IIS 5 & IIS 6
Asp site works with Win7 IE 11 but not with Win10 IE11
Last post Oct 19, 2017 07:01 AM by Yuk Ding
Sep 28, 2017 04:55 PM|lareau|LINK
So we have this old asp site (that just won't die).
It's currently sitting on win2k12, it's setup with spn's and kerberos delegation. It uses a Com+ object that runs a .vbs that does a lot of talking with active directory (that runs on the same win2k12 server as the website).
We are starting to roll out our windows 10 implementation.
In our dev environment, it works with win7/IE11 and win10/IE11.
In our production environment, win7/IE11 has worked (and still does) but win10/IE11 is not working.
Some of the error messages are
Active Directory error '80040e37'
The specified directory service attribute or value does not exist.
Error getting attribute max range
Error description: [-2147463153] The attempted action violates the DS schema rules.
Normally these would point to the website not being configured properly but it's working fine for everyone on win7.
So that would point the finger towards the win10 implementation.
What in windows 10 would be causing this issue?
Maybe a specific misconfigured gpo? (we've moved a test computer under an OU with no computer gpo. Same issue)
Sep 29, 2017 03:13 AM|Yuk Ding|LINK
Have you tried any other web browser? If it works fine in develop server with win10/IE11, I think it should not be an win 10 IE 11 issue.
So please check your product server configuration. The ASP error didn't show any useful information. Maybe you could try to add your site to competitive view to check whether it could fix this issue. You could also try to reset the IE configuration.
Considering it only occur in specific web browser, it should be a client side-issue instead of an server-side issue. Maybe you could check the difference between dev environment win10 and production environment win10.
Sep 29, 2017 12:44 PM|lareau|LINK
No the problem still persist with another browser. I did discover that chrome in win7 is giving the same error as win10.
I've tried the site on a windows 8.1 machine and it works fine.
I've ruled out GPOs I beleive (moving the computer to an OU with no gpos on it).
This seems to point towards a win10 security change. Maybe something like credential guard. I tried running Fiddler in our prod environment and that doesn't work either (where it works in dev)
Agreed on checking the differences between environment but right now the scope seems really big. I'm just trying to narrow it down to something manageable.
Oct 09, 2017 07:46 AM|Yuk Ding|LINK
Have you checked the permission issue? I noticed that Active
Directory error '80040e37' could be caused by permission issue. So please check the ntfs permission for authenticated user and application pool identity.
Oct 09, 2017 12:28 PM|lareau|LINK
I've opened up an incident call using one my mdsn incident credits so I'll report back if we're able to find the issue.
I wouldn't think it's the permissions on the application pool or the user because it will work for the same user in win7/win8/win2012.
It seems to be a setting or something on win10 that is preventing the permissions from being read or passed to the website.
Oct 19, 2017 07:01 AM|Yuk Ding|LINK
You could try process monitor for the w3wp.exe to troubleshooting the permission issue.