Brian Pierce
asked on
Access to Facebook blocked
OK - If I had any hair I'd be pulling it out by now.
I've just been asked to look at a small domain which was set up for a small business. A previous Admin, at the owners request, blocked access to Facebook. There has now been a change in policy and it has been decided to remove the block.
The issue is that I can't see where/how it was blocked. Its a very simple set-up. One 2008 DC and Windows 7 clients. The DC providing the DNS and forwarding to the ISPs DNS, no proxy server.
I've checked group policies and can't find anything
I've checked DNS for entries on the DC and can't find anything
I've checked the local machine hosts file and there is nothing.
Yet when I try to go to facebook I just get 'Internet Explorer Cannot display the web page'
If I run the diagnostic from the page it just reports that it can't diagnose the problem.
If I try to access Facebook from Chrome I get 'This webpage is not available'
Any suggestions on where to look next ?
I've just been asked to look at a small domain which was set up for a small business. A previous Admin, at the owners request, blocked access to Facebook. There has now been a change in policy and it has been decided to remove the block.
The issue is that I can't see where/how it was blocked. Its a very simple set-up. One 2008 DC and Windows 7 clients. The DC providing the DNS and forwarding to the ISPs DNS, no proxy server.
I've checked group policies and can't find anything
I've checked DNS for entries on the DC and can't find anything
I've checked the local machine hosts file and there is nothing.
Yet when I try to go to facebook I just get 'Internet Explorer Cannot display the web page'
If I run the diagnostic from the page it just reports that it can't diagnose the problem.
If I try to access Facebook from Chrome I get 'This webpage is not available'
Any suggestions on where to look next ?
Have you checked your router configuration? maybe it is on router level.
Assign public IP Address (Provide by ISP) to machine then try to access facebook if you able to access then Check on your hardware firewall or router from there your request pass to outside the your network.
also some admin block some web site by the file host you can find in
%systemroot% \system32\drivers\etc
%systemroot% \system32\drivers\etc
RUN Box type
CMD
then type
ping facebook.com
if you get timeouts you can not connect and it is not a browser issue.
CMD
then type
ping facebook.com
if you get timeouts you can not connect and it is not a browser issue.
check the ip address and default gateway (gateway may contain a filter)
also run a ping and tracert to facebook site
check firewall, router, iis, internet explorer etc
however if its affecting everyone it may be on the server
also run a ping and tracert to facebook site
check firewall, router, iis, internet explorer etc
however if its affecting everyone it may be on the server
Check the internet router, it might be
- dropping direct HTTPS connections (by adding a filter to block port 443 – HTTPS from internal network to ‘any’)
- filtering Facebook’s IP address ranges to Null0, block by Routing to null0 interface
ip route 69.63.176.0 255.255.240.0 Null0
ip route 204.15.20.0 255.255.252.0 Null0
ip route 66.220.144.0 255.255.240.0 Null0
ip route 69.171.224.0 255.255.224.0 Null0
ip route 69.171.224.0 255.255.240.0 Null0
ip route 69.171.240.0 255.255.240.0 Null0
[@linux1 ~]$ dig facebook.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P 1.el5 <<>> facebook.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12769
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 13, ADDITIONAL: 9
;; QUESTION SECTION:
;facebook.com. IN A
;; ANSWER SECTION:
facebook.com. 753 IN A 66.220.149.88
facebook.com. 753 IN A 66.220.152.16
facebook.com. 753 IN A 66.220.158.70
facebook.com. 753 IN A 69.171.234.21
facebook.com. 753 IN A 69.171.237.16
facebook.com. 753 IN A 69.171.247.21
- dropping direct HTTPS connections (by adding a filter to block port 443 – HTTPS from internal network to ‘any’)
- filtering Facebook’s IP address ranges to Null0, block by Routing to null0 interface
ip route 69.63.176.0 255.255.240.0 Null0
ip route 204.15.20.0 255.255.252.0 Null0
ip route 66.220.144.0 255.255.240.0 Null0
ip route 69.171.224.0 255.255.224.0 Null0
ip route 69.171.224.0 255.255.240.0 Null0
ip route 69.171.240.0 255.255.240.0 Null0
[@linux1 ~]$ dig facebook.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12769
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 13, ADDITIONAL: 9
;; QUESTION SECTION:
;facebook.com. IN A
;; ANSWER SECTION:
facebook.com. 753 IN A 66.220.149.88
facebook.com. 753 IN A 66.220.152.16
facebook.com. 753 IN A 66.220.158.70
facebook.com. 753 IN A 69.171.234.21
facebook.com. 753 IN A 69.171.237.16
facebook.com. 753 IN A 69.171.247.21
How were You testing DNS?
