Category Archives: Microsoft

Configuring Internet Explorer 11 Enterprise Mode (IE11 Compatibility Mode)

With yesterdays release of Windows 8.1 Update 1 came the significant improvement to Internet Explorer 11 with the inclusion of Enterprise Mode, also known as compatibility mode. This will encourage businesses who are struggling to move to the later operating systems because of legacy applications reliant on using the older browsers such as Internet Explorer 8. These legacy and often business critical applications have probably had a lot of investment over the years making it a difficult business decision to move away from it.

Although not a fix for all, Internet Explorer 11 Enterprise Mode is here to ease the transition. This guide is a quick start to show you how to implement, manage and set it up centrally with a quick easy to follow screen guide.

Please note that to use the Group Policy Management the Server / Workstation must be on Windows 8.1 Update 1 / Windows Server 2012 R2 Update 1 or at least your ADMX Files must be updated.

Go to the following link to download the IE 11 Enterprise Mode Site List Manager

Once downloaded install on a server / workstation of your choice – we chose to install the Site List Manager on our domain controller.

Now before we dive off in to Group Policy and went and configured IE 11 Enterprise Mode for the End Users, it is identified that Enterprise Mode requires a centralised list of sites that are to be used with Internet Explorer 11 Enterprise Mode. Reading the small print it requires a web server to obtain the xml file from. I have seen a few other posts placing it as an xml off their main public facing website – not a security choice I prefer myself, and as big advocators of DirectAccess thought it best to place the “sitelist.xml” file on an internal web server. So as shown below a blank xml file was created under inetpub\wwwroot on the respective chosen server.

Using Group Policy Management Console we now configure Internet Explorer 11 Enterprise Mode for our users and sites. Choose a common Group Policy that is used by Users, or alternatively create a new GPO just for this. We often use specialised Group Policies for Common User and Computers Settings that we wish people to have so our choice was easy.

On Opening the GPO - Navigate to User Configuration \ Administrative Templates \ Windows Components \ Internet Explorer, and select the Let users turn on and use Enterprise Mode from the Tools menu setting to Enabled as shown below.

Then open Use the Enterprise Mode IE website list – enter the URL of your Internal Webserver and xml list name as per the example shown below

Click Apply and close the Group Policy.

Now Open Enterprise Mode Site List Manager

By Clicking add will bring up the dialogue box as shown. Enter the URL and select whether to use “Enterprise Mode” or “Default Mode”. Once you enter a URL the Enterprise Mode Site List Manager will attempt to connect to the URL to validate it. Additionally it is useful for other Administrators if notes are made.

Once the Sites are added and verified then save the list to the webserver \ wwwroot \ sitelist.xml

This then becomes the central repository for the Enterprise Mode Enabled Websites which after the Group Policy has applied will automatically switch between Enterprise Mode and Default IE 11 Mode.

Now when you navigate to the Enterprise Mode Enabled URL the following icon displays clearly to the user that it is in Enterprise Mode

Hope this guide was helpful to anyone wanting to deploy Internet Explorer 11 Enterprise Mode Centrally

If you need any help or advice please feel free to get in touch and we will run through your infrastructure deployment requirements and if you have any questions about the blog post please direct any questions to [email protected]

Windows 8.1 Update 1 Released

Microsoft have finally released Windows 8.1 Update 1 today, with a few nice touches to improve the user experience and also make the new metro interface more friendly for corporate environments. Iconic have already deployed this update and the effects are quite refreshing but are still being explored.

One of the key areas of Windows 8.1 Update 1 is to the desktop experience (shown below)

Here is a quick list of the improvements in Windows 8.1 Update 1 that can make life more effective when using the desktop.

Improvements include:

On certain devices the Power and Search buttons now appear at the top-right corner next to the account picture. This enables the ability to search and shutdown / restart more easily and is available from the Start screen. (See below)

Taskbar improvements – You can now pin both desktop apps and Windows Store apps to the taskbar, making it easy to open and switch between apps right from the desktop. When using a mouse, you can also see the taskbar on any screen by moving the mouse to the bottom edge of the screen.

Boot to desktop as default – At last something that makes Windows 8.1 more accessible for corporate users. Showing the desktop and icons is usually the preference for work environments and makes the transition from previous operating systems a little more palatable.

The Start screen and the desktop are more aligned – On the Start screen, if you right-click on a tile, you will get a context menu next to the tile that shows what you can do with the tile, such as pin to Start, or unpin from the taskbar, change the tile size or even uninstall the app.

