none
IE8 on Windows 7 troubleshooting methodologies

    질문

  • My organization is having a number of issues with IE8, and I am at somewhat of a loss as to how to troubleshoot them. We have a group policy that looks like the NIST settings (FDCC/USGCB) for IE8.

    although the Event log for IE is enabled, there is nothing logged there.

    When users go to .gov sites, these sites tend to hang, unless put into the trusted zone.  At quest.com if you choose download (and updates from the popup menu) -> IE crashes, tries to reload the page in compatibility mode, and crashes again.  No events are being logged in the main windows logs, or the IE log.

    This is on Windows 7, and the IE event log is enabled. Suggestions for troubleshooting?


    • 편집됨 am2o 2012년 3월 1일 목요일 오후 2:57
    2012년 3월 1일 목요일 오후 2:56

답변

  • Should have marked this earlier: The organization was using a version of entrust that did not accept certificates properly. Upgrading the verion of Entrust resolved the issue.
    • 답변으로 표시됨 am2o 2012년 6월 20일 수요일 오후 6:12
    2012년 6월 20일 수요일 오후 6:12

모든 응답

  • This is on Windows 7, and the IE event log is enabled.

    FWIW I have only seen that used by the Application Compatibility Toolkit.

    If you aren't getting any event logging at all it sounds like "crash" may be overstating the symptom.   Perhaps you are seeing the effects of 

    Automatically recover from page layout errors...

    (in IE9 Options, Advanced tab, Browsing section)

    Then what does the Developer Tools Console tab show?

    BTW I can't remember if IE8 had either of these features.   Does your problem symptom reproduce in IE9?

    HTH

    Robert Aldwinckle
    ---

    2012년 3월 1일 목요일 오후 4:56
    답변자
  • Hi,

    First step is always test by running IE in noAddons mode to rule out third-party IE addons... although application crashes are recorded in the event viewer...a thrid party popup blocker addon could be playing a part.

    Your issue sounds like an IE Security Zone issue.... there are settings controling the navigation to domains in different security zones... the IE popup blocker or a third party popup blocker can also change how the above security setting opens tabs/windows when navigating.

    Ensure that you users are accepting the default Security zone settings... Tools>Internet Options>Security tab, click "reset all zones to default"

    You may be using custom Security Zone templates administered by GPO... there should be no reason to alter all but the Intranet Zones' security templates...Review the list of sites you have placed in the Trusted Zones.... generally .gov sites are public access sites, so they should should not be placed in the Trusted Sites Zone (they will default to the intranet zone).... you may have placed your search engine domain in there... remove them...

    Some sites like facebook, google and microsoft use other domains to negotiate user credentials... remove these sites from your Trusted Sites list...

    or

    On server versions of Ie.... http://microsoft.com is in the Trusted Zone by default... add *.live.com to the Trusted Sites list on server versions of IE.

    Second

    go Tools>Compatibility View Settings

    check "Include updated web site lists from Microsoft"

    uncheck "Display all sites in Compatibility View"

    you may have "Display intranet sites in Compatibility view"... thats fine...

    Third...

    If the issue disappears in noAddons mode, then one of your IE Addons has a popup blocker setting that needs to be turned off... Use the Ie Popup blocker instead.

    I can use Quest.com without any issues. Regards.


    Rob^_^

    2012년 3월 1일 목요일 오후 8:51
  • I'm pretty sure that the issue is a security zone configuration issue.  However, as stated: my organization has a GPO for IE that closely resembles the FDCC/USGCB configuration settings for IE.  It would really be helpful if I could troubleshoot the issue 7 what setting it lies with - without having to build group policies where I have to change each and every setting to test...

    Is it correct that if you set the Zone Template in a GPO, along with settings for specific zones (eg: disallow Java in Internet zone), that the Zone Template will take precidence in that GPO? Am I required to set the zone template (Internet/Intranet) on one GPO, then set a lower down GPO with the zone specific settings required by FDCC/USGCB - so that I will get a mix of the settings?

    thanks

    • 편집됨 am2o 2012년 3월 1일 목요일 오후 10:18
    2012년 3월 1일 목요일 오후 9:24
  • It appears that there were two sets of errors: Set 1) was that .gov sites were not rendering.  The admin who set up the GPO did not have the default templates turned on at a higher level, then the restrictions set at a lower level. Implementing this resolved the issues with sites not rendering.

    For the second issue (IE Crashing): One of the Developers has Visual Studio Installed.  His workstation stated for the two sites that crash (the redirect from licensing.microsoft.com) "~A buffer overrun has occurred in Internet Explorer" , msvc480.dll!00000000751d10()

    00000000751FFD10    mov        dword ptr [752ad460h], 0

    2012년 3월 2일 금요일 오후 2:48
  • Hi,

    Please see the following blogs to see if this helps. Thanks.

    http://blogs.technet.com/b/perfguru/archive/2007/11/15/how-to-troubleshoot-internet-explorer-crashes-and-hangs.aspx
     http://blogs.msdn.com/b/windowsvistanow/archive/2008/03/28/troubleshooting-internet-explorer-hangs-and-other-applications-too.aspx

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    2012년 3월 16일 금요일 오전 1:28
  • (the redirect from licensing.microsoft.com) "~A buffer overrun has occurred in Internet Explorer" , msvc480.dll!00000000751d10()

    Is the developer using a server version of windows?

    Why oh why? Servers are hardened with an enhanced Protected Mode for IE...and are an unsuitable development environment .... all development (even for web services) can be done on client versions of windows and IE.....

    A buffer overrun has occurred in Internet Explorer" , msvc480.dll!00000000751d10() - a buffer overrun is a common attack vector. msvc480.dll means it is probably from one of his/her IE Addons.

    If you have *.microsoft.com in your trusted sites list (on server versions this is there by default) you need to add *.live.com to the Trusted Sites list as well (for server versions of windows) or just remove the *.microsoft.com entry for client versions so that both the microsoft and live domains are in the same (Internet Zone)... there is a security zone setting controling navagation between domains in different security zones...

    It all sounds suspiciously like the developer is using a server version of windows... why oh why? they should be locked away in the Comms room/cupboard... there is absolutely no reason to allow physical access to the machines, let alone changing the default (hardened) security settings.

    Regards.


    Rob^_^

    2012년 3월 16일 금요일 오전 5:24
  • Hi Rob,

    I did some more research about this and found no more clues.

    To such  issue, it is not an efficient way to work in this community since we may need more resources, for example memory (application) dump, which is not appropriate to handle in community.

    Debugging is beyond what we can do in the forum, you may contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request. Please be advised that contacting phone support will be a charged call.
    To obtain the phone numbers for specific technology request please take a look at the web site listed below:
    Professional Support Options
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607

    Thanks for your understanding.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    2012년 4월 14일 토요일 오전 7:25
  • Should have marked this earlier: The organization was using a version of entrust that did not accept certificates properly. Upgrading the verion of Entrust resolved the issue.
    • 답변으로 표시됨 am2o 2012년 6월 20일 수요일 오후 6:12
    2012년 6월 20일 수요일 오후 6:12