12-03-2009 02:57 AM
I have couple of end-users who get the usual "Internet Explorer cannot display the webpage" error right after clicking the Sign-in button on login page. For the rest of my users the login page works perfectly fine. URL in the address bar is https://<our ive>/dana-na/auth/url_default/login.cgi when the error message comes up.
We have tried upgrading and downgrading IE on these machines (6, 7 and 8 tested), but no luck. Clients are regular XP SP2 and our SSL VPN version is 6.4R2.
12-03-2009 07:32 AM
It's hard to say without more info.
It sounds like it's a client side software issue. Take a www.belarc.com from a working and non working machine and then compare the two. Browser addons, anti-spyware, antivirus, firewall apps, can all be culprits. Make sure to also clear your cache and cookies as well. It also wouldn't hurt to try firefox.
You could also install httpwatch on both a good and broken system. The logs might help narrow down where the issue is occurring.
12-05-2009 10:58 AM
Especially the browser cache. I have this happen regularly. It happens when i connect to sslvpn.my-company.net/users, and then close my browser, open a new browser and connect to sslvpn-mycompany.net/users2, the sign-in page works fine, but the following redirection pages fail due to a cookie left by the previous session. The simple solution is to remove everything but the hostname (https://sslvpn.my-company.net) from the browser address bar and then press enter. This seems to make it work as expected.
12-09-2009 11:25 AM
I am using two auth mechanisms, one LDAP server (tied to MS AD) and client certificates.
12-09-2009 11:35 AM
It sounds like client cert issues to me. This will happen when there is a problem establishing the SSL client certificate authentication between the browser and the server. Some common causes are:
I would look at the user's certs in IE. Make sure the proper CA certs are in the browser too.
12-09-2009 02:01 PM
OK. Then next time it happens I'll turn on tracing and see if i can re-create it.
03-17-2010 04:02 AM
In my case this seem to be the problem:
>> IE thinks the cert is present, but it is not.
Which means you can see a valid user certificate in browser normally, but you still get "Page cannot be displayed" error after blocking the Sign in -button. Only way I have found to fix this is to delete the existing user certificate from browser and then get a new one for the user. Everything works again normally after new user certificate is installed.
It is a total mystery to me why this happens... I guess this could happen if user looses rights to the certificate store or something like that?! I have been searching for MS hotfix for this problem, but haven't been able to find one yet.