Website access issues

HCHTech

HCHTech

Well-Known Member
Reaction score
4,362
Location
Pittsburgh, PA - USA
My google-fu is failing me, so I'd appreciate a little guidance on how to troubleshoot this probem:

I have a client that has an e-commerce site, and their initial report was that no one could access the site from their office. We have a firewall there so normally when we get complaints like this it is because the site is tripping one of the filters - Botnet, Geo-IP, RTBL, etc. I checked the logs and found them clean. So I remoted in to one of their computers, and sure enough I couldn't bring up the site, but the error in Chrome is that the site can't provide a secure connection. - no https. I try Edge, and I get "This site is blocked because it is a known security threat." - I think Edge is a little agressive with the "https doesn't work" message, haha. I check the site from my computer at my office and it comes up perfectly fine. https working. I check other websites from their computers, and https is working just fine. So https isn't working for only one website from their office, but works fine for that site from other locations.

The first thing I check is the time settings on their computers - there is no domain there, but the timezone and time are spot on. Next, I check what they are using for DNS servers, same as me: quad 9 as primary and nextdns as secondary.

Since the problem is office-wide for them, it has to be something about their network/internet, as opposed to something wrong or misconfigured with an individual computer. Since the site works from my office and another office I was able to test this from, I don't think there is anything wrong with the site itself, either.

I don't think their site is a secret, so I'll post it here in case that helps with diagnostics: redbirdgiftcompany.com

What would cause this pattern of symptoms, and where should I be focusing my troubleshooting efforts?
 
Just to start with the obvious. Restart the whole net stack. Did the connection error page have a hyperlink to bypass warning or was it a flat out denial? Is firewall running on the machines? Did you try a new private page? I'd open up Event Viewer go to Applications then fire up a new browser session to their site and see what it says. I'd also try installing something else like Firefox. And as an aside I've have seen where the ISP router has impacted website access. Rare but it has happened. So maybe have someone hotspot a phone and try that connection. Just make sure that it's not connected to the LAN.
 
Practical joker adjusted Hosts file and distributed it around the office?

(The site worked fine from my Win11 MSEdge browser just now.)
 
This problem is making me tear my hair out.
  • MBAM is not installed
  • No weird browser extensions
  • No new programs installed
  • No entries in Hosts file
  • Turning Windows firewall off didn't help
  • Adding site to trusted sites list didn't help
  • Disabling AV and EDR didn't help
  • Resetting network stack didn't help
  • Running DISM & SFC scans didn't help (DISM clean, SFC found and repaired....something).
  • The computer's time zone and time are correct.
  • Clearing the SSL state didn't help.
  • There are NO errors in any of the event logs corresponding to trying to load the site.
  • I even did a search through the registry for any mention of the site name (only found in history keys, but I deleted the reference there anyway).
  • Disabling the QUIC protocol in Chrome didn't help.
The site inexplicably works on other computers at their office now, so this has to be an issue with THIS ONE COMPUTER. The site won't load in Chrome, Edge or Firefox. Chrome's message is "redbirdgiftcompany.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR" Yet, this same computer can load other https sites just fine without error. The computer is on 24H2 and there are no errors in patch management.

Shopify handles the SSL cert for the site and their support says that they didn't make any changes on their end and that "it works for us".

The history of it not working for all computers in their office followed by it now only doesn't work on one computer argues for a problem with that one computer. The fact that this one computer can load other https sites (every one we tried, in fact) argues for a problem with the site itself. The fact that every computer I've tried NOT at their site works just fine argues for a problem at the site.

I have no idea what would cause only one computer to fail https handshake on only one site. I'm about ready to suggest a nuke & pave.
 
HCHTech said:
This problem is making me tear my hair out.
  • MBAM is not installed
  • No weird browser extensions
  • No new programs installed
  • No entries in Hosts file
  • Turning Windows firewall off didn't help
  • Adding site to trusted sites list didn't help
  • Disabling AV and EDR didn't help
  • Resetting network stack didn't help
  • Running DISM & SFC scans didn't help (DISM clean, SFC found and repaired....something).
  • The computer's time zone and time are correct.
  • Clearing the SSL state didn't help.
  • There are NO errors in any of the event logs corresponding to trying to load the site.
  • I even did a search through the registry for any mention of the site name (only found in history keys, but I deleted the reference there anyway).
  • Disabling the QUIC protocol in Chrome didn't help.
The site inexplicably works on other computers at their office now, so this has to be an issue with THIS ONE COMPUTER. The site won't load in Chrome, Edge or Firefox. Chrome's message is "redbirdgiftcompany.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR" Yet, this same computer can load other https sites just fine without error. The computer is on 24H2 and there are no errors in patch management.

Shopify handles the SSL cert for the site and their support says that they didn't make any changes on their end and that "it works for us".

The history of it not working for all computers in their office followed by it now only doesn't work on one computer argues for a problem with that one computer. The fact that this one computer can load other https sites (every one we tried, in fact) argues for a problem with the site itself. The fact that every computer I've tried NOT at their site works just fine argues for a problem at the site.

I have no idea what would cause only one computer to fail https handshake on only one site. I'm about ready to suggest a nuke & pave.
Click to expand...
I would still try hot spotting a phone running on cellular only on the patient. Even if the box doesn't have 802.11 you can use USB to gain access through the cellular.
 
Try running Fiddler, it could be interesting if intercepting it magically made it work

Have you tried it from a different windows user profile? I've seen corruption cause weird issues before.

Browser tools Network tab always worth a look. I'm not sure what it will show when it fails that early though.

I don't think you're getting sent the certificate, otherwise I'd say you should grab the cert it is giving you and take a look.

And you could always run Wireshark to see what's actually being exchanged at that level.
 
YeOldeStonecat said:
On Comcast with that "secure edge" service? (Marks suggestion to hot spot is good)
Click to expand...
That's a good guess, but this is business service with a single static. Their box is bridged and we're pulling the public IP directly with our firewall. Also, this wouldn't mesh with the problem only affecting one computer....i think, anyway.
 
You must log in or register to reply here.

Similar threads

lan101
Recommend a good budget video card with 3 or 4 HDMI ports
Replies
10
Views
2K
frase
frase
HCHTech
Email authentication help
Replies
7
Views
2K
Sky-Knight
Sky-Knight
HCHTech
RDP over VPN into AzureAD-joined machine
Replies
10
Views
2K
Sky-Knight
Sky-Knight
britechguy
What is this "thing"?
Replies
9
Views
1K
britechguy
britechguy
autumn
M365 merging tenants
Replies
2
Views
377
YeOldeStonecat
YeOldeStonecat
Back
Top