none
IE11 on windows 10. HSTS intranet http://....gov.uk websites not working since KB4494440 RRS feed

  • Question

  • Some of our intranet websites are using http.  Our domain ends .gov.uk.  Once KB4494440 https://support.microsoft.com/en-gb/help/4494440/windows-10-update-kb4494440 has been installed on a machine, that machine can no longer access the site.  If we use a url of http://sitename and leave off the domain part then the site works.

    Is there a way of having intranet servers ignored regarding this behaviour so we can include the domain name as part of the URL?

    I tried removing KB4494440 and was then able to access http intranet sites as long as I hadn't tried to access them with the update in place.  This seems to suggest that there is a cache, but even after clearing the browser cache I still couldn't access the sites.  Can anyone tell me where the cache is

    Regards

    Pete.


    • Edited by PeteL1 Thursday, May 16, 2019 9:21 AM
    Wednesday, May 15, 2019 3:35 PM

All replies

  • Hi Pete,

    We also have the same issue, for us we removed KB4499167 (Win10) and KB4499164 (Win7) and that sorted it for websites that we had not already visited (same as you). 

    We had a clue from the line in KB4499167 as described below:

    "Adds "uk.gov" into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for Internet Explorer and Microsoft Edge."

    We have logged a call with MS Support and will update when we have more information.

    Regards,

    Eric.

    Thursday, May 16, 2019 3:06 PM
  • Hi Eric

    Thanks for replying, I was starting to feel as if we were the only ones.  We have also raised a call with Microsoft, I'll update if I hear anything.

    If you clear the browsing history but make sure that 'Preserve Favourites website data' is not ticked, that should clear the already visited sites.

    If KB4498206 gets installed on W7 that will also break it :-(

    Here's hoping it's a quick fix.

    Pete.

    Thursday, May 16, 2019 3:22 PM
  • We are also a .gov.uk site and have noticed since installing the update (KB4494441) we can no longer access FQDN sites internally that are not HTTPS.

    The problem we have is that so many links are set as the FQDN it would be a nightmare to change them all to the short name.

    Hopefully MS will come up with a fix.

    Thursday, May 16, 2019 3:50 PM
  • Hi Pete, I'm on the Windows servicing team. This is a known issue that the we are actively working on. Please check the Windows release health dashboard for progress updates. 
    Friday, May 17, 2019 2:36 AM
  • Friday, May 17, 2019 11:46 AM
  • Friday, May 17, 2019 11:47 AM
  • Hi Pete, We resolved this over the weekend. For those affected by this matter you can check for updates to download and install the update immediately. 

    Information specific to each Windows version can be found on the Windows Dashboard: aka.ms/WindowsReleaseHealthDashboardPreview 

    Monday, May 20, 2019 1:02 AM
  • Hi Eric,

    We resolved this over the weekend. For those affected by this matter you can check for updates to download and install the update immediately. 

    Information specific to each Windows version can be found on the Windows Dashboard: aka.ms/WindowsReleaseHealthDashboardPreview 

    Monday, May 20, 2019 1:03 AM
  • Thanks.

    Do you know when it will be released to WSUS? It will take us forever to apply this update manually.

    Monday, May 20, 2019 8:52 AM
  • Hi Melissa

    Thank you for the response.  I have been trying to install KB4505056 onto Windows 10 Enterprise 2016 LTSB but unfortunately the process tells me that it is not applicable to this computer.  The update catalogue does seem to suggest this is for 1809.  Is there a version that is compatible with LTSB?

    Regards

    Pete.

    Tuesday, May 21, 2019 12:34 PM