none
IE 11 with activated "enhanced protected mode" does not open any internet page after update to Win10 RRS feed

  • Question

  • Hello!

    The subject says it all. We have all the PCs in a domain. Via GPO is "Enhanced Protected Mode" aktivated.

    Under Win 8.1. everything works perfectly.

    Update on Win10: domain user (with roaming profiles - but should not matter ...) are not able to open any page in IE zone "internet. If I type the URL manually and press ENTER, nothing happens. When I click on a link tp any external page on our intranet page, two new tabs open with the URL "res: //ieframe.dll/acr_error.htm#,about: blank"

    Intranet and Trusted Sites (also via GPO defined) works fine (because protected mode is disabled for them by default).

    By trial and error I found out that it is the "EPM" that causes the problem. If I switch it off, IE works again.

    But why does it work under Win8.1 and no longer under Win10?

    (BTW, when I try to start IE like this "iexplore -extoff", it opens with an empty window, stays for about ten seconds and then closes again. No error message, nothing ...)

    (EDIT: I want to point out, it works as local admin on the same machine ...)

    Can anyone confirm this behavior?

    Michael


    Thursday, July 7, 2016 9:29 PM

Answers

  • Hallo to all!

    Many thanks for you replies, but they did not solve the problem.

    BUT IT SEEMS I FOUND A SOLUTION. See below.

    To clarify: it's not a problem of compatibility view, because it persists with ALL sites in internet-zone.

    When EPM is switched off, everything works fine (all URLs, iexplore -noext, etc).

    When EPM is switched on (via GPO per computer - not user!)

    a) I can't open ANY URL in internet-zone

    b) iexplore -noext -nohome opens the window, which stays empty, the mouse cursor is in "busy-mode" and after about 10 seconds the window closes.

    This happens ONLY when logging on as domain user, WHOSE PROFILE HAS BEEN CONVERTED TROUGH WIN10 UPDATE from Win8.1. (Roaming profiles, the profile was cached locally, doing update Win8.1 -> Win10, first logon as user creates new profile folder "xxx.V5" at the server, when logging of the converted profile is being transferred to the server.)

    When logging on with a new domain user profile, everythings works fine even in EPM.

    I tried to reset IE through GUI and also like this:

    > To make it think it's a fresh IE, delete this registry key...
    >
    > [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer]
    >
    > Also, delete anything under Application Data and Local Settings that relate to IE.

    Did not change anything for an affected profile ...

    SOLUTION:

    1.) Log off as user at the PC

    2.) Log on as Admin

    3.) DELETE THE PROFILE of the affected user (http://www.technig.com/remove-user-profile-correctly/ STEP 2)

    4.) Log on as user again - the roaming profile is being loaded from the server

    5.) IE11 works again as expected! :-)

    I'll run some more tests on other machines and keep you updated!

    1. addendum: It seems to be really solved like this. Tested on 3 machines so far!

    Michael




    • Marked as answer by Michael4040 Thursday, July 14, 2016 9:45 AM
    • Edited by Michael4040 Monday, July 18, 2016 3:21 PM
    Thursday, July 14, 2016 9:45 AM

All replies

  • did you add the website in the IE's "compatibility view setting" under tools
    Thursday, July 7, 2016 10:25 PM
  • did you add the website in the IE's "compatibility view setting" under tools

    Which one? The whole ìnternet? No URL will work, which is not in "trusted sites" zone.

    www.microsoft.com

    www.google.com

    etc

    IE does absolutely nothing when typing such URLs in the address field ...

    Michael

    Friday, July 8, 2016 6:52 AM
  • But why does it work under Win8.1 and no longer under Win10?

    My guess, not at same patch level?   <eg>

    E.g. "security" trumps functionality and usability.

    BTW working elevated means that you don't have Protected mode checked.

    when I try to start IE like this "iexplore -extoff", it opens with an empty window, stays for about ten seconds and then closes again. No error message, nothing ...)

