Solved

This page can't be displayed

Posted on 2016-08-11
12
51 Views
Last Modified: 2016-08-26
I have a company hosting a remote thing, see pic, on their 2003 server.
Internal web siteThey have accessed this for years.  All of a sudden almost no one can access it.
We get a This page can't be displayed error.
Everyone can hit it on site... we've only found one person who can hit it off site.
Tracert shows:
C:\Windows\System32>tracert somewebsite.com

Tracing route to somewebsite.com [71.102.216.74]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.1.1.1
  2     2 ms     1 ms     1 ms  173.65.15.1
  3     4 ms     6 ms     6 ms  172.99.50.104
  4     *        *        *     Request timed out.
  5     3 ms     3 ms     3 ms  static-71-102-216-74.tampfl.fios.frontiernet.net
 [71.102.216.74]

Trace complete.

C:\Windows\System32>

Open in new window

It was last accessed on a Friday, the server went down Saturday (power outage) and Monday is when the issue was discovered.

It is used by people to remote into their computers from home.

Thoughts?
0
Comment
Question by:classnet
  • 6
  • 3
  • 3
12 Comments
 
LVL 33

Expert Comment

by:it_saige
ID: 41752326
Understanding that somewebsite.com is a placeholder for the actuall domain name:

Is somewebsite.com registered on an external DNS server?  Has the registration lapsed?

Assuming that it is registered and that the registration is current (and all associated HOST and ALIAS records are correct).

Have you checked the firewall at the client location to ensure that HTTPS is forwarding to the internal IP of the 2003 server?  The traceroute only means that ICMP is being blocked or not responding.

-saige-
0
 

Author Comment

by:classnet
ID: 41752347
it_saige, You are correct about the placeholder.

Site name is good until 2019.

Firewall is good too.

I just tried it on another computer and got a "HTTP Error 403.6 - Forbidden: IP address of the client has been rejected." error instead of the generic error.

IIS looks good....
0
 
LVL 33

Expert Comment

by:it_saige
ID: 41752358
Just wanted to be certain about the firewall as you mentioned there was a power outage; e.g. - The IP address of the server changed as a result of...

The 403.6 error is generally caused by the configuration of IP Address and Domain Name Restrictions:

https://support.microsoft.com/en-us/kb/248043

-saige-
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:sarabande
ID: 41752382
Windows Small Business Server 2003 is no longer supported by Microsoft since July last year.

that means it is a good chance that it was hacked by malicious software for example by exploiting one of the various security leaks which no longer were fixed by MS,

your screenshot shows a certificate error what either means that the clients trying to access the server fail by certificate validation. or (more likely) the Server no longer is capable to validate newer certificates from client. the latter would explain why some computers still could access the server.

actually, it is already too late for migrating to a higher server sersion. you need to isolate the Server and try to backup the data.

Sara
0
 

Author Comment

by:classnet
ID: 41752385
No... everything looks good.  The server IP is static and did not change.

I don't understand the one rogue offsite laptop that can remote in.
0
 
LVL 33

Expert Comment

by:it_saige
ID: 41752407
The mention of that one client is why I was asking about the external DNS.  This really does present itself more like a DNS translation issue than anything else.  Can the client that is able to connect perform a successful tracert?  If so, I would check the firewall to make sure that it does not have any blocking rules.  I would also contact the ISP to have them test their router to ensure it is up to snuff.

-saige-
0
 

Author Comment

by:classnet
ID: 41757683
Both clients can tracert.  Both are using IE11.
0
 

Author Comment

by:classnet
ID: 41759163
sarabande... I don't think the server was hacked... every other computer can access this site.
0
 
LVL 33

Expert Comment

by:sarabande
ID: 41759423
a server which was hacked mostly was used as a bot server. in those cases, the malware would not do any harm to the network but try to remain undetected as long as possible. check for suspicious activity when the server actually should be idle.

the server not necessarily was hacked. but it is a high risk because newer security leaks are no longer fixed and malware systematically are scanning for servers which could be hijacked using those hidden doors.

you can check your server by anti malware tools (for example see https://www.techsupportall.com/best-free-effective-anti-malware-software/)

if it is clean, you should try to upgrade as soon as possible.

Sara
0
 

Accepted Solution

by:
classnet earned 0 total points
ID: 41764244
Finally found the solution!
We use ESET NOD32 Antivirus.  In their latest version NOD32 will block users from going to sites with invalid SSL certs.

Had to open NOD32 and press F5 (advanced mode) and disable SSL/TLS Protocol Filtering.  Could not figure out a way to add exceptions.
Disable SSL/TLS filtering
0
 
LVL 33

Expert Comment

by:sarabande
ID: 41768594
In their latest version NOD32 will block users from going to sites with invalid SSL certs.
i strongly recommend to not ignoring serious warnings that your network is going to become more and more  vulnerable to malware.

the current issues should be understood as a warning rather than an annoyance.

Sara
0
 

Author Closing Comment

by:classnet
ID: 41771439
Solved myself
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question