Cannot access barclaycardus.com website

I have a network that runs behind a Sonicwall TZ-215.  There is no content filtering or any other licensed protection setup on the unit.  The server using IE11 and Chrome can get to the site https://www.barclaycardus.com or juniper.com (company they merged with). The problem is that all the workstations cannot get to the site - they get " this page can't be displayed" I thought this may be a malware issue, however running RogueKiller, CCleaner, and Malwarebytes have not resolved the issue and they are running clean scans.  I also thought this may be a DNS issue, however using nslookup on the desktops and server all resolve the website name fine.  I also tried to use https://192.107.16.41 in hopes of getting a SSL certificate error, but I received the same "this page can't be displayed" message.  I checked the proxy settings and they are set to automatically detect and there are no entries under the proxy sever.  I find it hard to believe that all systems in this network are infected with something that is preventing the site from being accessed.  I am seeing many posts of people running into this same issue, but no apparent resolution
rbarwigAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

helpfinderIT ConsultantCommented:
when you are pinging that web site are you receiving response?
check host files on affected machine (c:\windows\system32\drivers\etc) if you have some records (uncommented) here
try also command tracert www.barclaycardus.com where you can go and where it stops to respond
check some general GPO you vcan have applied on all machines for some suspicios setting which could do this.
do you have wifi also? what if you try to browse that web page from smartphone?
what if you try to browse the web page with some computer connected to your LAN which is not added to your domain? (if you have domain in your LAN enviroment)
try to turn off windows firewall if you can browse the web page like this
try to turn off your antivirus client on machine to test as well
0
rbarwigAuthor Commented:
Yes I received a response. checked for host file entries, nothing uncommented. tracert locates the site fine. I can get to the site on my phone, on my home machine, from the server that is on the LAN, and my laptop that was carried in.  I have firewall turned off on the machines I am working with.  I will check GPO
0
helpfinderIT ConsultantCommented:
if only computers whitin your LAN which are in the domain are affected then it looks like for some rule in your GPO or Antivirus.
If it would be a malware I do not see a reason why all workstations are infected but server(s) not, but for GPO or AV rule it could be server OU is excluded and on devices not in domain (home laptop, smartphone) is not applied.
I also assume you do not have separate VLANs, special for workstations.
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

rbarwigAuthor Commented:
You are correct, no VLANS
0
rbarwigAuthor Commented:
Disabled Vipre Business (AV) and disabled GPO (with update/force.  rebooted both test workstations and still no website
0
helpfinderIT ConsultantCommented:
check applied GPOs with command
gpresult /R
or exported as html file with
gpresult /H c:\report.html
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Here is a link covering a few issues with https sites giving "page cannot be displayed" that I would run through.  

http://support.microsoft.com/kb/968089

Some https sites need matching date/time set on workstations, and some add-ons may mess it up.  If you find a fix in this list above, then sounds like you need it in GPO.
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
I noticed I made my time/date way off by days and still can access, so that's probably not it.
0
rbarwigAuthor Commented:
I reviewed and even went as far as disabling the GPO did a GP update and even waited another 20 minutes on top of that (very small network) and the site still does not display.
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Darn huh?

These links from EE ...

http://www.experts-exchange.com/Web_Development/Web_Services/Q_28458645.html

http://www.experts-exchange.com/Networking/Protocols/SSL/Q_28385458.html

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/MS-SharePoint/Q_28086816.html


have some similar comments you may find useful.  Since it's EE you can easily contact any expert directly to inquire about your particular situation.  Did you check on cryptographic services?

Sorry I couldn't spend more time just now.  The below excerpt is from an article and brings up cryptographic services.

Article excerpt on problems displaying https pages.
and the article is ...

http://www.experts-exchange.com/Software/Internet_Email/Web_Browsers/A_2630-Rectifying-internet-explorer-browser-problems-in-Windows.html
0
rbarwigAuthor Commented:
Christopher,
Thanks, ran through this last set of recommendations, still no go.  This is very puzzling.  Even the article from Ravi, sent me to a couple of settings I would not have checked, but again, no go.
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Are the workstations plugged in?

