I posted above and you are copied on the request. Haven't done it before so hope I did it correctly. Let's see if anyone can help you out.
Is it just this site or all https sites?
Check the settings on the workstations in IE whether they are using proxy.
Second check whether these workstations and sight are setup in compatibility mode.
Have the user run proxycfg
another options, not sure whether IE11 also has the option to disable the friendly error message The last option on the Browsing section of internet options advanced tab "Show friendly HTTP error messages."
one this is disabled, and the browser reopened, you should get a clearer picture what is going on.
Second check whether these workstations and sight are setup in compatibility mode.
Have the user run proxycfg
another options, not sure whether IE11 also has the option to disable the friendly error message The last option on the Browsing section of internet options advanced tab "Show friendly HTTP error messages."
one this is disabled, and the browser reopened, you should get a clearer picture what is going on.
ASKER
Gary,
It is just this site and juniper.com (the same company)
It is just this site and juniper.com (the same company)
ASKER
Christopher,
Is it a requirement to be plugged in ? The gerbil is running as fast as he can on the treadmill to get enough power :-)
Is it a requirement to be plugged in ? The gerbil is running as fast as he can on the treadmill to get enough power :-)
Who are the workstations using for DNS?
ASKER
the DC. Name resolution is working fine. nslookup find the name, ping by name and IP work fine. In IE, the status updates from finding, to waiting on the site in a matter of a few seconds. As in the original post the server can bring up the site just fine
And on the workstations is it the same in any browser?
Wondering if the gerbil is tired.
Also wondering if helpfinder suggestion about GPResult was tried. helpfinder seemed to be on a steady progression with that course.
Also wondering if helpfinder suggestion about GPResult was tried. helpfinder seemed to be on a steady progression with that course.
ASKER
GPResult show no policies directly or in directly assigned to client systems. As stated, created a new OU and moved clients to new OU that had no policy assigned to is and still cannot display site.
What about checking the browser on the workstation connection/lan/proxy settings? Is auto proxy enabled? See whether your DNS/dhcp push proxy information.
Check add-ons to make sure they are not diverting the traffic.
After disabling the show friendly http errors, what was the displayed error?
Check add-ons to make sure they are not diverting the traffic.
After disabling the show friendly http errors, what was the displayed error?
ASKER
All add ons are disabled, I am running IE in No add-on mode. proxy is set to auto detect. At one point I tried with this turned off and no change running proxycfg as suggested yielded the same interface as internet options, connections, LAN setting, etc.. DHCP is not pushing a proxy, DNS is working fine as site can be be resolved. Ping returns timed out but resolves to 192.107.16.41 which is the same site as what I get from home and the site pulls up. I am confident that ICMP is turned off on their side and I do not get a reply from a working system nor a non working system. The step I attempted this morning was to install telnet and telnet to the site on port 80, from the server it connects, from the workstation it does not
Here is a rather good procedural account of how IE does things up to IE9 with auto proxy config. Maybe you all know these things already but I was hoping it might provide a new clue or idea. Maybe check the link near bottom for "retrying a bad proxy server" also.
http://support.microsoft.com/kb/271361
http://support.microsoft.com/kb/271361
ASKER
Christopher, I am uploading the results of the GP result in the event I may be overlooking something here
report.html
report.html
Great. Why not.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Great call on telnet!! Led me to this KB and I wondered if the method described is what you tried with telnet, to isolate the problem.
http://support.microsoft.com/kb/290051
http://support.microsoft.com/kb/290051
ASKER
Ok, You will not believe this. I followed the idea from Arnold and printed an ipconfig from a working and non working system and then compared them side by side. Low and behold found a difference:
Local subnet 255.255.255.0 vs 255.0.0.0
Then I looked at the scope the tech setup just recently
Scope option and found the subnet mask was not set right.
Great suggestion Arnold
Thanks for all the help Christopher
Local subnet 255.255.255.0 vs 255.0.0.0
Then I looked at the scope the tech setup just recently
Scope option and found the subnet mask was not set right.
Great suggestion Arnold
Thanks for all the help Christopher
Hooray!! Thanks to you all for letting me participate at my level.
I'll have to do some masking homework on why it was only Barclay https.
I'll have to do some masking homework on why it was only Barclay https.
ASKER
agree, this did not make sense
check host files on affected machine (c:\windows\system32\drive
try also command tracert www.barclaycardus.com where you can go and where it stops to respond
check some general GPO you vcan have applied on all machines for some suspicios setting which could do this.
do you have wifi also? what if you try to browse that web page from smartphone?
what if you try to browse the web page with some computer connected to your LAN which is not added to your domain? (if you have domain in your LAN enviroment)
try to turn off windows firewall if you can browse the web page like this
try to turn off your antivirus client on machine to test as well