I have 20 computers on the same subnet, behind the same firewall and single router. I have one external IP that all computers use, and all computers receive exactly the same GPO settings. 10 computers can access a certain secure website while the other 10 can't, site times out. BTW all computers are XP Pro SP3

Things I've TRIED and ruled out: none of which worked
-Using different web browsers (FF, Safari, Chrome, IE) all fail so I ruled out the browser as the problem
-Also tried reinstalling IE7
-Took a computer home, different ISP, and tried to access site
-Tried starting in safe mode with networking
-Tried accessing the HTTPS site by IP address
-The site is configured to ignore ping requests, but trying a ping resolves its IP address for me
-Used wireshark and able to see the website does send packets back, but IE spins and says waiting for reply
-Tried a netsh winsock reset
-Tried unistalling the LAN Driver, rebooting and reinstalling the it
-Compared computer settings and even IE settings to a working computer, they are the same
-Tried logging in as different user and accessing the site

I've ruled out the router as the problem since some machines can access it.
Also, I don't think I am having a certificate issue as the site is a child domain, and I have the root cert installed
Please Help

i took a CISCO networking class and unfortunately i don't remember much abut it but sounds like you have an external ip problem. if all 20 comps are Trying to access the same site At the same time the server might disallow some computers I wish it was that simple. There are actually two sites that we can't access, but one of them is specifically for me so I am the only person that ever tries to access it.

I just reinstalled the operating system on one of the "non-working" computers and I am able to access the site now.
ALSO, I just booted off my imaged OS that is about 4 months old and I am able to access the site from my "non-working" computer. So I think there is a computer setting, that might be causing this problem...maybe an old GPO persistant setting or something. Does ANYONE know if this could be the case, if so what setting? It would have to be a registry fix most likely; reg cleaner was not help.

Well I solved my own problem after a week of troubleshooting. This forum was my last stop so don't you think this was an easy find.
My problem was that TLS/SSL RENEGOTIATION was disabled. Some HTTPS sites require it and those are the sites I could not access.

In more detail: if by some strange reason someone else has this problem....

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnClient

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnServer

Notes:
If the DisableRenegoOnClient subkey is present and has any nonzero value:
The client will not initiate renegotiation.
The client will not respond to renegotiation.

If the DisableRenegoOnClient subkey is missing or is present and has a zero value:
The client will initiate renegotiation.
The client will respond to renegotiation.

If the DisableRenegoOnServer subkey is present and has any nonzero value:
Server initiated renegotiation is not allowed.
The server will not respond to renegotiation requests from the client.

If the DisableRenegoOnServer subkey is missing or is present and has a zero value:
Server initiated renegotiation is allowed.
The server will respond to renegotiation requests from the client.
Back to the top

The Microsoft link
http://support.microsoft.com/kb/977377

Thanks allVery interesting snufles and thanks for the update.