Saturday 17 May 2014

Windows updates, never overlook them!

So we just took over the IT for a pretty large customer and the first request we had through was to look at a problem one of the 2003 terminal servers had with loading Twitter in "any of the installed browsers".

They've got a LARGE network, multiple subnets on various IP ranges, ludicrously slow internet for their size which makes working on their systems remotely a bit of a pain! One of the pains is an old proxy server, which no one apparently has access too! Including their on-site IT guy (whose moving on to various other technology related projects for them while we handle the day to day IT stuff).

Internet Explorer was giving an error saying the computer was on the internet but could not access the website and gave bunch of potential errors, Chrome reported an SSL error, however since HeartBleed Google had removed any way to proceed past the SSL errors.

I tried some other SSL enabled sites and they all worked using IE and Chrome!

I done my usual probing and questioning of the customers who use the server, done the usual network connectivity tests to twitter.com, including telnetting to the site on port 443, it worked as well as telnetting to port 443 does, so almost thought it was the proxy server for a while, that was until I tried Firefox rather than Internet Explorer or Chrome.

It worked.

So now Firefox works and the other browsers don't. Weird right? Nope.

Firefox does not use the built-in Windows Trusted Root CA store, but uses its own Trusted Root CA store. I knew this as I'm a listener of the SecurityNow! podcast by Steve Gibson on the Twit.tv site, they've mentioned it a lot recently due to things like the NSA spying revelations and HeartBleed.

So my first port of call after gathering this new found information was to ensure the server had all the latest updates. I logged on late at night after they'd all logged off and installed a tonne of updates that were missing and set it to install updates at 2am, which hadn't been done previously.

Lo and behold, the next morning Twitter was working through IE and Chrome!

Suffice to say we've got some very happy customers who've put up with this because no one else they had asked / brought in to fix their network had figured it out until now. We are awesome at my place of work, we really are.

Thanks to Steve Gibson and Leo from Twit.tv for their informative podcasts, Firefox for not using the OS's Trusted CA store.

No comments:

Post a Comment