none
IE8 + HTTPS + TMG = Page Not Found. Big issue. See details. RRS feed

  • Question

  • (I saw this post on another site by alexgarin. I am having the exact same issue so instead of writing my own I copied the one below.)

     

    Hello,

    Few days ago we started experiencing very interesting and new issue. It took some time to figure out what is going on, but now I have a clear understanding what is happening. So here is the scenario:

    1. Client is Windows 7 with Internet Explorer 8.0. We just finished Windows 7 roll-out and plan to upgrade IE8 to IE9 soon (but not today)
    2. We have TMG 2010 for WEB filtering and we block all the bad sites (porn, weapon, malicious, malware etc.) but not blocking all good stuff
    3. Client visit HTTPS WEB site (e.g. Bestbuy, FutureShop, CIBC bank, TD bank, RBC bank and many other) and at some point they get "Page Not Found"

    If I do the same from IE9, FireFox or Chrome - no problem. Only IE8 has this issue. If I upgrade IE8 to IE9 - problem is gone right away.

    Using Developers Tools -> Network -> Capture in IE9 I discovered what is causing this. Here is the details.

    User visit web site https://a.com. When user sign-in, this site make a call to another site - for example https://b.com for tracking purposes. You know, everybody today wants statistics - who is the visitors, how many hits per day etc. Both sites usually HTTPS otherwise you get "Mixed COntent" issue. So what is happening if https://b.com is blocked by TMG, IE8 does not come back and does not display original page https://a.com at all - Page Not Found.

    Reason why https://b.com is blocked because TMG use Microsoft Reputation Services and sites like https://ssl.google-analitic.com are recognized by MRS as malicious software. And I can kind of understand that. Nobody prevents me to create domain https://alex-google.com but most likely it will not be recognized as valid or good domain unless I can prove it.

    Bottom line: ALL other browsers (IE9, Chrome, FireFox) have no issue when sub-called-domain is blocked, I guess they just ignore this and still display WEB page properly. Only IE8 has this issue.

    My question: does anybody got this issue? If yes, what solution you implemented?

    I can see following options for us:

    1. Upgrade to IE9. Sounds nice, but we don't have approval yet to do that. Besides it looks like IE8 should be supported, right?
    2. Enable "malicious" category on TMG. Well, it will fix theis issue, but I don't want to discover next day lots of malicious things here :-)
    3. Keep unblocking (by category override) each and every URL that is blocked. Well, you know - this is too much work, we don't want this
    4. Find the true root cause and fix it? But how? Open Microsoft case? We can but we are busy and this can take long time to do that...

    Bottom line: we are in kind of crackdown here. I'm sure that if you have Windows 7 + IE8, TMG and blocking malicious WEB sites, you can recreate this problem.

    If anybody can recommend any potential solution or confirm that this is an issue with IE8, I wouold very much appreciate it.

    Thanks!


    • Edited by jlaborde Monday, October 24, 2011 7:56 PM
    Monday, October 24, 2011 7:10 PM

Answers

  • Hi,

     

    Please pply below registry settings on the client:

     

    HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615

    DWORD : iexplore.exe  Value : 1

     

    HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615

    DWORD : iexplore.exe  Value : 1

     

    Regards,


    Nick Gu - MSFT
    • Marked as answer by jlaborde Friday, October 28, 2011 10:48 PM
    Wednesday, October 26, 2011 4:06 AM
    Moderator

All replies