Try this:
Run - CMD - nslookup
Write facebook.com and post there result.
It could be hosts file on DNS server
Try this:
Run - CMD - nslookup
Write facebook.com and post there result.
It could be hosts file on DNS server
ASKER
Ping of facebook seems to suggest its resolving OK
C:\>ping facebook.com
Pinging facebook.com [69.171.247.21] with 32 bytes of
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Ping statistics for 69.171.247.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss
Approximate round trip times in milli-seconds:
Minimum = 102ms, Maximum = 102ms, Average = 102ms
nslookup results
C:\>nslookup
253.1.168.192.in-addr.arp
primary name server = localhost
responsible mail addr nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Default Server: UnKnown
Address: 192.168.1.253
> facebook.com
Server: UnKnown
Address: 192.168.1.253
Non-authoritative answer:
Name: facebook.com
Addresses: 2a03:2880:10:
2a03:2880:2110:
2a03:2880:2110:
2a03:2880:10:8f
66.220.149.88
66.220.152.16
66.220.158.70
69.171.234.21
69.171.237.16
69.171.247.21
Nothing in hosts file
no conditional forwarders - only forwarder to ISP
simple ADSL router - no filtering enabled
nothing (obvious) in group policy
C:\>ping facebook.com
Pinging facebook.com [69.171.247.21] with 32 bytes of
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Reply from 69.171.247.21: bytes=32 time=102ms TTL=245
Ping statistics for 69.171.247.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss
Approximate round trip times in milli-seconds:
Minimum = 102ms, Maximum = 102ms, Average = 102ms
nslookup results
C:\>nslookup
253.1.168.192.in-addr.arp
primary name server = localhost
responsible mail addr nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Default Server: UnKnown
Address: 192.168.1.253
> facebook.com
Server: UnKnown
Address: 192.168.1.253
Non-authoritative answer:
Name: facebook.com
Addresses: 2a03:2880:10:
2a03:2880:2110:
2a03:2880:2110:
2a03:2880:10:8f
66.220.149.88
66.220.152.16
66.220.158.70
69.171.234.21
69.171.237.16
69.171.247.21
Nothing in hosts file
no conditional forwarders - only forwarder to ISP
simple ADSL router - no filtering enabled
nothing (obvious) in group policy
ASKER
Tracert result - seems OK
C:\>tracert facebook.com
Tracing route to facebook.com [69.171.247.21]
over a maximum of 30 hops:
1 2 ms 1 ms 1 ms 172.16.1.254
2 18 ms 18 ms 17 ms 82.153.1.61
3 18 ms 18 ms 18 ms 91.85.10.21
4 36 ms 46 ms 55 ms 62.164.130.53
5 35 ms 18 ms 17 ms vl-38.lon-th1cr.spn.kcom.c om [86.54.183.249]
6 18 ms 18 ms 18 ms linx.br02.lhr1.tfbnw.net [195.66.225.121]
7 93 ms 144 ms 92 ms ae18.bb02.iad2.tfbnw.net [74.119.79.202]
8 105 ms 106 ms 105 ms ae9.bb02.frc1.tfbnw.net [31.13.24.48]
9 102 ms 102 ms 102 ms ae2.dr03.frc1.tfbnw.net [31.13.27.78]
10 103 ms 103 ms 103 ms po1020.csw03d.frc1.tfbnw.n et [31.13.26.165]
11 102 ms 102 ms 102 ms www-slb-10-03-frc1.faceboo k.com [69.171.247.21]
Trace complete.
