*Environment* I have an office with 40-50 computers running Win XP with the latest security / service patches. All computers are on the san LAN segment, connecting to HP switches. The switches are connected to a Linksys D-link router which...
Environment
I have an office with 40-50 computers running Win XP with the latest security / service patches.
All computers are on the san LAN segment, connecting to HP switches. The switches are connected to a Linksys D-link router which connects to a Cisco router in bridge mode that terminates the T1 connections incoming to the building.
Problem
Internet Explorer and MSN Messenger will RANDOMLY stop working [will not load any HTTP / HTTPS websites]; but will continue to load FTP sites.
**When I say ‘does not load any pages’ the browser will sit on a page with the progress bar acting like it is going to move but never does. No websites local or external are able to load.
- If the original browser window is never closed, IE will work correctly with http and https
o Once the window is closed, or a new browser window is opened; the newly opened window will not load any websites [but the original window that was kept open will continue to work until it is closed]
- Mozilla works 100% of the time whether IE is working or not
- IE works in safe mode with networking
- IE works after a reboot, but will stop working at a random time period after the reboot
- FTP works in IE all the time, even when HTTP and HTTPS stop working
- I’ve run TCPVIEW and Wire Shark one of the machines but could not draw any conclusions.
- Tried shutting down visible services and processes and testing the connection after each – no luck.
- am able to ping and resolve DNS to any outside / inside facing node at any time
- UNABLE to access any local devices via IE (http://192.168.0.1 – same hanging problem) when the problem is happening, but I am able to access files via [file://c:\]
- Checked all proxy / firewall settings
- I have Wire Shark trace logs from both IE not working, and Mozilla working on the same computer, trying to access the same sites. There is a noticeable difference in the pattern of packets, something is definitely shaping / modifying the IE packets when the phenomena begins.
- I plugged one of the computers with IE not working directly into the Linksys (bypassing the switches) and experienced the same problem
- I connected my work laptop [Windows XP, IE 7] to the same network and did not experience any problems with IE or Mozilla.
- We’ve checked for viruses and anti-spyware / malware on all computers.
- Restored several PCs to an earlier state thinking a windows update was causing the problem.
Theories
This is very puzzling for several reasons:- Mozilla ALWAYS works.
- Both browsers attempting to access the same protocol [TCP, HTTP / HTTPS port 80 and 413].
- The connection problem is intermittent and will come and go
- Usually after a reboot the problem stops for up to 1 hour before starting again.
- An application is running locally on the computers that is trapping / interfering with the IE HTTP / HTTPS packets???
-
I’ve seen similar problems from Spyware / Malware but it is hard to imagine the same spyware is on ALL of the computers causing the problem; especially when antivirus and spyware are installed and up to date.
I know this is a long post but wanted to make all of the information available. I appreciate anyone’s thoughts / suggestions. I will post the Wire Shark / Ethereal data soon.
Thanks,
Chad
Linear Mode
