Need to identify CLSID's of IE Browser Add-Ons necessary for OWA 2007 functionality.

Posted on 2010-11-29
Last Modified: 2013-12-08
The title pretty much says it all.

We block all browser plug-ins via GPO with specific exceptions. Unfortunately, I have been unable to find a definitive list of what Brower Add-Ons MUST be enabled for OWA to function correctly.

If anyone can tell me even just which add-ons are required, I'll happily search out the CLSID's on my own!

We have a select few user accounts that don't apply the IE Add-On restricting GPO, and they can access and utilise OWA without any problem. Users who are not blocked from applying that GPO, and who use Vista or Windows 7 encounter Browsing Errors whenever they try to make use of OWA, especially when replying or trying to set/view Options.

Additionally, the problem does not appear to manifest on XP, regardless of whomever is trying to access OWA.

Anyway, if I add the affected users to the global group that prevents them from applying the GPO, and then update their group-policies, the problem disappears. The downside being that doing so essentially obviates our intention to restrict access only to specific IE Add-Ons.

Pls Help!

Question by:Bleus
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 28

Expert Comment

ID: 34235566
I'd Guess these 2 CLSID's


Taken from these 2 lines:

("MimeNSe2k3", "D801B381-B81D-47a7-8EC4-EFC111666AC0", "MIMEe2k3", "mimeLogoffE2k3");
("MimeNSe2k7sp1", "833aa5fb-7aca-4708-9d7b-c982bf57469a", "MIMEe2k7sp1","mimeLogoffE2k7sp1");
("MimeNSe2k9", "4F40839A-C1E5-47E3-804D-A2A17F42DA21", "MIMEe2k9", "mimeLogoffE2k9");

Go to your OWA using an account which has complete access.
View > Source
Search for CLSID

You will come across these above.

I didnt see a kb / Technet article on that. That's funny..
LVL 28

Expert Comment

ID: 34235575
Let me know if that works. I am really curious + there is no MSFT documentation on this.

Author Comment

ID: 34235705
Are you sure you're using OWA from Exchange 2007?

For additional clarification, we've upgraded to Service Pack 3, Rollup 1.

I ask because on the main OWA screen (the one designed to look like Outlook), when viewing source, I am unable to find any CLSID's in the source for the page...

On the OWA Options page, however, I found:

<object id="dlgHlpr" classid="clsid:3050f819-98b5-11cf-bb82-00aa00bdce0b" width="0px" height="0px" viewastext></object>

But I'd already enabled that class-id in the GPO (it's for the dialog helper object I believe).

Nevertheless, I've added the 3 CLSID's you mentioned anyway... but I won't be able to actually test it now until tomorrow when I can get access to an on-site Windows 7 machine...

Thanks for your insight! -- We'll see what tomorrow brings! :)

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

LVL 28

Expert Comment

ID: 34235718
I tested this from the OWA Login page (not post login page)

On Exchange 207 SP1
LVL 26

Expert Comment

ID: 34236403
IMO, there is not Iexplore 8 Add-ons required for the OWA to function.
(as per my machine)

OWA is designed to work most of the browsers.... if the sufficient options are not available the OWA form will decide the same and select the option for "OWA Light"

IMO, the above CLSIDs are 3 options available in the OWA based on the browser version one of the CLSID\object is going to be loaded\used...but not necessarily be the Add-ons.

1. Try disabling the max. possible add-ons and see if you are able to use OWA-premium
if yes, then there is not need for the add-ons

2. If any of the Add-on is interrupting the scripting\processing of the browser..then that add=on shouldn't be allowed to be removed.
reason: that means you are forcing all the OWA users for the OWA-light


Author Comment

ID: 34238673
Hmm... well, to re-state what I said above:


We have a GPO that enforces blocking of IE Add-Ons and it is applied to all but a few users who are restricted (prevented) from applying this GPO. Given the nature of GPO's, I would expect that this setting overrides any other with regard to Add-Ons being permitted to run (or being blocked).


In Vista/Windows 7, any user who is restricted from applying the GPO has no issue with OWA.


In Vista/Windows 7, any user who has the GPO enforced, sees the "Add-On Blocked" icon when they are logged into OWA. (A little cog on the bottom status-bar with a do-not-enter sign tagged onto it.)


The result is a myriad number of errors that crop up ("Web browsing error") on certain areas of the interface, including the Options page, and the Reply-To window, which prevents OWA from being used properly.


