none
IE Traffic being forced to tunnel via port 443 RRS feed

  • Question

  • I have a Windodws 2008 R2 server that has been in production for over 2 years.  It is a Hyper-V host running five 2008 R2 guests.  Everything wasw running fine until a couple of weeks ago when I installed the latest HP firmware and drivers.  Since then, Internet Explorer cannot open any website except www.google.com.  After uninstalled IE9 and then installing IE10 there was no change.  I've scanned the server with malwarebytes and HiJackThis.  No problems found.  I reset IE and reset the TCP/IP stack.  No change.  I removed McAfee AV and I'm now able to access google and one other site.  I then installed Fiddler and looked at what is happening and it appears that most websites are trying to tunnel using port 443 rather than using the typical port 80.  I'm not sure how to interpret this.  I know name resolution is working and can ping the sites I'm trying to reach.  If I go to a standard site, say www.yahoo.com, the IE window stays blank but if I go to Tools/View Source it appears I'm looking at the HTML from the target site.  Below is a summary of the Fiddler output when I tried to go to yahoo.com.  Any help is greatly appreciated as I am all out of ideas.

    Thanks,
    Joe

    # Result Protocol Host URL Body Caching Content-Type Process Comments Custom 
    1 301 HTTP fiddler2.com /UpdateCheck.aspx?isBeta=False 0 no-cache  fiddler:4916   
    2 200 HTTP www.telerik.com /updatecheck.aspx?isBeta=False 620 private text/plain; charset=utf-8 fiddler:4916   
    3 301 HTTP www.yahoo.com / 212 no-store text/html iexplore:728   
    4 200 HTTP Tunnel to www.yahoo.com:443 0   iexplore:728   
    5  -  HTTP crl.geotrust.com /crls/secureca.crl -1   iexplore:728   
    6 200 HTTP Tunnel to www.yahoo.com:443 0   iexplore:728   
    7 200 HTTP Tunnel to iecvlist.microsoft.com:443 0   iexplore:5104   

    Wednesday, February 19, 2014 3:15 PM

Answers

  • Found that the problem was somewhere in the Windows firewall.  Although I had stopped the firewall service during testing something remained hooked in.  Another attempt at shutting off the firewall and then starting it again seems to have resolved the problem.  This makes no sense but I'm not arguing with the results.  Thanks everyone for your help.
    • Marked as answer by JWD2 Wednesday, February 26, 2014 1:14 PM
    Wednesday, February 26, 2014 1:14 PM

All replies

  • Hi,

    are you running any fiddler scripts?

    close/stop fiddler.

    close/stop Windows firewall.


    Rob^_^

    Thursday, February 20, 2014 12:44 AM
  • Rob,

    I'm not running any Fiddler scripts.  I installed that only to troubleshoot the problem.  I have already stopped the Windows Firewall.  Should have included that in the OP.

    Joe

    Thursday, February 20, 2014 1:20 PM
  • Anyone?
    Tuesday, February 25, 2014 2:29 PM
  • Hi,

    ping yahoo.com from the command line...

    if it returns 127.0.0.1 then your hosts file contains the an entry for it.

    What is the name of your AV product? spy-bot Search and Destroy?

    are you using any hosts file utilities?

    Regards.


    Rob^_^

    Tuesday, February 25, 2014 11:37 PM
  • Found that the problem was somewhere in the Windows firewall.  Although I had stopped the firewall service during testing something remained hooked in.  Another attempt at shutting off the firewall and then starting it again seems to have resolved the problem.  This makes no sense but I'm not arguing with the results.  Thanks everyone for your help.
    • Marked as answer by JWD2 Wednesday, February 26, 2014 1:14 PM
    Wednesday, February 26, 2014 1:14 PM