Solved

Windows KB3172605 knocks out https connection to SAP BusinessObjects but only for Internet Explorer

Posted on 2016-08-31
3
1,065 Views
Last Modified: 2016-09-07
We started getting "Page not found" when trying to connect to BusinessObjects XI 3.1 SP6 via https, only for Internet Explorer. We could make the connection via Chrome (but Chrome doesn't fully work with BO for editing reports).

I've narrowed it down to Windows KB3172605 - when this installed, we started getting "Page Not Found". I removed it and we connected. The same scenario is reported in my third link below. This was part of this set of updates:
Windows updates
The page not found error occurred on our development box (with a DOD cert, Sha-1) and on Prod (self-signed cert). So since it fails on both, my conclusion is that it's not the cert.

Here are a couple of links on KB3172605
- Microsoft yanks buggy speed-up patch KB 3161608, replaces it with KB 3172605 and 3172614 (it doesn't say all that much about KB3172605)

- Microsoft rollup announcement, July 2016 (it says it works with Sha-1)

- German blog with discussion on KB3172605, which basically says "don't install it"
     - Also, the third comment is our exact issue

So my questions are
- These KB things, they (often) only affect IE, not Chrome, is that right ?

- BusinessObjects XI 3.1 SP7 officially works with IE-11, but SP6 (which we have) does not support IE-11, but it worked fine until KB3172605. So my gut reaction is that upgrading to SP7 wouldn't solve the issue, it seems to me that KB3172605 is the issue. What do you think ?
0
Comment
Question by:Gadsden Consulting
  • 2
3 Comments
 

Author Comment

by:Gadsden Consulting
ID: 41778529
I'm being advised that the issue could be our cert which uses Sha-1 algorithm, which is deprecated.  However, all evidence points to KB3172605 being the issue.  

Our application (SAP BusinessObjects XI SP6) has worked well with IE-11 for a good while. BUT - IE 11 is not a supported browser (IE 10 is supported in SP6)

BUT - SAP BO XI SP-7 DOES support IE-11. So might this solve the problem, i.e., SP6 / IE-11 croaks with KB3172605, but magically SP7 / IE-11 works slick as a whistle ?
0
 
LVL 43

Accepted Solution

by:
Davis McCarn earned 500 total points
ID: 41779683
If you go here, there is a link near the bottom with a list of its files and it contains a major pile of replacements that replace numerous core parts of Windows.  Just one of them is the certificate services!
https://support.microsoft.com/en-us/kb/3172605

Its extensive enough to almost be considered a service pack rather than an update.  Figuring out why it breaks your existing SAP could be a major task; but, is probably rooted in the older version and how it negotiates SSL.
0
 

Author Comment

by:Gadsden Consulting
ID: 41786658
Davis,

thank you for the reply, and I apologize for the delay. That article is helpful and we are considering that in regards to removing KB3172605 from our updates.

In addition, we did successfully test a fix with KB3172605 applied, here. This fix updated Tomcat web.xml to add a list of specific ciphers to allow.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now