SSL VPN
Reply
Contributor
liukkma
Posts: 13
Registered: ‎09-02-2008
0

Page can not be displayed after clicking Sign in -button

I have couple of end-users who get the usual "Internet Explorer cannot display the webpage" error right after clicking the Sign-in button on login page. For the rest of my users the login page works perfectly fine. URL in the address bar is https://<our ive>/dana-na/auth/url_default/login.cgi when the error message comes up.

 

We have tried upgrading and downgrading IE on these machines (6, 7 and 8 tested), but no luck. Clients are regular XP SP2 and our SSL VPN version is 6.4R2.

 

Any ideas?

Moderator
cbarcellos
Posts: 198
Registered: ‎07-11-2008
0

Re: Page can not be displayed after clicking Sign in -button

It's hard to say without more info.

 

It sounds like it's a client side software issue. Take a www.belarc.com from a working and non working machine and then compare the two. Browser addons, anti-spyware, antivirus, firewall apps, can all be culprits. Make sure to also clear your cache and cookies as well. It also wouldn't hurt to try firefox.

 

You could also install httpwatch on both a good and broken system. The logs might help narrow down where the issue is occurring. 

Trusted Contributor
stine
Posts: 434
Registered: ‎05-05-2008
0

Re: Page can not be displayed after clicking Sign in -button

Especially the browser cache.  I have this happen regularly.   It happens when i connect to sslvpn.my-company.net/users, and then close my browser, open a new browser and connect to sslvpn-mycompany.net/users2, the sign-in page works fine, but the following redirection pages fail due to a cookie left by the previous session.   The simple solution is to remove everything but the hostname (https://sslvpn.my-company.net) from the browser address bar and then press enter.   This seems to make it work as expected.

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
drf
Contributor
drf
Posts: 46
Registered: ‎09-23-2008
0

Re: Page can not be displayed after clicking Sign in -button

What type of authentication are you using? This is a common problem for certificate based logins.

Trusted Contributor
stine
Posts: 434
Registered: ‎05-05-2008
0

Re: Page can not be displayed after clicking Sign in -button

I am using two auth mechanisms, one LDAP server (tied to MS AD) and client certificates.

 

 

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
drf
Contributor
drf
Posts: 46
Registered: ‎09-23-2008
0

Re: Page can not be displayed after clicking Sign in -button

It sounds like client cert issues to me. This will happen when there is a problem establishing the SSL client certificate authentication between the browser and the server. Some common causes are:

 

  • the cert is expired
  • the user enters the wrong PIN/password to unlock the keystore (applies to smart cards)
  • IE thinks the cert is present, but it is not. I have seen this with smart cards when the card is not in the reader
  • Issues with the card reader software or the reader itself

I would look at the user's certs in IE. Make sure the proper CA certs are in the browser too.

Trusted Contributor
stine
Posts: 434
Registered: ‎05-05-2008
0

Re: Page can not be displayed after clicking Sign in -button

OK.   Then next time it happens I'll turn on tracing and see if i can re-create it.

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
Contributor
liukkma
Posts: 13
Registered: ‎09-02-2008

Re: Page can not be displayed after clicking Sign in -button

In my case this seem to be the problem:

>> IE thinks the cert is present, but it is not.

 

Which means you can see a valid user certificate in browser normally, but you still get "Page cannot be displayed" error after blocking the Sign in -button. Only way I have found to fix this is to delete the existing user certificate from browser and then get a new one for the user. Everything works again normally after new user certificate is installed.

 

It is a total mystery to me why this happens... I guess this could happen if user looses rights to the certificate store or something like that?! I have been searching for MS hotfix for this problem, but haven't been able to find one yet.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.