:) Sorry, couldn't resist.

I just sent a request for help to a few experts in the links I posted above and you are copied on the request.  Haven't done it before so hope I did it correctly.  Let's see if anyone can help you out.
0
GaryCommented:
Is it just this site or all https sites?
0
arnoldCommented:
Check the settings on the workstations in IE whether they are using proxy.
Second check whether these workstations and sight are setup in compatibility mode.

Have the user run proxycfg

another options, not sure whether IE11 also has the option to disable the friendly error message The last option on the Browsing section of internet options advanced tab "Show friendly HTTP error messages."
one this is disabled, and the browser reopened, you should get a clearer picture what is going on.
0
rbarwigAuthor Commented:
Gary,
It is just this site and juniper.com (the same company)
0
rbarwigAuthor Commented:
Christopher,
Is it a requirement to be plugged in ?  The gerbil is running as fast as he can on the treadmill to get enough power :-)
0
GaryCommented:
Who are the workstations using for DNS?
0
rbarwigAuthor Commented:
the DC.  Name resolution is working fine.  nslookup find the name, ping by name and IP work fine.  In IE, the status updates from finding,  to waiting on the site in a matter of a few seconds.  As in the original post the server can bring up the site just fine
0
GaryCommented:
And on the workstations is it the same in any browser?
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Wondering if the gerbil is tired.

Also wondering if helpfinder suggestion about GPResult was tried.  helpfinder seemed to be on a steady progression with that course.
0
rbarwigAuthor Commented:
GPResult show no policies directly or in directly assigned to client systems.  As stated, created a new OU and moved clients to new OU that had no policy assigned to is and still cannot display site.
0
arnoldCommented:
What about checking the browser on the workstation connection/lan/proxy settings? Is auto proxy enabled? See whether your DNS/dhcp push proxy information.
Check add-ons to make sure they are not diverting the traffic.

After disabling the show friendly http errors, what was the displayed error?
0
rbarwigAuthor Commented:
All add ons are disabled, I am running IE in No add-on mode. proxy is set to auto detect.  At one point I tried with this turned off and no change running proxycfg as suggested yielded the same interface as internet options, connections, LAN setting, etc..  DHCP is not pushing a proxy, DNS is working fine as site can be be resolved.  Ping returns timed out but resolves to 192.107.16.41 which is the same site as what I get from home and the site pulls up.  I am confident that ICMP is turned off on their side and I do not get a reply from a working system nor a non working system.  The step  I attempted this morning was to install telnet and telnet to the site on port 80, from the server it connects, from the workstation it does not
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Here is a rather good procedural account of how IE does things up to IE9 with auto proxy config.  Maybe you all know these things already but I was hoping it might provide a new clue or idea.  Maybe check the link near bottom for "retrying a bad proxy server" also.

http://support.microsoft.com/kb/271361
0
rbarwigAuthor Commented:
Christopher, I am uploading the results of the GP result in the event I may be overlooking something here
report.html
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Great.  Why not.
0
arnoldCommented:
It is not clear whether the issue is with the system/user or the LAN/VLAN IP the user that experiences this issue versus the system that does not.
 
are you using IPs on the private network, 10.x.x.x,172.16-31.255 192.168.x.x?

Post
ipconfig /all

from a system that has issues versus one that does not.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Great call on telnet!!  Led me to this KB and I wondered if the method described is what you tried with telnet, to isolate the problem.

http://support.microsoft.com/kb/290051
0
rbarwigAuthor Commented:
Ok, You will not believe this.  I followed the idea from Arnold and printed an ipconfig from a working and non working system and then compared them side by side.  Low and behold found a difference:

Local subnet 255.255.255.0 vs 255.0.0.0

Then I looked at the scope the tech setup just recently

Scope option and found the subnet mask was not set right.

Great suggestion Arnold

Thanks for all the help Christopher
0
Christopher Jay WolffWiggle My Legs, OwnerCommented:
Hooray!!  Thanks to you all for letting me participate at my level.

I'll have to do some masking homework on why it was only Barclay https.
0
rbarwigAuthor Commented:
agree, this did not make sense
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.