Solved

Windows KB3172605 knocks out https connection to SAP BusinessObjects but only for Internet Explorer

Posted on 2016-08-31
3
1,375 Views
Last Modified: 2016-09-07
We started getting "Page not found" when trying to connect to BusinessObjects XI 3.1 SP6 via https, only for Internet Explorer. We could make the connection via Chrome (but Chrome doesn't fully work with BO for editing reports).

I've narrowed it down to Windows KB3172605 - when this installed, we started getting "Page Not Found". I removed it and we connected. The same scenario is reported in my third link below. This was part of this set of updates:
Windows updates
The page not found error occurred on our development box (with a DOD cert, Sha-1) and on Prod (self-signed cert). So since it fails on both, my conclusion is that it's not the cert.

Here are a couple of links on KB3172605
- Microsoft yanks buggy speed-up patch KB 3161608, replaces it with KB 3172605 and 3172614 (it doesn't say all that much about KB3172605)

- Microsoft rollup announcement, July 2016 (it says it works with Sha-1)

- German blog with discussion on KB3172605, which basically says "don't install it"
     - Also, the third comment is our exact issue

So my questions are
- These KB things, they (often) only affect IE, not Chrome, is that right ?

- BusinessObjects XI 3.1 SP7 officially works with IE-11, but SP6 (which we have) does not support IE-11, but it worked fine until KB3172605. So my gut reaction is that upgrading to SP7 wouldn't solve the issue, it seems to me that KB3172605 is the issue. What do you think ?
0
Comment
Question by:Gadsden Consulting
  • 2
3 Comments
 

Author Comment

by:Gadsden Consulting
ID: 41778529
I'm being advised that the issue could be our cert which uses Sha-1 algorithm, which is deprecated.  However, all evidence points to KB3172605 being the issue.  

Our application (SAP BusinessObjects XI SP6) has worked well with IE-11 for a good while. BUT - IE 11 is not a supported browser (IE 10 is supported in SP6)

BUT - SAP BO XI SP-7 DOES support IE-11. So might this solve the problem, i.e., SP6 / IE-11 croaks with KB3172605, but magically SP7 / IE-11 works slick as a whistle ?
0
 
LVL 43

Accepted Solution

by:
Davis McCarn earned 500 total points
ID: 41779683
If you go here, there is a link near the bottom with a list of its files and it contains a major pile of replacements that replace numerous core parts of Windows.  Just one of them is the certificate services!
https://support.microsoft.com/en-us/kb/3172605

Its extensive enough to almost be considered a service pack rather than an update.  Figuring out why it breaks your existing SAP could be a major task; but, is probably rooted in the older version and how it negotiates SSL.
0
 

Author Comment

by:Gadsden Consulting
ID: 41786658
Davis,

thank you for the reply, and I apologize for the delay. That article is helpful and we are considering that in regards to removing KB3172605 from our updates.

In addition, we did successfully test a fix with KB3172605 applied, here. This fix updated Tomcat web.xml to add a list of specific ciphers to allow.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question