The customer is using explicit proxy connection method and PAC file.
Some workstations are unable to browse the internet.
Other workstations in the same location are able to browse the Internet.
Workstations are restricted workstations and have limited Internet access.
The workstations have not had many Windows updates on them.
The workstations that work have the Entrust Root CA (2048) installed on them.
The workstations that do not work do not have the Entrust Root CA (2048) on them.
The PAC file is located at https://portal.threatpulse.com/pac . The Threatpulse portal is signed by the Entrust Root CA (2048). When Internet Explorer opens, the first thing that it does is try to download the PAC file from the Threatpulse portal. Since the PAC file is coming from a location where the CA is untrusted, Internet Explorer will not download the PAC file and hangs. On Windows 7 and newer, the certs should be downloaded automatically, but because the workstations are restricted, this mechanism is not available and the Entrust Root CA cannot be downloaded.
To resolve the issue, go to Entrust's website and download the Entrust Root CA (2048). The instructions on how to do that are provided below
DOWNLOADING THE ENTRUST CA (2048) ROOT CERTIFICATE FROM ENTRUST.NET
Please do the following steps:
1) Go to https://www.entrust.com/get-support/ssl-certificate-support/root-certificate-downloads/
2) Select Entrust.net Certificate Authority (2048) (file download entrust_2048_ca.cer) Direct file link is: https://www.entrust.com/root-certificates/entrust_2048_ca.cer
3) Double click on the downloaded root certificate and install it into the workstation's root certificate store.
4) Close all instances of Internet Explorer and open them again. The problem should be resolved.
5) Go into AD and select policy to push this root certificate to all workstations.
a) Start Internet Explorer and go to Tools > Internet Options > Connections tab > LAN settings
b) Uncheck Use automatic configuration script.
c) Put the PAC file URL into the browser's address bar: https://portal.threatpulse.com/pac
d) Check for any certificate errors. If you have certificate errors when downloading the PAC file, then please follow the steps in the RESOLUTION section above.
e) Download the PAC file and make sure it is correct.