From my windows 10 machine I can access it fine, and (using Firefox) I can see that it has a security certificate supplied by COMODO CA Limited, and connects over TLS 1.2 with the following cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA.

All fine.

I've got an app running on a Server 2016 Datacenter VPS though, which refuses to connect. The VPS providers have assured me that there are no firewall or proxy restrictions, I can telnet fine to the server, but I can't make any headway with understanding what the connection issues are.

Using IE on the 2016 server to hit the api, I get the following response:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://api.betdaq.com again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

(And just to confirm, I don't experience these issues with other secure sites / services).

I've installed Microsoft Message Analyzer and Wireshark to see what's happening, but neither flag up any errors (at least not to my untrained eye). The client hello is sent, but then there are a host of RST ACK messages, and that's it. (Apologies, this is way out of my comfort zone - I'm just following advice from articles I've googled, I'm not at all sure what all the outputs are telling me.)

I've also installed OpenSSL to do some digging, and whilst on my windows 10 machine I get a host of info about the certificate chain, certificate, keys, etc, on the Server 2016 VPS I just get the following:

OpenSSL> s_client -connect api.betdaq.com:443

CONNECTED(00000170)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1540574555
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
error in s_client

Does anybody have any idea what may be causing my issue?

Cheers, J.

↧

Incorrect color in color picker

October 15, 2018, 11:54 pm

≫ Next: Security Update Blocked my mailto

≪ Previous: Secure connection problem - cannot hit https API

Hi all.

I think color picker in IE 11 devtools works incorrectly.

If background color is #eeeeee = rgb(238,238,238), color picker shows rgba(237,237,237,1) that is equal to #ededed.

Could someone explain is it a bug, or my browser is incorrectly configured or smth else?

Info about system: Windows 7 x64 Enterprise Service Pack 1, IE 11.0.9600

Kind regards,

Ilya

↧

Security Update Blocked my mailto

October 16, 2018, 6:44 am

≫ Next: IE/Edge do not fall back to NTLM if Kerberos not available

≪ Previous: Incorrect color in color picker

I have a website, written in Java, that uses a mailto call (Client Default IE11 & Outlook). Since May 2018 and coinciding with the KB4103768 Security Update for IE, the web site only 'pops up' the mailto message once and the subsequent calls are just ignored (no error message). Running the site without the update (in testing) has the mailto command working every time. Would suggest that the Update will not be rolled back so an alternate code example would be appreciated. Snippet - var mailaction = 'mailto:'+header+subject+wholebody; window.location.href = mailaction;

↧

IE/Edge do not fall back to NTLM if Kerberos not available

October 16, 2018, 11:23 pm

≫ Next: Certificate Revocation Alert

≪ Previous: Security Update Blocked my mailto

We have recently changed our SharePoint on-premise authentication method from NTLM only to Kerberos/NTLM. Since then when we try to login from Internet (no kerberos) IE causes trouble getting a 401 (Unauthorized) due to the fact that it does not fall back to NTLM, but wants to use Kerberos instead. This behaviour only applies to IE and Edge, other browsers like Chrome or Firefox due proper NTLM. The Response Header I see in IE is correct (WWW-Authenticate: Negotiate, NTLM), though. Just that both IE or Edge always only try kerberos which fails fro outside our corporate network or VPN. It doesn't look to me like it owuld be a Firewall or IIS Server issues, since other browsers (non-Microsoft) do properly work with NTLM within the same scenario. BTW, there is a similar situation with Dynamics CRM on-premise, I am not an expert here, but with this when trying to browse the internal URL from WAN (which might not be the right approach, but firewall-wise it is allowed), we get the same issue with IE/Edge. Using internet-faced deployment URL for CRM via ADFS, this works with IE/Edge too from outside corporate network. This seems to be the same cause, these browsers to not fall back to NTLM if Kerberos isn't available.
After I got my Kerberos Ticket once, until it expires or I purge it, I can work with these browser from outside LAN too.

IE security Settings is set to Enable Integrated Windows Authenticaton and servers in charge are members of Local Intranet Security zone

kind regards,

Dieter

↧

Certificate Revocation Alert

October 11, 2018, 7:35 am

≫ Next: How to set any url to New Tab of Microsoft Edge browser through Group Policy.

