Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




76 posts

Master Geek

Trusted

# 47389 11-Nov-2009 14:28
Send private message

I've got an interesting issue that has me perplexed...

There is an https web site that is frequently accessed by the staff here, and all but one can access it fine (using Internet Explorer). Any user logged in on this PC can not access the site using Internet Explorer. On this PC the site will not load in Internet Explorer (which is required due to activex controls) but will load in firefox. However this PC can load any other http/https site.

For the site we are trying to access, we get the following error:
Internet Explorer cannot display the webpage

What you can try:
Diagnose Connection Problems 
 
More information

This problem can be caused by a variety of issues, including:


  • Internet connectivity has been lost.

  • The website is temporarily unavailable.

  • The Domain Name Server (DNS) is not reachable.

  • The Domain Name Server (DNS) does not have a listing for the website's domain.

  • There might be a typing error in the address.

  • If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.


For offline users

You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds

1.Click the Favorites Center button , click Feeds, and then click the feed you want to view.

To view recently visited webpages (might not work on all pages)

1.Click Tools, and then click Work Offline.
2.Click the Favorites Center button , click History, and then click the page you want to view.

If I click the "Diagnose Connection Problems" button, I get the error "The host may be down, or may not support a secure connection."

There is no proxy set up for the connection, and both SSL 3.0 and TLS 1.0 are allowed in the Advanced Options.

Using wireshark I can see that IE connects to the server and the certificate it transmitted. After this it is encrypted, but not much more is transmitted.

Help would be greatly appreciated!!!

Create new topic
8035 posts

Uber Geek

Trusted

  # 272473 12-Nov-2009 18:00
Send private message

So on the problem PC, what OS and service pack version? What version of IE?

1200 posts

Uber Geek

Trusted

  # 272498 12-Nov-2009 19:42
Send private message

A Long shot, but also check the proxy settings, you may have a proxy set for HTTPS only.

Can you use IE to browse to other HTTPS sites?

Do a IE Reset, under the options. This will put IE back to a out of the box config with all default settings.




Tyler - Parnell Geek - iPhone 3G - Lenovo X301 - Kaseya - Great Western Steak House, these are some of my favourite things.

 
 
 
 




76 posts

Master Geek

Trusted

  # 272623 13-Nov-2009 08:48
Send private message

OS: Windows Vista Business Service Pack 2
IE: Version 8.0.6001.18828

Proxy settings are all empty/off - I had checked. Both options are off in automatic configuration.

Yes IE on this pc can connect to other HTTPS sites.

Already done an IE reset, under multiple accounts on the PC. (Deleting personal settings in some as well)

Enabled add ons, accelerators are:
Shockwave flash 10.0.32.18
Adobe PDF Reader Link Helper 8.0.0.456
Microsoft Silverlight 3.0.40818.0
Sun Microsystems, Inc. Java(tm) Plug-In 2 SSV Helper 6.0.170.4



76 posts

Master Geek

Trusted

  # 273418 16-Nov-2009 10:30
Send private message

Still haven't solved this issue. Have had the chance to use the PC through a different gateway to the internet and it still can't load this secure website.

8035 posts

Uber Geek

Trusted

  # 273473 16-Nov-2009 12:18
Send private message

Sounds pretty odd, you've definately tried all the recommended methods to solve this from this KB article?

http://support.microsoft.com/kb/813444

Also have you updated the root certificates via windows update?  Added the particular site to the trusted site list?



76 posts

Master Geek

Trusted

  # 273511 16-Nov-2009 14:14
Send private message

Yep, it is odd to me too, and rather annoying.

Time and Date on Machine is Correct

Site in Compatibility View or Not makes no difference. Other machines with the same IE version can use the site with or without Compatibility View.

Clearing the SSL State (already attempted) made no difference.

Re-registering the .dll files either manually or using the automated "fix this problem" made no difference

Resetting IE settings either manually (already attempted) or using the automated "fix this problem" made no difference. (With or without removing personal settings)

At this stage I'm not willing to do a system restore. (I know it would probably fix it, if I choose a restore far enough back, but it could cause major problems for me)

Running a System File Checker (sfc.exe /scannow) made no difference. But reported the following:
"Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log"
Log file is 34 Megs... Errors are:
"2009-11-11 12:22:48, Error Failed to find the CixTarget for Container package_for_kb905866_server~31bf3856ad364e35~x86~~6.0.34.0.cat
2009-11-11 12:22:48, Error DpxException hr=0x80070002 code=0x020109"
kb905866 is apparently for Microsoft Windows Mail Junk E-mail updates.

Root certificates are up to date, or at least no update is listed (including hidden) when checking for updates from Microsoft Update.

The site is on the trusted sites list, Have also tried it without the site on the trusted sites list. Note, other HTTPS sites still work and other machines on the same internet connection can access the site.

8035 posts

Uber Geek

Trusted

  # 273605 16-Nov-2009 18:02
Send private message

Bizzare.

Is your company using a licensing model that has support calls included, probably time to use one if they do.

 
 
 
 




76 posts

Master Geek

Trusted

  # 274183 18-Nov-2009 12:04
Send private message

Unfortunately I don't believe we have support for this machine.

I'll keep working on this issue, I'm sure the solution will be interesting (I'll post here when solved)



76 posts

Master Geek

Trusted

  # 280788 9-Dec-2009 13:44
Send private message

Problem now solved.

The option "System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing" had been set to enabled. (Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options)

Setting this back to disabled allowed the machine to connect to the secure website using Internet Explorer. The site has a RSA 1024bit public key. The other sites I was using to test https with all had 2048bit public keys.

8035 posts

Uber Geek

Trusted

  # 280790 9-Dec-2009 13:46
Send private message

Wow that's pretty obscure, how did you figure out the problem?



76 posts

Master Geek

Trusted

  # 280796 9-Dec-2009 13:54
Send private message

Long story, lots of investigation. This laptop has a unique setup here and so looking at all the differences between it and others showed Group Policy differences. Was just a matter of looking at which each one meant and then testing any that could be involved. Then testing that it hadn't broken anything.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.