Internet Explorer Issues

[Gerry]

7 hours ago, Lyonel said:

Thanks @Gerry for the update ! That was quick 

We just want to be awesome 

[Lyonel]

@Gerry Chrome works on W7 affected machines but it is not a supported browser in our company (too many legacy systems do not work on Chrome)... I will get the tech guys here to look into it. Thanks for confirming our "special status" 

[Gerry]

@Lyonel

Ok great. I was not suggesting you use chrome instead, its just knowing that it works eliminates any potential networking/proxy issues (assuming you use the same proxy config on Chrome as you do on IE of course). So that leaves a problem with IE security settings/behaviour. 

Gerry

[Daniel Dekel]

Hi @Lyonel,

We had been investigating the memory issue related to IE11 in the Collaboration Core. 

We found found that there are issues with IE11 (in Microsoft side). There is a known issue related no IFRAMES and not removing the memory. We use IFRAMES in several places to display emails, embedded media and more. Other issues are how IE is managing internally the memory and that is not a memory leak but just inefficiency. IE's team in many cases are basically not going to fix these issues as these were reported back in 1015.
We did a few small improvements but are not going to impact too much. One of the changes we had to make is the removal of embedded content for Tweeter (only for IE11). This is because Tweeter has a memory leak known issue, in that case you will only see the link to Tweeter.

We will continue keeping an eye on this and if there something extra we can do to improve we will do.

After testing internally the changes, We will probably push the build next week.

Thank you,

Daniel.

[Lyonel]

Hi @Daniel Dekel, @Gerry, we believe we have identified the patch causing the issue: KB4021558 'June release for IE11 - Windows 7 x86'

We tried to remove it on a couple machines and after reboot things are back to normal. It is possible that more of your customers will experience the same issue once they start deploying this patch on their estate.

Is there anything on your side you could do to alleviate the impact of this KB? (I have no knowledge on this type of things so sorry if this is a stupid question!)

Thanks

[Daniel Dekel]

@Lyonel good to hear you found the cause o the problem. Is also nice that you've shared it in this post. Any customers that use IE11 can find the fix here. Thanks!

Regarding the memory, not much that we can do. Is how IE manages internally the memory. 

Firefox - clean - will weight about 90MB and with the Collaboration core  it goes to 126MB

Edge - clean - will weight 15MB and with Collaboration core will go to 17MB

IE - clean - will weight between 60MB to 200M (really depending on the day) and with collaboration core it goes to between 170 to 270MB and form there it just adds.

IE will try to use whatever memory is available in your system. So if you have 4GB RAM and you ave 2GB free, it can try to use these 2.

If you can convince people to change this old browser, that will be really the best! From what we've seen Chrome is the fastest one. But I know how difficult it can be to change things in a big organisation.

Let me know if I can do anything else.

Thanks,

Daniel.

[Gerry]

@Lyonel

Thanks for giving us an update on this. It is good that you have at least identified the change that caused the problem but we would suggest you be very cautious about removing Microsoft security patches because there are generally good reasons for Microsoft to deploy them.  This particular patch includes (amongst other things)....
 

Quote

The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer.

Relaying the sentiment of an internal discussion amongst some of our security savvy folk here at Hornbill, we would feel a lot better suggesting you switch to a more secure browser/os as an alternative to removing any security patch. 

Can I clarify something with you, this tread seems to be tracking a number of issues.  In relation to the CORS/-1 error you were getting, my understanding is you were only seeing this error on Windows 7/IE11 computers that have this security patch applied? does that mean you are not seeing the CORS/-1 error on IE11/Windows 10? or is the -1 error being seen on ALL IE browsers in your organisation.  Clarification here would be most helpful. 

Thanks,

Gerry

[Lyonel]

@Gerry as far as we can tell, it looks like only Windows 7 / IE 11 machines are affected.

Changing browser is unfortunately not an option  (I have tried so many times in the past, always the same answer).

[TrevorKillick]

@Lyonel

Thanks for the updates just to clarify is the -1 error message you reported happening on all IE11 / Win 7 Machines or only ones that have KB4021558 installed?

Kind Regards

Trevor Killick

[Lyonel]

All affected machines have the KB installed @TrevorKillick 

[Gerry]

@Lyonel

In that case, you might consider upgrading the OS from Windows 7 to Windows 10 for those users which would also solve the problem I believe?

 

Gerry

[Lyonel]

Hahaha... @Gerry that's in progress but it will take 3 years to get there ! I admire your perseverance though

[Gerry]

7 minutes ago, Lyonel said:

Hahaha... @Gerry that's in progress but it will take 3 years to get there ! I admire your perseverance though

@Lyonel

Lol fair enough, I too have worked for very large global organisations so I understand these things are not as fast moving as they could be.  As long as you are happy you have a plan that does not include running your affected computers without their recommended security patches for a long period of time we can sleep easy.

As the problem is only apparent on Win7/IE11 and not on Win10/IE11 there is a very low likelyhood we would be able to find a specific workaround, if anything does come to light though we will let you know straight away. 

Gerry
 

[Lyonel]

@Gerry, @Victor, @Daniel Dekel,

Have some news on this topic. Turns out our change of Proxy solution was indeed related to the issue, but not in the way we would think...

So after calling Microsoft for some help, turns out IE (unlike other browsers, surprise?!) uses a system setting to check certificates (CRLs) where as Chrome, for instance, has its own "engine" to perform the check. Our new proxy solution had missing CRLs in the settings so was blocking some addresses. But even after sorting this out, we still had the issue.

Thanks to a Microsoft engineer, we discovered that the old proxy setting was still saved in a well hidden registry key that IE was using to check CRLs (depsite having the new proxy setup properly in IE! ) To find out if the settings on the machine are correct, just run the following command: "netsh winhttp show proxy" (with admin rights).

So to resolve the problem, a simple command "netsh winhttp reset proxy" did the trick by resetting the proxy on the computers with the correct new values. And it just started working again

FYI: I later discovered that we actually had the same problem with many other sites: BBC, LinkedIn, payroll systems, etc... But as I mentioned previously, despite working in IT Support, my colleagues are terrible at providing me with good info (worse than end users themselves )

I love IE!  Can't wait for the day we move to a better browser! Although I am sure this day will never come for us 

Hope this post is clear enough and might help users in the future should they come across something similar!

 

[Gerry]

@Lyonel

Thats great news, thank you for letting us know.  Our use of HTTP and browsers is very standard so we generally have a good handle on this stuff.  Of course once we are behind a customers firewall we loose the ability to easily contribute to support issues that are customer network specific.  It does not help when Microsoft have hidden away registry settings that only Microsoft Engineers know about   I am glad you guys found the solution though, thanks very much for taking the time to post back the details on our community - I very much doubt you will be the only organisation to run into this little nugget ..

Gerry