A
Arbitmcdonald191
I have 30 devices on my little network, 28 of them are working fine as they always have done. About 2 months ago one of the devices started playing up, a number of services and programs were failing - many of the failing applications are proprietary. Upon further investigation I found that the SYSTEM user was no longer able to make HTTP requests. The account does get a response to PING and NSLOOKUP so internet access and DNS are absolutely fine.
This was a sudden and totally unexplained change, this had always worked before. To test I used PSExec to open a PowerShell console as the SYSTEM user. I then attempted a PING, NSLOOKUP followed by an Invoke-WebRequest, which failed. I then performed the same test on 3 of the healthy machines (at random), and all SYSTEM users were able to GET a website using Invoke-WebRequest. To rule out an issue with PowerShell, I also tried creating a C# console application in the .NET framework that tried a HTTP POST and GET using System.Net.WebClient - this worked on the healthy machines and failed on the problematic desktop, just the same as the PoSh test).
In the following screenshot you can see I am running a PowerShell console on a healthy machine as NT AUTHORITY\SYSTEM, and that I get a successful response to Invoke-WebRequest:
The exact same test fails on the problematic device, in this screenshot you can see I am running the console as SYSTEM, PING works, NSLOOKUP works but the Invoke-WebRequest fails:
The reason I have come here for help is that the issue has now started on a 2nd device, randomly, 2 months after the first device had issues. I have spent about 20 hours trying to diagnose and resolve with no luck.
If I run the services as a different user I can get them to work as expected, but I really need to identify the root cause of this crazy behaviour.
- This happens when the devices are on different networks, even 4G hotspots with zero security controls
- It happens when the Windows Defender Firewall is disabled
- There are no proxies
- I tried -UseBasicParsing (but the Invoke-WebRequest switches do not matter, as System.Net.Webclient also failed)
Continue reading...
This was a sudden and totally unexplained change, this had always worked before. To test I used PSExec to open a PowerShell console as the SYSTEM user. I then attempted a PING, NSLOOKUP followed by an Invoke-WebRequest, which failed. I then performed the same test on 3 of the healthy machines (at random), and all SYSTEM users were able to GET a website using Invoke-WebRequest. To rule out an issue with PowerShell, I also tried creating a C# console application in the .NET framework that tried a HTTP POST and GET using System.Net.WebClient - this worked on the healthy machines and failed on the problematic desktop, just the same as the PoSh test).
In the following screenshot you can see I am running a PowerShell console on a healthy machine as NT AUTHORITY\SYSTEM, and that I get a successful response to Invoke-WebRequest:
The exact same test fails on the problematic device, in this screenshot you can see I am running the console as SYSTEM, PING works, NSLOOKUP works but the Invoke-WebRequest fails:
The reason I have come here for help is that the issue has now started on a 2nd device, randomly, 2 months after the first device had issues. I have spent about 20 hours trying to diagnose and resolve with no luck.
If I run the services as a different user I can get them to work as expected, but I really need to identify the root cause of this crazy behaviour.
- This happens when the devices are on different networks, even 4G hotspots with zero security controls
- It happens when the Windows Defender Firewall is disabled
- There are no proxies
- I tried -UseBasicParsing (but the Invoke-WebRequest switches do not matter, as System.Net.Webclient also failed)
Continue reading...