No announcement yet.

Intermittently HTTP connections fail whilst HTTPS succeeds on select workstations

  • Filter
  • Time
  • Show
Clear All
new posts

  • Intermittently HTTP connections fail whilst HTTPS succeeds on select workstations

    In summary:

    When certain PC's are trying to access http (port 80) at seemingly random times, they are unable to, with sites taking a long time to load or outright failing to.
    The issue is over 2 different VLANS/Subnets but does not affect all pc's on those VLANs/subnets.

    The only fix is for the user to restart the local PC at this time.

    Here is some additional information on this issue and our setup:
    From the internet we have a Cisco ASA firewall which connects into dual redundant Cisco 3960 Distribution Layer switches (DLS). The Workstations all feed through 2 Cisco 2960 Access Layer Switches (ALS) configured in a stack, into the DLS. Server’s connect through top of rack ALS that again connect into the DLS.

    From the ALS stack we patch into a patch panel and run to floor ports. We are low on floor ports so these connect to 5 port Netgear Hubs which the workstations connect to. There are several vLans throughout the office. The affected machines are connected as below:

    Patch Panel -> Floor Port 1 -> hub 1 -> vLan 1
    Workstation 1 - affected
    Workstation 2 - affected
    Workstation 3 – not affected
    Patch Panel -> Floor Port 2 -> hub 2 -> vLan 2
    Workstation 4 - affected
    Workstation 5 - affected
    Workstation 6 – not affected
    Patch Panel -> Floor Port 2 -> hub 3 -> vLan 2
    Workstation 7 - affected
    Workstation 8 – not affected
    Workstation 9 – not affected
    Workstation 9 – not affected
    Workstations are running Windows – all on 8.1 bar one on 7 – connected to a 2012 R2 Domain.

    The Workstations affected are experiencing the following symptoms intermittently:
    External to network: HTTP browsing fails. HTTPS works fine. Once a workstation is rebooted HTTP browsing works fine.
    Internal to network: HTTP browsing is sometimes fine, but is usually affected. HTTPS works fine.

    We have tried different ports for the workstations, we have also performed the following - some just to try, some from Overlord Google:
    ipv6 has been disabled
    netsock reset
    tcp/ip reset
    Kaspersky configuration checked - doesn't appear to be interfering
    All network switches have been restarted.

    None of these actions had any impact. The only fix is a restart.

    Attached is a wireshark trace, in case anyone is able to analyse better than we are able to as we don't currently have the experience to identify issues. If any more info is required to assist us here, just let us know and we will happily provide.

    Thanks all, any and all help is much appreciated!

  • #2
    Ok attachment wont work, so link here:


    • #3
      This has surfaced a couple of times on this forum - I know because the same thing happened on our network (just one subnet - no VLANs).

      The solution is to set up forwarders on the DNS server that point to your ISP's DNS server addresses. So, open DNS, right click the server name, Properties > Fowarders and add the addresses.
      A recent poll suggests that 6 out of 7 dwarfs are not happy


      • #4
        Thanks Blood. My Sys Admin recently made a change to the network settings on the DNS servers that I have reverted last week. The issue has not reoccurred since I made this change, so it may be that I fixed this without realising. I will continue to monitor this week and report back if it's now solved.

        Really appreciate your comments.


        • #5
          Just to update, I made this change but no difference has been observed. We now have this affecting another machine, that was previously unaffected.


          • #6
            Have you tried uninstalling (not disabling), Kaspersky on an affected machine to test it is not causing the issue? I know this is not ideal but you could install a freebie such as Comodo Internet Security so that the machine is not unprotected whilst you are testing.

            Have you also tried comparing the settings of hklm\system\currentcontrolset\services\tcpip\param eters between PC's?
            A recent poll suggests that 6 out of 7 dwarfs are not happy