C:\>
C:\>tracert facebook.com
Tracing route to facebook.com [69.171.247.21]
over a maximum of 30 hops:
1 2 ms 1 ms 1 ms 172.16.1.254
2 18 ms 18 ms 17 ms 82.153.1.61
3 18 ms 18 ms 18 ms 91.85.10.21
4 36 ms 46 ms 55 ms 62.164.130.53
5 35 ms 18 ms 17 ms vl-38.lon-th1cr.spn.kcom.c
6 18 ms 18 ms 18 ms linx.br02.lhr1.tfbnw.net [195.66.225.121]
7 93 ms 144 ms 92 ms ae18.bb02.iad2.tfbnw.net [74.119.79.202]
8 105 ms 106 ms 105 ms ae9.bb02.frc1.tfbnw.net [31.13.24.48]
9 102 ms 102 ms 102 ms ae2.dr03.frc1.tfbnw.net [31.13.27.78]
10 103 ms 103 ms 103 ms po1020.csw03d.frc1.tfbnw.n
11 102 ms 102 ms 102 ms www-slb-10-03-frc1.faceboo
Trace complete.
C:\>
Still sounds like hardware to me. Have you checked the hardware connecting this site to the Internet yet? A number of hardware firewalls / routers allow you to block HTTP traffic to certain sites. If Pings are getting through and DNS is resolving correctly, then this sounds to me like the most likely cause.
Oh, just realised you posted twice sayingh simple ADSL router - no filtering.
Are you sure there is nothing firewally before the ADSL router?
The other option is something in GPO - such as in:-
"Windows Settings" > "Security Settings" > "IP security Policies".
I would run RSOP.MSC or GPMC to look at the accumulative effect of all the policies in case there is something in there.
Are you sure there is nothing firewally before the ADSL router?
The other option is something in GPO - such as in:-
"Windows Settings" > "Security Settings" > "IP security Policies".
I would run RSOP.MSC or GPMC to look at the accumulative effect of all the policies in case there is something in there.
Also, have you checked any security software on the clients (or server) as some policy may have been rolled out centrally?
check antivirus software as some have filtering built in
as you can "see" facebook then its not a routing issue
check firewall settings and check ADUC for group policies
do you get the same error if you logon as domain admin (as GPO's aren't always attributed to domain admins)
as you can "see" facebook then its not a routing issue
check firewall settings and check ADUC for group policies
do you get the same error if you logon as domain admin (as GPO's aren't always attributed to domain admins)
Have you tried browsing to http://69.171.247.21 ?
Is you 2008 DC using 192.168.1.253 ?
Is you 2008 DC using 192.168.1.253 ?
Try using a workgroup computer (freshly installed). This will bypass the GPOs etc.
Also locate the Admin on linkedin and ask him if he can help.
Also locate the Admin on linkedin and ask him if he can help.
Could You setup Google DNS as the only DNS server on workstation (override DHCP)? And after that try browsing facebook
ASKER
Tried a (non-domain) laptop on the network - it can't access facebook either - so its not a GPO
set the DNS to be the router - still can't access facebook - suggests its the router or something at the ISP - I will try replacing the router tommorrow.
(BTW: yes the DC is 192.168.1.253, the router is 192.168.1.254)
set the DNS to be the router - still can't access facebook - suggests its the router or something at the ISP - I will try replacing the router tommorrow.
(BTW: yes the DC is 192.168.1.253, the router is 192.168.1.254)
Did you try schima_cz's suggestion of using Google's DNS server (8.8.8.8 and 8.8.4.4) and seeing if that resolves it?
Could be a DNS Injection problem....
Could be a DNS Injection problem....
ASKER
Still not resolved - got ISPs tech team looking at the issue
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ISP issue
What hardware is on the physical border of the route to the Internet?