≪ Previous: IE/Edge do not fall back to NTLM if Kerberos not available

I have a user who gets a security alert in IE 11 - Revocation information for the security certificate for this site is not available. Do you want to proceed?
She gets this going to all sorts for websites, Accuweather, Microsoft, many others, that I know have valid certificates. I view the certs on her machine, they look fine, dates, names, etc. Her windows 7 is up to date. The certificates MMC plug in shows the trusted root certificates as it should. Anybody have a clue how to fix this?

↧

How to set any url to New Tab of Microsoft Edge browser through Group Policy.

March 2, 2017, 7:42 am

≫ Next: Microsoft Edge for MacOS

≪ Previous: Certificate Revocation Alert

I have a requirement to set a specific url into New Tab via Group policy for Microsoft Edge. As of now While opening a new Tab page in Edge, default page (Which is set by microsoft) is opening. So I need to set a specific URL into New Tab. So when i will open a new Tab, it will redirect to specific URL only.

Can you please let me know the Solution ASAP.

↧

Microsoft Edge for MacOS

October 18, 2018, 12:54 am

≫ Next: unable to open https://login.microsoftonline.com

≪ Previous: How to set any url to New Tab of Microsoft Edge browser through Group Policy.

Is there any plan to bring Microsoft Edge for MacOS?

↧

unable to open https://login.microsoftonline.com

October 18, 2018, 6:06 pm

≫ Next: 'Protected Mode' and 'Run As Administrator' in Internet Explorer

≪ Previous: Microsoft Edge for MacOS

why can I not open https://login.microsoftonline.com when I have been using it every day?

↧

'Protected Mode' and 'Run As Administrator' in Internet Explorer

October 19, 2018, 2:07 pm

≫ Next: Change default location when upload file

≪ Previous: unable to open https://login.microsoftonline.com

I'm trying to understand how these two options work together.

If 'Run As Administrator' is uncheckedon IE shortcut, does Protected Mode in IE Option work or not?

If 'Run As Administrator' is checked on IE shortcut, does Protected Mode in IE Option work or not?

In my assumption, the Enable Protected mode in in IE internet zone only works when IE process is launched with a standard user access token the user uses . If IE process is launched from a administrative user token (run as administrator), will this IE Option still work if it's checked and restrict access to securable objects like system files and registries?

↧

Change default location when upload file

October 14, 2018, 2:10 am

≫ Next: OST to PST

≪ Previous: 'Protected Mode' and 'Run As Administrator' in Internet Explorer

Hello

when i'm on webiste and want to upload file, the file browser opened and i go to the location where the file i want to upload is there. Next time when i want to upload a file, it goes to the last directory that i uploaded before. i want to change (through registry) the default path. so everytime i want to upload files, it will go the specific location that i set before. please assist .

↧

OST to PST

August 6, 2018, 3:52 am

≫ Next: Cannot install IE11 on Server 2008 R2

≪ Previous: Change default location when upload file

How can I convert OST file format to PST file format in MS Outlook?

↧

Cannot install IE11 on Server 2008 R2

October 24, 2018, 5:55 am

≫ Next: Can’t connect securely to this page

≪ Previous: OST to PST

I have a 2008 R2 Standard, 64 bit, 32 GB ram, that will not install IE11. Plenty of disk space. Windows updates gets applied every month but IE is the pink elephant in the room.
Here is what I have:
"Internet Explorer did not finish installing For information see the Internet Explorer Troubleshooter. This link is also on your desktop"
When I click the link in the above pop up, I get

application not found.

Looking in event viewer:
In setup - Package KB2841134 failed to be changed to the Installed state. Status: 0x80070002.
In Application Event 1001 -
Fault bucket , type 0
Event Name: CbsPackageServicingFailure2
Response: Not available
Cab Id: 0
Problem signature:
P1: 6.1.7601.23505
P2: Microsoft-Windows-InternetExplorer-Package-TopLevel
P3: 11.2.9600.16428
P4: amd64
P5: unknown
P6: 80070002
P7: Stage
P8: Resolved
P9: Installed
P10: DISM Package Manager Provider
Attached files:
C:\Windows\Logs\CBS\CbsPersist_20180817173115.cab
C:\Windows\Logs\CBS\CbsPersist_20180915231046.cab
C:\Windows\Logs\CBS\CbsPersist_20180916025506.cab
C:\Windows\Logs\CBS\CbsPersist_20181013210537.cab
C:\Windows\Logs\CBS\CbsPersist_20181013224838.cab
C:\Windows\Logs\CBS\CBS.log
C:\Windows\servicing\Sessions\Sessions.xml
C:\Windows\winsxs\poqexec.log
C:\Windows\inf\setupapi.dev.log
These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: cfef9c92-d78a-11e8-bea6-6eae8b6019b9

↧

Can’t connect securely to this page

October 24, 2018, 6:14 am

≫ Next: Can I get Internet Explorer 11 for Windows Server 2012 ?

