Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2018
Views
0
Helpful
4
Replies

Internet explorer "Cannot find server/DNS error" once CSS11506 SSL enabled

Go to solution
squigg
Level 1
Level 1

‎04-30-2003 01:32 AM

Many of our customers are recieving sporadic Internet Explorer errors when we switched on SSL on our CSS11506s on Monday.

The error manifests itself by :

As soon as the user clicks a link in the browser (e.g. an on-page button) their browser immediately (i.e. no thinking time) reports "This page cannot be displayed - Cannot find server or DNS error".

The problem may be related to browser security settings or something the SSL CSS module is doing with the HTTP headers - unfortunately it works for some groups of users and not for others, through similar and disparate proxy servers.

Urgent responses appreciated - even if it is "We use the CSS11506 with SSL accellorater and it works perfectly".

best regards,

Stephen

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to squigg

‎04-30-2003 09:17 AM

make sure to run the latest version.

There is the following bug :

CSCdz35946: CSS11500 SSL module interoperability with IE

This is fixed in 7.20(3) and 7.10(105) and beyond.

Gilles.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎04-30-2003 03:52 AM

do you see this only with Windows Internet Explorer ?

What avout Netscape ?

Does the same user have always the error or sometimes it works and sometimes it does not ?

If you do 'view source' on the initial page, does the link you want to click looking good ?

Gilles.

0 Helpful

Go to solution
squigg
Level 1
Level 1
In response to Gilles Dufour

‎04-30-2003 04:46 AM

Hi Giles, problem appears to be IE related and we are currently investigating Apache directives for IE around keep-alives.

Some times it works, some times it does not. Mainly seems to happen on POST operations, but again is inconsistent. When the problem occurs, a hit of the browser Refresh brings up the correct page. A view of the source shows the links to be well formed.

May be worth poiting out site is completely dynamic with no static pages running Apache 1.3.2

Users can't easily move from IE as some are behind ISA proxies, but those behind Squid don't work at all, so Squid has some issues with our site.

I'm not convinced the CSS is the root cause of the error, but having delegated SSL from Apache to the CSS it's much harder to spot what might be going on!

It looks like bypassing proxy servers fixes the issue, but as this is an open-to-all-comers website it should behave like any other one and hence shouldn't need the end users to do anything special!

We are using a pair of CSS11506 in redundat straight-through config, i.e inline between firewalls and switches where the web servers hang-off.

There is very little config about the CSS SSL module but it's a very new product (I believe) hence my clutch at straws questions here!

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to squigg

‎04-30-2003 09:17 AM

make sure to run the latest version.

There is the following bug :

CSCdz35946: CSS11500 SSL module interoperability with IE

This is fixed in 7.20(3) and 7.10(105) and beyond.

Gilles.

0 Helpful

Go to solution
squigg
Level 1
Level 1
In response to Gilles Dufour

‎05-01-2003 12:50 AM

We have fixed our problem at last!

We got hold of the Cisco bug reports and they agreed with our Apache/Internet Explorer 5.5SP1 and above reports - it's due to an IE bug with SSL3.0 causing closed connections to be re-used by the browser.

Effectively, the client opens multiple TCP connections to the website, they then go into state CLOSE_WAIT rather than TIME_WAIT. The browser then tries to re-use this connection when you navigate on a page, causing an immediate "This page cannot be displayed - Cannot find server or DNS error" error message.

We could either tackle this by upgrading our CSS using the above patch information, or configuring our Oracle 9iAS / Apache to stop keep-alives when serving pages to Internet Explorer requests.

We decided changing the Apache configuration was less risky than upgrading CSS software version and the problem has been solved.

We now intend to update the CSS, but can do it in a less immediate way.

Thanks for the help - it was the exact right answer.

Note - all of this is due to bugs Microsoft have recognised in Internet Explorer 5.5 Service Pack 1 and above (including IE6.x), but the rest of us just have to deal with them!

0 Helpful
Customers Also Viewed These Support Documents