    I almost overlooked that.  It is often a sign of an incompatible interferer, e.g. a security package that might need to be updated or at least uninstalled and reinstalled to get its hooks set better in the changed environment.  Try the same test in a safe mode boot?  In fact, I usually suggest you use the  -nohome  switch with it too to avoid any possibility of a network factor.   Also the  -nohome  switch (with no URL present as you had) would cause the empty window symptom by itself with no Notification bar (which you could have expected to see due to your  -extoff).

     

    HTH



    Robert Aldwinckle
    ---

    Friday, July 8, 2016 8:39 PM
    Answerer
  • try to do windows update and check all the option for IE to see if it helps
    Friday, July 8, 2016 11:34 PM
  • Hi Michael,

     

    Based on your description, sounds like compatibility issue.

     

    Please try compatibility mode and check the result.

     

    How to change your setting for Compatibility mode for Internet Explorer:

    http://kb.mit.edu/confluence/display/istcontrib/How+to+change+your+setting+for+Compatibility+mode+for+Internet+Explorer

    Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

     

    Best Regards,

    Tao


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Proposed as answer by Tony_TaoModerator Tuesday, July 12, 2016 7:43 AM
    • Unproposed as answer by Michael4040 Thursday, July 14, 2016 8:45 AM
    Sunday, July 10, 2016 5:21 AM
    Moderator
  • Hallo to all!

    Many thanks for you replies, but they did not solve the problem.

    BUT IT SEEMS I FOUND A SOLUTION. See below.

    To clarify: it's not a problem of compatibility view, because it persists with ALL sites in internet-zone.

    When EPM is switched off, everything works fine (all URLs, iexplore -noext, etc).

    When EPM is switched on (via GPO per computer - not user!)

    a) I can't open ANY URL in internet-zone

    b) iexplore -noext -nohome opens the window, which stays empty, the mouse cursor is in "busy-mode" and after about 10 seconds the window closes.

    This happens ONLY when logging on as domain user, WHOSE PROFILE HAS BEEN CONVERTED TROUGH WIN10 UPDATE from Win8.1. (Roaming profiles, the profile was cached locally, doing update Win8.1 -> Win10, first logon as user creates new profile folder "xxx.V5" at the server, when logging of the converted profile is being transferred to the server.)

    When logging on with a new domain user profile, everythings works fine even in EPM.

    I tried to reset IE through GUI and also like this:

    > To make it think it's a fresh IE, delete this registry key...
    >
    > [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer]
    >
    > Also, delete anything under Application Data and Local Settings that relate to IE.

    Did not change anything for an affected profile ...

    SOLUTION:

    1.) Log off as user at the PC

    2.) Log on as Admin

    3.) DELETE THE PROFILE of the affected user (http://www.technig.com/remove-user-profile-correctly/ STEP 2)

    4.) Log on as user again - the roaming profile is being loaded from the server

    5.) IE11 works again as expected! :-)

    I'll run some more tests on other machines and keep you updated!

    1. addendum: It seems to be really solved like this. Tested on 3 machines so far!

    Michael




    • Marked as answer by Michael4040 Thursday, July 14, 2016 9:45 AM
    • Edited by Michael4040 Monday, July 18, 2016 3:21 PM
    Thursday, July 14, 2016 9:45 AM
  • b) iexplore -noext -nohome opens the window, which stays empty, the mouse cursor is in "busy-mode" and after about 10 seconds the window closes.

    Did you try also in a safe mode boot?

    I tried to reset IE through GUI

    What was the result of that?  E.g. was it allowed?  Also, related to this at one point I discovered if you tried to do it elevated (e.g. via control.exe inetcpl.cpl,,6) it did not help modify the profile that you wanted to change.  I don't know if this quirk has been fixed. It would be possible to trace different scenarios using ProcMon but unfortunately not the safe mode boot one (since procmon's driver could not be loaded then).


    Robert Aldwinckle
    ---

    Thursday, July 14, 2016 12:33 PM
    Answerer
  • For your information: On some PCs/profile the problem raises again after some time. I don't see any special event, causing this issue. I'll disable EPM now. :-(

    Michael

    Thursday, July 28, 2016 1:42 PM