Putting a user who applies the GPO, and who had been experiencing the problem, into the exclusion group eliminates the errors, and the "Add-On Blocked" icon. Taking them out again (and I'm using "GPUPDATE /FORCE" and a re-logging-on for each of these actions) brings the error back.
I tried looking at the source of the Reply-To form, but I wasn't able to find a means to "Show Source" on that window.

On a side note, this process would be a LOT easier if IE simply showed you a list of what Add-Ons were being blocked!


Author Comment

ID: 34239544
Update: Adding those three CLSID's doesn't appear to have made any difference. :(

On the "for more information" topic...

A common source of errors is the uglobal.js file. One of the major errors is "Unable to create object", and the relevant line from the file is:
function getXmlDoc(){return new ActiveXObject("MSXML2.DomDocument");}
Clearly an ActiveX call... however the site is placed in the "Trusted Sites" zone, and ActiveX is not prohibited or disabled for that zone (for each of the options in IE, it is set to either Enabled, or Prompt).

But I'm wondering if there's a necessary CLSID for "ActiveX" controls...

And another point (which is probably a complete red-herring): the javascript above references "MSXML2.DomDocument", and I noted that one of the (GPO-enabled) IE Add-Ons is "XML DOM Document" from Microsoft, however the referenced DLL for that add-on is "MSXML3.DLL". I haven't seen any references to an "MSXML2.DLL" in IE... was that file updated in Vista/7?
LVL 28

Expert Comment

ID: 34239590
This shouldnt be so hard...

will post back if I figure out something.

Author Comment

ID: 34239996
This shouldnt be so hard...
rofl -- I completely agree! -- and yet... :P

LVL 28

Expert Comment

ID: 34240270
What 2007 SP and Update rollup is installed ?

Author Comment

ID: 34241046
From above...
For additional clarification, we've upgraded to Service Pack 3, Rollup 1.
Installed and fully updated as of Thurs night last week (I was hoping applying all those updates would address this issue)...


LVL 66

Expert Comment

ID: 34262565
This shouldnt be hard at all...

Makes it even more wierd, is that starting IE without Addons, I an access OWA just fine...... All of the areas mentioned above dont give me those errorrs.....

Both on XP/IE8, and Windows 7..... Wondering if it is in fact a red herring of an error?

I remember a single control referenced in the followoing....

You receive an error message when you try to perform any editing tasks, or you must click to enable the compose frame in Outlook Web Access

Only reason I bring this up, is because it looks to me like I can access OWA regardless of having ANY addons enabled...... Which makes me wonder whats really happening? Maybe thats why it isnt this simple?

Accepted Solution

Bleus earned 0 total points
ID: 34263368
I've seen a lot of text wrt that error while working this problem, and it always seems to reference an ActiveX control for the editting suite whose "normal" operation wasn't compatible with the security models of Vista and IE7/IE8 (allowing that Win7 is essentially Vista w/ a UI upgrade).

The fix was to apply a specific KB patch to the Exchange Server that replaced the outdated ActiveX control with a new control (javascript perhaps?) that would be accepted by the new os/browsers.

Also, IIRC it primarily related to Exchange 2003 (unless you have more up to date information?)

Lastly, having now patched our Exch2k7 to be as up-to-date as I can make it, I have been assuming such things as (replaced) legacy ActiveX controls are also at their most recent iteration...

LVL 28

Expert Comment

ID: 34263554
Thanks for posting the solution. Let us know what kb you used.

I was stuck with CLSID side of things and figure out something which I wanted to share.

Let's say you have a XXX CLSID which is getting blocked by group policy, because of which OWA or some other site is not loading properly.
Question is how do you find out what CLSID it is ?

a) Download procmon.

Actually we just need the regmon part of procmon. Since regmon is no longer available stand-alone, hence procmon.

b) start procmon.
On the procmon toolbar - deselect everything other than registry icon.

c) Filter
Process Name - IEXPLORE.EXE
path - contains CLSID
Now the third filter should be filter by RESULT > and enter the string from the results column with FAILURE / BLOCKED/ whatever pops-up

I didnt apply a GPO to test this, so i didnt get that string. I searched for NAME not found and lot of stuff popped-up.

My guess is if you are looking for some CLSID which is blocked you should be able to find out from here.
Maybe you can try it out and see if that works.

My $.02


LVL 27

Expert Comment

ID: 34699611
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question