Solved

Internet Explorer 11- This Page Can Not be Displayed

Posted on 2016-10-17
13
32 Views
Last Modified: 2016-10-29
We have several remote users who are unable to access websites such as Yahoo, Google, MSN.com. What I can offer is our organization  uses Cisco AnyConnect VPN for our remote users to access company information. When users are connected to VPN, they can access the sites listed above. We have users who are able to access the sites without making a VPN connection. Users who are unable to access the sites receive the message below in the IE11 Browser:

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://www.yahoo.com  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

We also deploy WSUS updates monthly to all workstations. I've applied the recommendations above and found no success. Any recommendations anyone can suggest are welcome. I appreciate your feedback in advance.
0
Comment
Question by:dlmyersdta
  • 6
  • 4
  • 3
13 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 41847541
For one remote user, start a LogMeIn or other remote access session not using VPN, start an admin command prompt and run TCP/IP Reset and DNS Flush.

      
Open cmd.exe with Run as Administrator
Then  netsh int ip reset c:\resetlog.txt
Also, ipconfig /flushdns followed by net stop dnscache followed by net start dnscache
Then restart the computer

Have them exit, shut down, start up and test. See if that fixes the non-VPN connection and then try the same computer over VPN. Any change?
1
 
LVL 1

Author Comment

by:dlmyersdta
ID: 41847560
Hi John,

I applied the steps you provided above and still receive the same message after a restart and launch of the IE 11 browser.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41847564
Try a new, test, Windows User Profile (Account). Log into the new Windows Account and test IE 11 in the new account. You could have a Windows Profile error.
1
 
LVL 10

Expert Comment

by:Maclean
ID: 41847565
Is a proxy set via GPO.
If yes, this will be your issue, you need to remove the proxy when at home.
A better way is to have a transparent proxy configured, or set proxy on DHCP login to domain, so when at home, it does not apply.
1
 
LVL 1

Author Comment

by:dlmyersdta
ID: 41848256
Maclean, I'm thinking it may be something with the GPO or with Cisco Web Security. The user is able to access some sites, but not others. How do you remove a proxy when at home?

John, I did test out another profile and still run into the same message in IE with, "The Page Can Not Be displayed".
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41848266
Go to Tools, Internet Options, Connections, click on LAN and uncheck Proxy. Make sure Automatic is ON but the script setting below is OFF.
1
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:dlmyersdta
ID: 41849301
Hi John,

I gave this a try and found no success. I connected to VPN and found success connection. I'm thinking we may have to make some adjustments to our firewall by allowing the sites or checking the settings for the bindings for the IIS site. From what I read online if it's a single IP address, it should be changed to allow All Assigned. Do you feel this may help with reaching a resolution?
0
 
LVL 10

Expert Comment

by:Maclean
ID: 41849304
So to get things straight.
When a user takes his work laptop home, and connects to his/her personal internet at home, they cannot access websites including Yahoo.com
As soon as they connect to VPN, they can access these sites.
Have you asked users to test by:

-Turn of firewall on laptop
-Try another browser

My area's of interest would be:

-Any web filtering by Anti-Virus (Check configurations)
-Firewall Rules
-Group Policies regarding firewall and or browser behavior
-Host file amendments
-Proxy

However as I do not have any insight into how these are configured, or what the products are, you would need to check on your end if any of the settings are configured to not allow particular types of browsing.
I am assuming that if a user grabs his/her personal computer or Smart Phone/Device and browses, there are no issues.
1
 
LVL 90

Expert Comment

by:John Hurst
ID: 41849313
I connected to VPN and found success connection. ... From what I read online if it's a single IP address, it should be changed to allow All Assigned  <-- VPN should allow a subnet on the office end and single IP on the remote client application
1
 
LVL 1

Author Comment

by:dlmyersdta
ID: 41850071
Maclean,

That would be correct, when the user has their notebook at home and tries to access sites (Yahoo, Google) they receive the message, "The page can not be displayed". What is strange is they are able to access other sites such as MSN, etc., but it's just particular sites that are no accessible when not connected to VPN. We currently just use IE in our environment, but I will try the steps you recommended and let you know my findings.  That would be also correct with the user utilizing their personal computer or smart phone device and finding success connecting to sites.

John,

I will look into this on our end and let you know if we have these settings applied in our environment for our remote users.
0
 
LVL 1

Accepted Solution

by:
dlmyersdta earned 0 total points
ID: 41857385
Hello Maclean and John,

I wanted to provide you both with an update. The issue has been resolved. I deal some more research and I had to adjust the properties as it related to the access point for the users. I unchecked the Internet Protocol Version 6 (TCP/Ipv6) and left the Internet Protocol Version 4(TCP/IPv4) checked and found success navigating to the sites (yahoo and Google). What makes this unique is that I will have to apply this to each of the access points the users connects to under Network and Sharing Center for the sites to function properly. I appreciate everyone's assistance with this post.

Many Thanks,
0
 
LVL 10

Expert Comment

by:Maclean
ID: 41861212
Thanks for the update. That makes sense.
There is actually a Microsoft Fixit to prefer IPv4 over IPv6. Disabling IPv6 on the NIC direct is so called "Bad practice"  so perhaps turn it on, and run the hotfix to prefer IPv4, or the hotfix to properly disable IPv6

I was aware of this issue, but did not link the symptoms, and might not have linked them till you mentioned it. Its pretty rare. So good spotting. I would suggest you close the call marking your own answer as solution.
1
 
LVL 1

Author Closing Comment

by:dlmyersdta
ID: 41865071
Applying steps from the last post solved my issue.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Due to recent concerns over the inevitable depletion of the current pool of IPv4 addresses and the desire to provide additional functionality for modern devices, an upgrade to IPv6 on my Internet connection was needed for me to explore the world of …
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now