none
Can no longer open CHM files across the local network after installing CU for Windows 1709 for x64 Systems (KB4103727)

    Question

  • We had previously used a group policy preference to set the following registry value, which allows the opening of CHM or Windows Help files from network paths.  We also place the network paths in the Local Intranet zone in IE, although it should automatically detect it as local anyway.

    SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions\MaxAllowedZone (DWORD) = 1

    This works perfectly for all of our users, until we install KB4103727.  After this we get a, "Can't reach this page error" from our CHM files.

    I double checked the registry and the Local Intranet zone in IE and everything looks like it should.

    Friday, May 11, 2018 3:36 PM

All replies

  • Hi Allen,

    How are you launching the chm files from IE... ? or are you using a burlesque WBC in a  exe/dll?

    exactly how do you place a network path in IE's security zone lists? eg. //servername/ resolves to the c://webroot folder on a server machine named servername running IIS.

    A host is not a network path.. try removing the server name from your IE Intranet sites list.

    Can you use the File>Open menu in IE? to launch the chm files (MS Compiled Html help executable) from either its network location or the machine %system% folder?

    ... you should be prompted to open or save the file, not launch it in IE.

    Is your company using Enterprise Site Mode Lists or FEATURE_CONTOL_BROWSER_EMULATION (for WBC applications)?

    all in all it sounds like you are using a WBC application. not IE.

    Is this application developed/maintained by another software company? Have you tried their support forums?

    https://support.microsoft.com/en-us/help/4103727/windows-10-update-kb4103727

    Security updates to Microsoft Edge, Internet Explorer, Microsoft scripting engine, Windows app platform and frameworks, Device Guard, Windows kernel, Microsoft Graphics Component, Windows storage and filesystems, Windows Hyper-V, Windows virtualization and kernel, HTML help, and Windows Server.

    Doesn't tell us much to help you.

    Regards.

    Questions regarding Internet Explorer 8, 9 and 10 and Internet Explorer 11 for the IT Pro Audience. Topics covered are: Installation, Deployment, Configuration, Security, Group Policy, Management questions.


    Rob^_^

    Saturday, May 12, 2018 1:44 AM
  • Hi Rob,

    I'm not really launching it from IE, it is more that the CHM file is a compiled HTML help file that runs IE in an IFrame.  The process that is running when I launch it is hh.exe.

    The .CHM file is located on a network share on a file server.  We use a DFS namespace for this fileshare and using group policy, we map a network drive to everyone's desktop.

           File Share - \\ServerName\ShareName

           DFS Namespace \\DFSNamespacePath\DFSFolder

           Mapped Drive - T:\FolderName\file.chm

    We can add the share to the Local Intranet zone by using the file://DFSNamespacePath syntax.  In fact if I attempt to add T: to the Local Intranet zone, it can resolve it to file://DFSNamespacePath.

    I tried launching the CHM directly from IE, but it does not work if i choose Open.  I'm sure that it would work if I saved it locally because the CHM's still work fine when run from the local machine.  Unfortunately we have some legacy files that a lot of users need to access, and having to copy the CHM files to their local machine every time is a giant pain in the rear.

    We are not using Enterprise Site Mode Lists or FEATURE_CONTROL_BROWSER_EMULATION (for this atleast).

    These are very old help files and I don't know if the company exists anymore or could help us.

    Good catch on the "HTML help" for the Windows 10 update.  I wonder if the problem that I am having is an unintended side effect of their update, or if it was done to close a security hole.

    Thanks for your help!


    Monday, May 14, 2018 3:43 PM
  • We are having this same issue since updates this weekend. Some of our folks are pointing at KB4103712, which also lists security updates to HTML help.

    Like the OP, our former registry work-arounds are no longer working.

    Monday, May 14, 2018 6:01 PM
  • We too have this issue after the KB was installed. Remote execution of a CHM no longer works (nor does the registry modification to allow this as in past times). This affects all CHM files to my knowledge. For instance- copy "C:\Windows\Help\mui\0409\regedit32.CHM" to a network location and then double click on it. The content pane on the right will be blank.

    Monday, May 14, 2018 10:06 PM
  • We too have this issue after the KB was installed. This is a real problem for all our customers - we are developing an ERP-System installed and running over a network share. All these customers with updated Windows are unable to read our help system!!
    Thursday, May 17, 2018 8:09 AM
  • I can confirm that this issue exists and I have been unable to find a workaround that doesn't involve copying the .chm file to a local directory.

