Jump to content

Could not connect to server when using Internet Explorer

DFarran

By DFarran
in Service Manager

 Share

Recommended Posts

DFarran Contributor

DFarran

Posted
Posted

Good Morning,

We appear to be experiencing an issue where we cannot access Service Manager through Internet Explorer as we receive 'could not connect to server error code -1'. It works in Google Chrome but most of our users will be trying to access it via Internet Explorer. This appears to be affecting all portals (live, service, admin) however with the admin portal we get a different error:

Client cannot connect to the instance miltonkeynescouncil

We are unable to contact the administration instance. It is either down or it cannot be accessed due to networking issues. Please contact your system administrator.
 
Can anyone offer assistance?
 
Regards,
 
Daniel.
Keith Stevenson Grand Master

Keith Stevenson

Posted
Posted

Daniel,

Thanks for the post. Can you confirm what version of Internet Explorer.. The only recent change was to remove support for historic TLS 1.0 but all supported browsers should have no issues with this. 

Kind Regards

Keith Stevenson

DFarran Contributor

DFarran

Posted
  • Author
Posted

Hi Keith,

 

Thanks for the reply. We are using IE 11, it was working all ok on Friday but this morning we have started experiencing the issue. When was the TLS change made?

 

Regards,

 

Daniel.

DFarran Contributor

DFarran

Posted
  • Author
Posted

Hi Keith,

 

Unfortunately I get a 'failed due to firewall restrictions' message.

 

I tried https://www.howsmyssl.com/  and that says Your client is using TLS 1.2, the most modern version of the encryption protocol. It gives you access to the fastest, most secure encryption possible on the web.

 

Regards,

 

Daniel.

Keith Stevenson Grand Master

Keith Stevenson

Posted
Posted

Daniel,

On that page you use, it lists the Cipher suites. Can you post them (Also if you goto that page in Chrome, which you said works you should see whats missing in IE) 

 

Kind Regards

 

Keith Stevenson

DFarran Contributor

DFarran

Posted
  • Author
Posted

Hi Keith,

 

The list on both browsers appears to be the same:

  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
  • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_SEED_CBC_SHA
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Regards,

 

Daniel.

Keith Stevenson Grand Master

Keith Stevenson

Posted
Posted

Daniel,

Thanks for the post. Is that list from IE. If so (even though it appears the same) can you post the Chrome one as there should be a difference. 

 

Kind Regards

DFarran Contributor

DFarran

Posted
  • Author
Posted

Hi Keith,

It appears that the sites can be accessed through IE on our Windows 10 machines, these are running a newer version of IE as I assume updates have slowed/stopped for IE on Windows 7. Could you confirm when the TLS change was made as it seemingly pointing towards that being the cause?

In reply to your question:

List from IE:

  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
  • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_SEED_CBC_SHA
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV

List from Chrome:

  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
  • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
  • TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
  • TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
  • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_SEED_CBC_SHA
  • TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Regards,

 

Daniel.

 

Keith Stevenson Grand Master

Keith Stevenson

Posted
Posted

Daniel,

Thanks for the reply. The change was made over the weekend on Sunday Morning.  The below ciphers should be available by default (First in Windows 7\8 the second in Windows 10). It would appear that some IE policy or group setting has changed the defaults for your Windows 7 machines. 
  

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

 

Can you confirm that you have a group policy that has changed the deftaults for IE. 

 

 

DFarran Contributor

DFarran

Posted
  • Author
Posted

Hi Keith,

 

I've had a look and also asked about group policy but it doesn't appear that we have touched the configuration for SSL Cipher Order. The version of IE we have for Windows 7 is 11.0.9600.19507, should this matter?

 

Regards,

 

Daniel.

Keith Stevenson Grand Master

Keith Stevenson

Posted
Posted

Daniel,

Thanks for the post. That version was released on 6 oct 2019 and should by default contain the ciphers. We have also tested on a version as close as we can get on Windows 7 and its OK (19540 instead of 19507). 

 

Can you on an effected machine run the following and let us know what you see

 

  • At a command prompt, enter gpedit.msc, and then press Enter. The Local Group Policy Editor is displayed.
  • Go to Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.
  • Under SSL Configuration Settings, select SSL Cipher Suite Order.
  • In the SSL Cipher Suite Order pane, scroll to the bottom.

 

Kind Regards

 

Keith Stevenson Grand Master

Keith Stevenson

Posted
Posted

Daniel,

Thanks for the image. That does show that its got the cipher we expect (TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) , which is strange given the list you provided earlier didnt have it (IE is nothing but strange). Just to confirm that the image is from the Windows 7 machine. 

Also if on the Windows 7 machine you can go to the following and let us know what error you get in IE. 

https://mdh-p01-api.hornbill.com/miltonkeynescouncil/xmlmc/

 

Kind Regards

 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...