none
An add-on for this website failed to run

    Question

  • Hi all,

    I always receive the error "An add-on for this website failed to run. Check the security settings in Internet Options for potential conflicts." when i visit a website.

    I google around but no solution could solve my problem.

    My environment is Windows Server 2008 Standard Edition 64bit.

    What i did in the past:

    • Add the website into trust site. Yes, the website is in the trust site.
    • I checked the website is not in Restrict Zone.
    • Disable the add-ons from Manage Add-ons. When i visit the website, there're 2 add-ons in Currently loaded add-ons. One is XML DOM Document 6.0, another is Java(tm) Plug-in 2 SSV Helper. I disable all of them, but no help.
    • I tried to install one ActiveX Flash plug-in, but issue is still there.
    • From Internet Options, set "Security level for this zone" for Trust site to low, no help.
    • Delete browsing history after setting security level to low, no help too.
    • Delete IEHarden key from HKLM\Software\Microsoft\Windows\CurrentVersion\InternetOptions\ZoneMap and HKCU\Software\Microsoft\Windows\CurrentVersion\InternetOptions\ZoneMap. Also set 10000 to HKLM\Software\Microsoft\Windows\CurrentVersion\InternetOptions\Zone\2\MinLevel and HKCU\Software\Microsoft\Windows\CurrentVersion\InternetOptions\Zone\2\MinLevel. But sitll no help...
    • I used the IE without add-on, but it will occur another issue "To help protent your security, Internet Explorer has restricted this site from showing certain content."... i do not know how to do next...

    Is there anyone who can help me?? This issue makes me mad...

    Thanks!

    Br,

    Fiona

    Tuesday, February 21, 2012 3:28 AM

Answers

  • Hi,

    mmm.... what are you doing surfing the web from server 2008... and worse yet hacking the IE security registry keys manually. (aym!)

    "i do not know how to do next..."

    Recover from a restore point (if you have one)

    or

    nuke and pave then patch (format then re-install the server 2008 sp2 os from your disks, then run windows update from the Start menu to update it with the latest patches. )

    You may have to use IE to install additional software (your av for example).

    IE on server 2008 runs in protected mode... you can only download from sites that are in the IE Trusted Sites list.

    By default microsoft.com is the only site pre-listed in the Trusted Sites list, but to access downloads from technet or msdn you will need to add *.live.com to your trusted sites list so that your live login credentials can be verified when you access technet or msdn downloads. You may need to add additional sites to your Trusted Sites in order to download from those sites using IE...

    DO NOT

    ...Alter IE's Security Zone settings on Windows server versions. Always ensure you are using the default security zone settings (Tools>Internet Options>Security tab, click "Reset ALL security zones to default"). Protected Mode should be left switched ON.

    ...install ANY additional IE Addons or ActiveX controls... it comes pre-installed with all you need. You can install additional search providers from iegallery.com so that you can do web searches from the server (remote in from your desktop) when trouble shooting issues...the pre-installed "Bing" default search provider should be adequate for your needs to troubleshoot widnows server installation and maintenance issues.

    ....use IE on windows server versions for casual web surfing or web application testing.... you can do that from your client workstation without putting the security of your servers and your company networks at risk. There is absolutely no reason to develop web sites or desktop application or web services on a server box... you can do it all from a desktop client version of windows and then publish it to your servers.

    Finally, take the keyboard and screen off and lock the box in the comms cupboard/room. Use Windows Remote Desktop to access your server from your desktop workstation.

    I am sorry.... it realy is that serious... security on servers cannot be taken lightly....

    Do not be afraid to ask your work colleagues for help... better that you put your hand up and ask for help now, rather than find later on that you have left the door open.

    Regards.


    Rob^_^

    Tuesday, February 21, 2012 5:36 AM

All replies

  • Hi,

    mmm.... what are you doing surfing the web from server 2008... and worse yet hacking the IE security registry keys manually. (aym!)

    "i do not know how to do next..."

    Recover from a restore point (if you have one)

    or

    nuke and pave then patch (format then re-install the server 2008 sp2 os from your disks, then run windows update from the Start menu to update it with the latest patches. )

    You may have to use IE to install additional software (your av for example).

    IE on server 2008 runs in protected mode... you can only download from sites that are in the IE Trusted Sites list.

    By default microsoft.com is the only site pre-listed in the Trusted Sites list, but to access downloads from technet or msdn you will need to add *.live.com to your trusted sites list so that your live login credentials can be verified when you access technet or msdn downloads. You may need to add additional sites to your Trusted Sites in order to download from those sites using IE...

