dlmyersdta
asked on
Internet Explorer 11- This Page Can Not be Displayed
We have several remote users who are unable to access websites such as Yahoo, Google, MSN.com. What I can offer is our organization uses Cisco AnyConnect VPN for our remote users to access company information. When users are connected to VPN, they can access the sites listed above. We have users who are able to access the sites without making a VPN connection. Users who are unable to access the sites receive the message below in the IE11 Browser:
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://www.yahoo.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
We also deploy WSUS updates monthly to all workstations. I've applied the recommendations above and found no success. Any recommendations anyone can suggest are welcome. I appreciate your feedback in advance.
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://www.yahoo.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
We also deploy WSUS updates monthly to all workstations. I've applied the recommendations above and found no success. Any recommendations anyone can suggest are welcome. I appreciate your feedback in advance.
ASKER
Hi John,
I applied the steps you provided above and still receive the same message after a restart and launch of the IE 11 browser.
I applied the steps you provided above and still receive the same message after a restart and launch of the IE 11 browser.
Try a new, test, Windows User Profile (Account). Log into the new Windows Account and test IE 11 in the new account. You could have a Windows Profile error.
Is a proxy set via GPO.
If yes, this will be your issue, you need to remove the proxy when at home.
A better way is to have a transparent proxy configured, or set proxy on DHCP login to domain, so when at home, it does not apply.
If yes, this will be your issue, you need to remove the proxy when at home.
A better way is to have a transparent proxy configured, or set proxy on DHCP login to domain, so when at home, it does not apply.
ASKER
Maclean, I'm thinking it may be something with the GPO or with Cisco Web Security. The user is able to access some sites, but not others. How do you remove a proxy when at home?
John, I did test out another profile and still run into the same message in IE with, "The Page Can Not Be displayed".
John, I did test out another profile and still run into the same message in IE with, "The Page Can Not Be displayed".
Go to Tools, Internet Options, Connections, click on LAN and uncheck Proxy. Make sure Automatic is ON but the script setting below is OFF.
ASKER
Hi John,
I gave this a try and found no success. I connected to VPN and found success connection. I'm thinking we may have to make some adjustments to our firewall by allowing the sites or checking the settings for the bindings for the IIS site. From what I read online if it's a single IP address, it should be changed to allow All Assigned. Do you feel this may help with reaching a resolution?
I gave this a try and found no success. I connected to VPN and found success connection. I'm thinking we may have to make some adjustments to our firewall by allowing the sites or checking the settings for the bindings for the IIS site. From what I read online if it's a single IP address, it should be changed to allow All Assigned. Do you feel this may help with reaching a resolution?
So to get things straight.
When a user takes his work laptop home, and connects to his/her personal internet at home, they cannot access websites including Yahoo.com
As soon as they connect to VPN, they can access these sites.
Have you asked users to test by:
-Turn of firewall on laptop
-Try another browser
My area's of interest would be:
-Any web filtering by Anti-Virus (Check configurations)
-Firewall Rules
-Group Policies regarding firewall and or browser behavior
-Host file amendments
-Proxy
However as I do not have any insight into how these are configured, or what the products are, you would need to check on your end if any of the settings are configured to not allow particular types of browsing.
I am assuming that if a user grabs his/her personal computer or Smart Phone/Device and browses, there are no issues.
When a user takes his work laptop home, and connects to his/her personal internet at home, they cannot access websites including Yahoo.com
As soon as they connect to VPN, they can access these sites.
Have you asked users to test by:
-Turn of firewall on laptop
-Try another browser
My area's of interest would be:
-Any web filtering by Anti-Virus (Check configurations)
-Firewall Rules
-Group Policies regarding firewall and or browser behavior
-Host file amendments
-Proxy
However as I do not have any insight into how these are configured, or what the products are, you would need to check on your end if any of the settings are configured to not allow particular types of browsing.
I am assuming that if a user grabs his/her personal computer or Smart Phone/Device and browses, there are no issues.
I connected to VPN and found success connection. ... From what I read online if it's a single IP address, it should be changed to allow All Assigned <-- VPN should allow a subnet on the office end and single IP on the remote client application
ASKER
Maclean,
That would be correct, when the user has their notebook at home and tries to access sites (Yahoo, Google) they receive the message, "The page can not be displayed". What is strange is they are able to access other sites such as MSN, etc., but it's just particular sites that are no accessible when not connected to VPN. We currently just use IE in our environment, but I will try the steps you recommended and let you know my findings. That would be also correct with the user utilizing their personal computer or smart phone device and finding success connecting to sites.
John,
I will look into this on our end and let you know if we have these settings applied in our environment for our remote users.
That would be correct, when the user has their notebook at home and tries to access sites (Yahoo, Google) they receive the message, "The page can not be displayed". What is strange is they are able to access other sites such as MSN, etc., but it's just particular sites that are no accessible when not connected to VPN. We currently just use IE in our environment, but I will try the steps you recommended and let you know my findings. That would be also correct with the user utilizing their personal computer or smart phone device and finding success connecting to sites.
John,
I will look into this on our end and let you know if we have these settings applied in our environment for our remote users.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the update. That makes sense.
There is actually a Microsoft Fixit to prefer IPv4 over IPv6. Disabling IPv6 on the NIC direct is so called "Bad practice" so perhaps turn it on, and run the hotfix to prefer IPv4, or the hotfix to properly disable IPv6
I was aware of this issue, but did not link the symptoms, and might not have linked them till you mentioned it. Its pretty rare. So good spotting. I would suggest you close the call marking your own answer as solution.
There is actually a Microsoft Fixit to prefer IPv4 over IPv6. Disabling IPv6 on the NIC direct is so called "Bad practice" so perhaps turn it on, and run the hotfix to prefer IPv4, or the hotfix to properly disable IPv6
I was aware of this issue, but did not link the symptoms, and might not have linked them till you mentioned it. Its pretty rare. So good spotting. I would suggest you close the call marking your own answer as solution.
ASKER
Applying steps from the last post solved my issue.
Open cmd.exe with Run as Administrator
Then netsh int ip reset c:\resetlog.txt
Also, ipconfig /flushdns followed by net stop dnscache followed by net start dnscache
Then restart the computer
Have them exit, shut down, start up and test. See if that fixes the non-VPN connection and then try the same computer over VPN. Any change?