Solved

Windows KB3172605 knocks out https connection to SAP BusinessObjects but only for Internet Explorer

Posted on 2016-08-31
3
1,269 Views
Last Modified: 2016-09-07
We started getting "Page not found" when trying to connect to BusinessObjects XI 3.1 SP6 via https, only for Internet Explorer. We could make the connection via Chrome (but Chrome doesn't fully work with BO for editing reports).

I've narrowed it down to Windows KB3172605 - when this installed, we started getting "Page Not Found". I removed it and we connected. The same scenario is reported in my third link below. This was part of this set of updates:
Windows updates
The page not found error occurred on our development box (with a DOD cert, Sha-1) and on Prod (self-signed cert). So since it fails on both, my conclusion is that it's not the cert.

Here are a couple of links on KB3172605
- Microsoft yanks buggy speed-up patch KB 3161608, replaces it with KB 3172605 and 3172614 (it doesn't say all that much about KB3172605)

- Microsoft rollup announcement, July 2016 (it says it works with Sha-1)

- German blog with discussion on KB3172605, which basically says "don't install it"
     - Also, the third comment is our exact issue

So my questions are
- These KB things, they (often) only affect IE, not Chrome, is that right ?

- BusinessObjects XI 3.1 SP7 officially works with IE-11, but SP6 (which we have) does not support IE-11, but it worked fine until KB3172605. So my gut reaction is that upgrading to SP7 wouldn't solve the issue, it seems to me that KB3172605 is the issue. What do you think ?
0
Comment
Question by:Gadsden Consulting
  • 2
3 Comments
 

Author Comment

by:Gadsden Consulting
ID: 41778529
I'm being advised that the issue could be our cert which uses Sha-1 algorithm, which is deprecated.  However, all evidence points to KB3172605 being the issue.  

Our application (SAP BusinessObjects XI SP6) has worked well with IE-11 for a good while. BUT - IE 11 is not a supported browser (IE 10 is supported in SP6)

BUT - SAP BO XI SP-7 DOES support IE-11. So might this solve the problem, i.e., SP6 / IE-11 croaks with KB3172605, but magically SP7 / IE-11 works slick as a whistle ?
0
 
LVL 43

Accepted Solution

by:
Davis McCarn earned 500 total points
ID: 41779683
If you go here, there is a link near the bottom with a list of its files and it contains a major pile of replacements that replace numerous core parts of Windows.  Just one of them is the certificate services!
https://support.microsoft.com/en-us/kb/3172605

Its extensive enough to almost be considered a service pack rather than an update.  Figuring out why it breaks your existing SAP could be a major task; but, is probably rooted in the older version and how it negotiates SSL.
0
 

Author Comment

by:Gadsden Consulting
ID: 41786658
Davis,

thank you for the reply, and I apologize for the delay. That article is helpful and we are considering that in regards to removing KB3172605 from our updates.

In addition, we did successfully test a fix with KB3172605 applied, here. This fix updated Tomcat web.xml to add a list of specific ciphers to allow.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question