Solved

Windows KB3172605 knocks out https connection to SAP BusinessObjects but only for Internet Explorer

Posted on 2016-08-31
3
1,462 Views
Last Modified: 2016-09-07
We started getting "Page not found" when trying to connect to BusinessObjects XI 3.1 SP6 via https, only for Internet Explorer. We could make the connection via Chrome (but Chrome doesn't fully work with BO for editing reports).

I've narrowed it down to Windows KB3172605 - when this installed, we started getting "Page Not Found". I removed it and we connected. The same scenario is reported in my third link below. This was part of this set of updates:
Windows updates
The page not found error occurred on our development box (with a DOD cert, Sha-1) and on Prod (self-signed cert). So since it fails on both, my conclusion is that it's not the cert.

Here are a couple of links on KB3172605
- Microsoft yanks buggy speed-up patch KB 3161608, replaces it with KB 3172605 and 3172614 (it doesn't say all that much about KB3172605)

- Microsoft rollup announcement, July 2016 (it says it works with Sha-1)

- German blog with discussion on KB3172605, which basically says "don't install it"
     - Also, the third comment is our exact issue

So my questions are
- These KB things, they (often) only affect IE, not Chrome, is that right ?

- BusinessObjects XI 3.1 SP7 officially works with IE-11, but SP6 (which we have) does not support IE-11, but it worked fine until KB3172605. So my gut reaction is that upgrading to SP7 wouldn't solve the issue, it seems to me that KB3172605 is the issue. What do you think ?
0
Comment
Question by:Gadsden Consulting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:Gadsden Consulting
ID: 41778529
I'm being advised that the issue could be our cert which uses Sha-1 algorithm, which is deprecated.  However, all evidence points to KB3172605 being the issue.  

Our application (SAP BusinessObjects XI SP6) has worked well with IE-11 for a good while. BUT - IE 11 is not a supported browser (IE 10 is supported in SP6)

BUT - SAP BO XI SP-7 DOES support IE-11. So might this solve the problem, i.e., SP6 / IE-11 croaks with KB3172605, but magically SP7 / IE-11 works slick as a whistle ?
0
 
LVL 43

Accepted Solution

by:
Davis McCarn earned 500 total points
ID: 41779683
If you go here, there is a link near the bottom with a list of its files and it contains a major pile of replacements that replace numerous core parts of Windows.  Just one of them is the certificate services!
https://support.microsoft.com/en-us/kb/3172605

Its extensive enough to almost be considered a service pack rather than an update.  Figuring out why it breaks your existing SAP could be a major task; but, is probably rooted in the older version and how it negotiates SSL.
0
 

Author Comment

by:Gadsden Consulting
ID: 41786658
Davis,

thank you for the reply, and I apologize for the delay. That article is helpful and we are considering that in regards to removing KB3172605 from our updates.

In addition, we did successfully test a fix with KB3172605 applied, here. This fix updated Tomcat web.xml to add a list of specific ciphers to allow.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question