≪ Previous: Cannot install IE11 on Server 2008 R2

Hi All,

When i go to one of my office internal website, I get this below error in the internet Explorer.

" Can’t connect securely to this page

This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner."

It works fine for the other users, They do not have a problem opening the Link.

FYI, Internet explorer that i use is version : 11.345.171134. I have also Checked the TLS Settings and Its enabled for TLS 1.0 , 1.1 and 1.2.

Please help.

↧

Can I get Internet Explorer 11 for Windows Server 2012 ?

November 8, 2013, 5:18 am

≫ Next: IE 11 help

≪ Previous: Can’t connect securely to this page

Can I get Internet Explorer 11 for Windows Server 2012 ?

NO R2,
I want to use Internet Explorer 11 on Windows Server 2012.

Regards,
Yoshihiro Kawabata

↧

IE 11 help

October 24, 2018, 1:44 pm

≫ Next: OWA S/MIME won't decrypt DOD Webmail

≪ Previous: Can I get Internet Explorer 11 for Windows Server 2012 ?

Hi there,

My browser use to open the Excel files downloaded just fine. I've checked all the download settings and everything seems ok. When I try to directly open the file from the website, I get this error. Does anyone have any ideas?

Originally when the download use to work, the file would be called "panel1.xlsx", but right now it seems to be trying to resolve some code? I can't paste an image currently, but the message reads:

Sorry we couldn't open
'https://advantage.iriworldwide.com/CRXRPM/struts/ExportRenderer.do?EXPORT=xlsx&EXPORTENTITY=pane&PANEID=315755'

↧

OWA S/MIME won't decrypt DOD Webmail

October 24, 2018, 5:57 pm

≫ Next: SAFESEARCH

≪ Previous: IE 11 help

I have exhausted every avenue trying to find a problem reading encrypted USAF webmail. I am using IE 11 on Windows 10. I thought I had this feature working a few days ago, but in my tinkering to get other websites working I appear to have broken the S/MIME functionality.

I can access the OWA site and unecrypted email fine. I am using Office 365 OWA webmail at https://cp.mail.us.af.mil. I found that this was the only link that works for me. I have downloaded all of the DOD certificates and installed ActivClient 7.1.0.213.

When I click on the S/MIME link in the conversation view of an encrypted email, a pop-up is generated with the email. That pop-up window will not display the message content and instead gives me the following error:

"The S/MIME message wasn't decrypted successfully. No certificate was found. If you have a smart card-based certificate, insert the card and try again."

I have tried clearing the SSL, removing all user certificates, added af.mil to compatibility view and the website to my trusted sites. I even did extensive work ensuring my CAC card has the correct email and PIV assigned from the DOD ID Card website.

This seems to be an issue with the pop-up functionality of IE 11 and S/MIME. I have tried reinstalling several times.

I appreciate any help, thank you!

↧

SAFESEARCH

October 25, 2018, 7:58 am

≫ Next: Internet Explorer 11 returns 408 for ajax POST request

≪ Previous: OWA S/MIME won't decrypt DOD Webmail

SafeSearch is not letting me change it to off?

↧

Internet Explorer 11 returns 408 for ajax POST request

October 25, 2018, 10:52 am

≫ Next: seahorse

≪ Previous: SAFESEARCH

We have a website that makes ajax POST call. Since recently we found that lot of our users are getting 408 for ajax POST. This is not a consistent repro, but we can repro this in IE 11 browser. The ajax call makes an OPTION call and POST call. OPTION call always returns success statue code. But POST calls returns 408. Fiddler shows the POST request body is always empty when erroring out 408 case. Looks like that the call timeout before sending the body. I found several articles online about similar experience in IE 11, but could not find the reason or a solution. Why is this happening IE11 ? is there a solution for this issue ?

Thanks.

↧

Latest Images