none
IE11 : Intranet zone not detected automatically RRS feed

  • Question

  • Hi,

    I am running IE 11 on a Windows 2008 R2 SP1 server, which is part of a domain.

    When accessing sites from the internal network, I get a blank page. I noticed that it was due to the fact that these sites are not in the "Local intranet" zone, and when I add them manually it works.

    In Internet Options > Security > Local intranet, when I click on "Sites", I directly have the window with the advanced configuration, where I have to manually define a list of websites. I do not see the window with the "Automatically detect intranet network" checkbox (but I have it on other servers).

    If I manually add the IP and domain with wildcards, I can access my internal sites, but I would have to do that for every user connecting to the server. I'd prefer if it was automatic, as it is on other servers.

    Can you help me please ?

    Thanks.

    Tuesday, January 24, 2017 7:11 AM

All replies

  • Hi,

    Yes, that's what I'm saying (I tried to post a screenshot but apparently I'm not allowed to).

    I tried enabling the "Turn on automatic detection of intranet" setting in gpedit, but unfortunately it didn't change anything.

    Thanks.

    Wednesday, January 25, 2017 8:43 AM
  • Actually, I noticed I have the same problem with several servers, but not with others.

    I don't think it's related to GPOs, some servers are in the same OU and have different behaviours.

    It seems that only the most recently installed servers have the problem. Maybe something related to a MS patch ?

    Thursday, January 26, 2017 9:41 AM
  • Hi User_605,

    Determination that a site belongs to the Local Intranet Zone is based on a number of rules:
    1. Direct Mapping.

    As with other Zones, users or network admins may map a list of URL patterns into the Local Intranet Zone. This list is viewable by clicking Tools > Internet Options > Security >  Local Intranet > Sites > Advanced.

    2. The PlainHostName rule (aka “The Dot rule”).

    If the URI’s hostname doesn’t contain any periods (e.g. http://team/) then it is mapped to the Local Intranet Zone.

    3. The fixed Proxy Bypass list.

    If the user has a fixed proxy specified inside Tools > Internet Options > Connections > LAN Settings, then sites listed to bypass that proxy will be mapped to the Local Intranet zone. The fixed proxy bypass list can be found by clicking the Advanced button; it’s at the bottom of the screen in the box labeled Exceptions.

    4.  (WPAD) Proxy Script.

    If the user’s proxy configuration is “Automatically detect settings” or “Use automatic configuration script” inside Tools > Internet Options > Connections > LAN Settings, the browser will run the FindProxyForUrl function in the specified WPAD proxy configuration script to determine which proxy should be used for each request. If the script returns “DIRECT”, the browser will bypass the proxy and the site will be mapped into the Local Intranet Zone. When mapping a URL to a Zone, URLMon will call the FindProxyForUrl function to determine if the bypass rule applies. One interesting twist is that the proxy script may itself call dnsResolve to get a site’s IP address and use that information as a part of its determination.

    Here is a link for reference:

    The Intranet Zone
    https://blogs.msdn.microsoft.com/ieinternals/2012/06/05/the-intranet-zone/

    "but I would have to do that for every user connecting to the server"

    We could refer to the following link to deploy the list with the GPO.

    Group Policy – Internet Explorer Security Zones
    https://blog.thesysadmins.co.uk/group-policy-internet-explorer-security-zones.html

    NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.

    Best regards,
    Joy.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 26, 2017 10:04 AM
    Moderator
  • Hi Joy,

    Thank you for the links.

    But that still doesn't explain why on some servers (same OS, same version of IE...) I have the possibility to "Automatically detect intranet network" while on others I am forced to define the list manually.

    Thursday, January 26, 2017 1:37 PM
  • But that still doesn't explain why on some servers (same OS, same version of IE...) I have the possibility to "Automatically detect intranet network" while on others I am forced to define the list manually.

    Looks like the generation of that dialog is conditional.  Without access to source or support documentation all we can do is probe the implementation by tracing and inference, e.g. using ProcMon, supplemented by whatever other external tracing seems relevant.  But before doing that see if there is anything different in the networking capability for your two cases.  E.g. what if an internal query is done first to determine if the checkbox is capable of doing anything for the user?  Then the lack of the checkbox might only reflect a difference in the results of that test.  Etc.  Again ProcMon could help but this time there would be something specific to be comparing the traces for--unless it is based only on the properties of the interface in which case ProcMon would probably not have much to show us--unless it was something which could be exposed by activating another trace.   Etc.   ; )

     

    Good luck



    Robert Aldwinckle
    ---

    Thursday, January 26, 2017 8:00 PM
    Answerer
  • Hi Robert,

    Thanks for the reply. I'll try to investigate what the differences could be between the servers.

    Friday, January 27, 2017 9:00 AM
  • @User_605,

    If your a web/intranet developer and you have deployed a website/intranet site to your servers and you are getting client side error messages to access the localhost, then you have to change your source code links in your asp.net or mvc or razor code to use relative paths from the site-root.

    typically coders will use http://localhost:8080 in their code instead of the zlide ~ token in server-side code in their development environments.

    Can you tell us why you need to access the localhost of a web server?

    Regards.


    Rob^_^

    Saturday, January 28, 2017 8:41 PM
  • Hi IECustomizer,

    I am not trying to access a localhost website I developed myself.

    I am trying to access web interfaces of devices on the network.

    For example, we have some switches that can be configured through web pages, by accessing their IP address from a browser. For security reasons, we restrict the access to these configuration pages based on client IP. Therefore, I can only access them from this specific server.

    As I said, for some reason, the web pages don't display correctly because they are detected in the Internet zone. I know I could either find the security setting in the Internet zone that's causing the problem and change it, or add the sites to the Intranet zone manually or with GPO, but I would like to understand why it is like this, and I would prefer if everything was detected correctly automatically, as it is on other servers.

    Do you understand my problem now?

    Thanks.

    Thursday, February 2, 2017 8:23 AM
  • As I said, for some reason, the web pages don't display correctly because they are detected in the Internet zone.

    How are the pages coded?  They could have the "Mark of the web" embedded in them and that would explain your symptom.



    Robert Aldwinckle
    ---

    Thursday, February 2, 2017 2:24 PM
    Answerer
  • I know this is a little old, but I found that it was hidden when I had the "IE Enhanced Security Configuration" turned on in Server Manager. Apparently part of the "Enhanced Security" is no auto detection.
    • Proposed as answer by heavy_rat Wednesday, October 31, 2018 11:25 AM
    Friday, October 12, 2018 9:24 PM
  • Thanks Seth! This resolved the issue for me as well.
    Tuesday, May 21, 2019 8:55 PM