June 20th, 2005, 04:48 PM
Secure Sockets Won't Work!
Ok, weird thing going on this morning.
I come into the office to get hit with users panicking because they can't log into www.schwabinstitutional.com (being we're a financial planning company, this is a big problem). Turns out they can't log into FedEx.com either, or anywhere else for that matter. So I take a look and indeed, I can't log in anywhere that uses a HTTPS connection.
So I figured maybe it was Websense filtering a little too well. I just set up an evaluation version, so the timing would suggest that's the culprit, so I totally uninstalled it. Once uninstalled and the server's restarted, I give it a try...and sure enough, my machine will now log in. However, there's still won't.
So I check firewall logs, and see that at that time, TCP packets were dropped for HTTPS. Could it be a firewall setting? So I check out the firewall filters, and everything is still normal. It's configured to allow HTTPS. As an extra measure, I set up a rule stating www.schwabinstitutional.com as a trusted site.
Still nothing. Theirs won't connect, mine will. Restart a computer. Still won't work. Check IE security settings, set everything to either enable or prompt. Still nothing.
So I go back to my server, only to find that a number of Websense services are STILL running, even though Websense is totally removed. So I stop and disable all those services entirely. Still nothing.
Then, right before I posted this, my computer stopped connecting to HTTPS...and then resumed being able to connect a few minutes later. My machine for some reason is the anomolie; everyone else's will never connect to these sites.
So I removed Websense, and the firewall isn't set up to block any HTTPS connections. So what could be left that's causing this problem?
June 20th, 2005, 04:53 PM
Have you checked out the root certs for these sites? Is there a root cert in your list (within your browser) for these sites?
Have you tried a connection to these sites from outside of your firewall using one of the hosts that cannot connect behind it?
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
June 20th, 2005, 04:59 PM
Just found a fix actually (phew).
I added a new rule to allow HTTPS, specifically port 443, and that fixed it. Was it ever configured to not allow access before? Nope. Was any configuration changed before this morning? Nope. Did it work fine before? Yep. So why did it just up and stop working I wonder?
In any case, it's working fine now...