    Setting either the "MaxAllowedZone" or "URLAllowList" under the "ItssRestrictions" registry key doesn't done anything.

    Thursday, May 17, 2018 10:05 AM
  • I confirm also that this issue exists and that there is no workaround that doesn't involve copying the .chm file to a local directory.

    kb4103712 (win 7, win server 2008 R2) and kb4103721 (win 10, 1803)  show the same issue.
    Friday, May 18, 2018 9:36 AM
  • use NTFS Symlinks and you are done:

    mklink newlocalPath \\ServerPath /D

    and now you can open your server-side chm-files via newlocalpath

    Friday, May 18, 2018 3:44 PM
  • "

    use NTFS Symlinks and you are done:

    mklink newlocalPath \\ServerPath /D

    and now you can open your server-side chm-files via newlocalpath"

    and this works in running environments? Without shutting down any machine?

    Tuesday, May 22, 2018 3:35 PM
  • Tried it myself and it works! e.g.

    mklink /D c:\MyHelp \\myserver\helpfiles

    now you can access c:\MyHelp\SomeHelp.chm and you'll actually be reading \\myserver\helpfiles\SomeHelp.chm

    Wednesday, May 23, 2018 8:28 AM
  • I have the same problem since I switched to version 1803.
    For me, your solution is not an option,
    because

    1. I have many clients I would have customizing
    2. The clients sometimes have several gigabit data that I would have to link.

    Does not anyone have another solution for this problem?

    Wednesday, May 23, 2018 12:00 PM
  • Hello, we have the same problem. I hope Microsoft will give an advice on how to fix this.
    Thursday, May 24, 2018 2:13 PM
  • We also open CHM Files from a share in our applications on thousands of clients. We are not able to force our customers to install everything local. Please @Microsoft, fix this and continue using the existing registrykeys or at least give us another possibility to white-list UNC paths.

    Regards
    Martin

    Friday, May 25, 2018 7:08 AM
  • @"CONNEXT Communication GmbH":

    1.) You don't need to take (and revert) "possession" (normal wording "Ownership") when using robocopy /B

    2.) Please warn users when recommending to revert security patches. What CVE will users be vulnerable for when applying your "solution"!?

    Monday, June 04, 2018 8:11 AM
  • Great find!

    This workaround does work, but due to the number of users we'd have to deploy it to, and how infrequently they access CHM files, I have decided to wait before implementing it.  Our users have gotten used to copying them local when they need to.

    Although I haven't tested it, I would think deploying it via group policy would not be very difficult.

    Tuesday, June 05, 2018 2:55 PM
  • I just installed the June updates for 1803 (17134.112) and network-hosted .chm files are still broken.
    Wednesday, June 13, 2018 1:13 PM
  • Hello,

    yesterday's patchday did not fix the problem to open .chm files via an unc path. I have only received feedback from Microsoft that the problem is known and a solution is being worked on. Long speech, the mistake still exists.

    For the transition solution described here, system files are exchanged, you (!) act on your own responsibility.

    You can solve this problem by copying the following files from unpatched systems (before the May update) to the corresponding System32 folders. For x64 systems, for 32 bit programs from which help (e.g. F1 key) is started via the network, the same procedure must be performed in the SysWOW64 folder:

    Windows 10/2016
    %SystemRoot%\System32\hhctrl.ocx
    %SystemRoot%\System32\itircl.dll
    %SystemRoot%\System32\itss.dll

    This repairs the direct call of the help via e.g. the Explorer

    SystemRoot%\SysWOW64\hhctrl.ocx
    SystemRoot%\SysWOW64\itircl.dll
    SystemRoot%\SysWOW64\itss.dll

    Repairs the help function in 32 bit applications that call a CHM file in the UNC environment.

    Windows 7 / 8.x / 2008 r2 / 2012 r2

    %SystemRoot%\System32\hhctrl.ocx
    %SystemRoot%\System32\hhsetup.dll
    %SystemRoot%\System32\itircl.dll
    %SystemRoot%\System32\itss.dll

    SystemRoot%\SysWOW64\hhctrl.ocx
    SystemRoot%\SysWOW64\hhsetup.dll
    SystemRoot%\SysWOW64\hh.exe
    SystemRoot%\SysWOW64\itircl.dll
    SystemRoot%\SysWOW64\itss.dll

    You get the problem and the corresponding files relatively easily analyzed yourself. I found out the affected files with MJ`s Diagnostics http://kb.helpwaregroup.com/ms-html-help/mj-s-diagnostics

    Friday, June 15, 2018 5:10 AM