    DO NOT

    ...Alter IE's Security Zone settings on Windows server versions. Always ensure you are using the default security zone settings (Tools>Internet Options>Security tab, click "Reset ALL security zones to default"). Protected Mode should be left switched ON.

    ...install ANY additional IE Addons or ActiveX controls... it comes pre-installed with all you need. You can install additional search providers from iegallery.com so that you can do web searches from the server (remote in from your desktop) when trouble shooting issues...the pre-installed "Bing" default search provider should be adequate for your needs to troubleshoot widnows server installation and maintenance issues.

    ....use IE on windows server versions for casual web surfing or web application testing.... you can do that from your client workstation without putting the security of your servers and your company networks at risk. There is absolutely no reason to develop web sites or desktop application or web services on a server box... you can do it all from a desktop client version of windows and then publish it to your servers.

    Finally, take the keyboard and screen off and lock the box in the comms cupboard/room. Use Windows Remote Desktop to access your server from your desktop workstation.

    I am sorry.... it realy is that serious... security on servers cannot be taken lightly....

    Do not be afraid to ask your work colleagues for help... better that you put your hand up and ask for help now, rather than find later on that you have left the door open.

    Regards.


    Rob^_^

    Tuesday, February 21, 2012 5:36 AM
  • @IECUSTOMIZER - You assume too much.  IE8 on Win2008 R2 does NOT come with "all you need".  For example, you cannot access the Microsoft Download Manager to download software from a Microsoft site using the default settings.  Instead, you get the error listed in this topic. 

    Your rant on safety is not helpful as you are assuming that the user is "surfing the web" when they are more likely simply trying to use a needed and trusted web site.

    In my case, I need to download a very large ISO file from Microsoft but I get the mentioned error when I use the recommended method and I eventually get a timeout if I try to download such a large file using the http method.

    So, what settings need to be changed to get arround the error?


    www.ProjectInVision.com

    Thursday, May 17, 2012 5:43 PM
  • Problem solved.

    Many sites use ActiveX controls that are stored at a different site.  The most common example is when sites want to count unique visits and usage patterns so they include a code snippet that attempts to load an ActiveX control from a tracking site such as Google Analytics or (shudder) doubleclick.net.  This is why you can usually ignore the "yellow bar" without affecting your use of the web site.

    In the case of the Microsoft Download Manager, the ActiveX control that is used to access the program actually comes from Akamai as they are the ones who wrote the download manager.  Since this is not a case where I can ignore the yellow bar, the solution is to add the additional site to my trusted sites zone.  The specific site to add is http://dlm.tools.akamai.com.

    It is unfortunate that the yellow bar does not provide more information such as the name and source of the ActiveX control or add-on that initiated the error.


    www.ProjectInVision.com

    • Proposed as answer by EvanBarr Thursday, May 17, 2012 6:23 PM
    Thursday, May 17, 2012 6:23 PM
  • Problem solved.

    Many sites use ActiveX controls that are stored at a different site.  The most common example is when sites want to count unique visits and usage patterns so they include a code snippet that attempts to load an ActiveX control from a tracking site such as Google Analytics or (shudder) doubleclick.net.  This is why you can usually ignore the "yellow bar" without affecting your use of the web site.

    In the case of the Microsoft Download Manager, the ActiveX control that is used to access the program actually comes from Akamai as they are the ones who wrote the download manager.  Since this is not a case where I can ignore the yellow bar, the solution is to add the additional site to my trusted sites zone.  The specific site to add is http://dlm.tools.akamai.com.

    It is unfortunate that the yellow bar does not provide more information such as the name and source of the ActiveX control or add-on that initiated the error.


    www.ProjectInVision.com

    Win! Thank you for posting the fix.. The answer (which should have been posted previously, instead of a pious security lecture) was valid for WORKSTATIONS as well as servers. Although the lecturer was right with respect to his security concerns, security at your firm is none of his or mine, or anyone's business.  Only yours. Lectures are less than helpful when you have a problem that needs to be fixed. Working under the DOD umbrella, I have learned that in spite of having a far tighter security posture than the one described above, (except for the silly keyboard and monitor thing, last I checked most machines wont boot without a keyboard unless you hack the bios... if that's even possible.) SOMETIMES, you have to sidestep your security for a moment to accomplish a task and reestablish it afterwards.

    Kudos my good man! It's always nice when a solution is confirmed in a forum.

    Wednesday, August 01, 2012 4:57 PM