Can't connect HTTP to IP address - OS Issue

Joined
Apr 29, 2002
Messages
3,067
I'm having a mental breakdown trying to figure this out and wondering if any of you guys/gals ever saw this before and have a pointer.

Scenario: If I try to HTTP/S to any IP address on my LAN/WAN the connection fails with a timeout. For reasons internal, they are not and will never be in DNS.

Temp 85% solution: If I use my hosts file and map the IP address to a dns name, and put the dns name in my browser the connection is fine.

Have any of you ever seen this? If I wireshark my box, the IP direct attempt doesnt even make it to the net stack.

Ive tried the following:
- secondary machine works fine on my lan port
- Reset winsock, dns, network settings, the lot
- Forced changed DHCP address, static'd, back to DHCP
- Uninstalled nic, reinstalled
- Updated drivers where possible (Intel 1219-LM NIC)
- All Win 10 patches/rollups up to date.

No outbound security rules are on this machine. Should be purely unfiltered.

Thanks.
 
what browser? have you tried another?

bring up a command prompt and "telnet IPADDR 80" (install telnet client if necessary). Does that connect to your end device? Replace port 80 with 443 if device is https enabled
 
Any browser. Brave, FF and Edge.

I can do any other form of communication on all ports open to the end device. RDP, SSH, FTP/SFTP, File Transfer or SNMP/WMI queries to the IP just fine. Its only 80/443 traffic when using the IP as the source line in browser line versus a DNS name. http://1.1.1.1 fails with a timeout. http://servername (mapped to 1.1.1.1 in hosts file) works without issue. This is for public and private addresses as well.

Its the most aggravating, annoying and flat out frustrating one off issue Ive ever seen for a end user access issue. It makes no damn sense.
 
No chance of an IP conflict, definitely only one dhcp server?
 
Any browser. Brave, FF and Edge.

I can do any other form of communication on all ports open to the end device. RDP, SSH, FTP/SFTP, File Transfer or SNMP/WMI queries to the IP just fine. Its only 80/443 traffic when using the IP as the source line in browser line versus a DNS name. http://1.1.1.1 fails with a timeout. http://servername (mapped to 1.1.1.1 in hosts file) works without issue. This is for public and private addresses as well.

Its the most aggravating, annoying and flat out frustrating one off issue Ive ever seen for a end user access issue. It makes no damn sense.
You do know that 1.1.1.1 is a public DNS server?
 
Does this happen on one machine or many?
Just this one. A new HP workstation fresh build of Win10. I put other machines on this LAN drop and no issues. Rebuilding the machine is not really an option for a few in house reasons. Encryption, connection to Domain, etc.. I also don't want to be defeated by this stupid issue. Only minor unrelated GPolicy settings applied. Other systems with the same build dont have this problem. I reinstalled browsers, did the pointless network troubleshooter (again everything else works fine). Just direct to IP through web browser.

What a PITA.
 
Isn't there some Windows network setting that will prevent connections to RFC1918 addresses?
 
So latest development after combined days of head bashing. The issue revolves around my machine and a conflict with 1 of 3 proxy servers I use. Its the same proxy on my other machines where it works without issue. I still can't make sense of it but if I switch my proxy to our backups or alternate, it works fine. If I switch back to my primary-high, it fails. Using proxy bypass box in proxy settings has no effect.

TLDR - Proxy which works everywhere else, has issues with just my Win10 box. Unknown as to why.
 
After great aggravation - We found that my proxy guys decided to multi-split a subnet my LAN port is on into tiny segments. When other machines were on the port it was in an allowed span. My current machine reserved an address outside the allowed subnet. After much yelling for making such a stupid change when the entire /24 is reserved for this usage, it is now corrected.

Thanks all for your input. At least I know its not something I did.
 
After great aggravation - We found that my proxy guys decided to multi-split a subnet my LAN port is on into tiny segments. When other machines were on the port it was in an allowed span. My current machine reserved an address outside the allowed subnet. After much yelling for making such a stupid change when the entire /24 is reserved for this usage, it is now corrected.

Thanks all for your input. At least I know its not something I did.
Maybe they thought it's wise to isolate your network areas, things like smart tv, IoT, security cams and such should never join your desktops lan.
 
Back
Top