Right-clicking on an app tile on the Start screen works just like right-clicking on something on the desktop which improves the end user experience.

Internet Explorer 11 Updates – With Windows 8.1 Update, Internet Explorer 11 detects your Windows device and input type, and adapts the browsing experience (such as the number of tabs on screen, the size of the fonts, and the size of the menus) accordingly. The most important feature though aimed at the corporate environment is the inclusion of IE11 Enterprise Mode. This mode will encourage businesses to transition to Windows 8.1 because of the Internet Explorer 11 Enterprise Mode This is a compatibility mode that runs on Internet Explorer 11 on Windows 8.1 Update and Windows® 7 devices, that allows legacy websites render using a modified browser configuration that is designed to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer, like Internet Explorer 7 or Internet Explorer 8. IE 11 Enterprise Mode can either be enabled using Group Policy or by using a Registry Key.

For full details on how to use Internet Explorer 11 Enterprise Mode follow this link to TechNet

If you need any help or advice please feel free to get in touch and we will run through your requirements and ff you have any questions about the blog post please direct any questions to [email protected]

Online Data Retrieval Error -Windows 2012 R2 Upgrade

Iconic have recently upgraded a large majority of our servers to Windows 2012 R2 – most of them were in place upgrades and resulted in the errors in Server Manager as shown and explained below.

Following an upgrade from Windows Server 2012 to Windows Server 2012 R2, upon opening Server Manager you may receive an issue telling you that you got an “Online Data Retrieval Error” as seen in the screenshot below.

clip_image002

This error arises because the event service is attempting to read an event log that no longer exists.

We can only assume that this event log is deprecated in Windows Server 2012 but we are investigating further.

The event log in question is Microsoft-Windows-DxpTaskRingtone/Analytic

A Review of the logs in the Event Viewer confirms this.

clip_image004

As does a manual inspection of the logs folder.

The simple answer to fix the error is to stop the event service looking for the log file by removing it from the registry.

Backup your registry keys before applying the below fix – this is just good standard practice

Delete the following key.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxpTaskRingtone/Analytic

clip_image007

Now return to Server Manager and refresh to see all is well.

Any questions or queries please email us at [email protected]

Forefront TMG and UAG TCP Offload

Introduction

TCP Chimney Offload Overview

TCP Chimney Offload is a networking technology that helps transfer the workload from the CPU to a network adapter during network data transfer. In Windows Server 2008 and 2008 R2, TCP Chimney Offload enables the Windows networking subsystem to offload the processing of a TCP/IP connection to a network adapter that includes special support for TCP/IP offload processing. TCP Chimney Offload is available in all versions of Windows Server 2008, Windows Server 2008 R2 and Windows Vista. Both TCP/IPv4 connections and TCP/IPv6 connections can be offloaded if the network adapter supports this feature.

More Information

We have come across various problems at customer sites where their ISA, TMG or UAG was behaving in a very strange way. The configuration within the management console seemed to be OK, and all other network components with which the ISA / TMG / UAG Firewall communicating with also seemed to be configured just fine. Still, we’d see strange problems like:

· OWA Web Publishing Rules performing very, very poorly

· PPTP VPN access failed to establish a connection, while L2TP did not experience any problems.

· Adding a second site-to-site VPN tunnel caused the existing VPN tunnel to go down, and no VPN connectivity was possible until the new tunnel was removed from the configuration.

· SMTP server publishing returned lots of failed connection attempts. Some mail would come through, but a lot of mail just failed to be delivered.

Over time we realize that all of these problems were caused by advanced Network card features that are supported in newer versions of Windows. ISA, TMG and UAG are sometimes unable to work properly if these options are enabled. Somewhere deep within the Microsoft documentation these options are mentioned, with the advice to turn all these options off.
Issue

Issue with slow connectivity to UAG portals, end point scanning and general behaviour issues

Resolution or Work Round

Disable TCP Offload

Please be aware that when modifying the network card, you will lose connectivity to the server for a short period of time and I would recommend that you can get console access to the server

The following configuration should be added to the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]

“EnableRSS”=dword:00000000

“EnableTCPA”=dword:00000000

“EnableTCPChimney”=dword:00000000

“EnableSecurityFilters”=dword:00000000

clip_image001

To confirm the settings use the following command - netsh int tcp show global

The output should look something like this:

image

If receive side scaling and/or chimney offloading are enabled, you can disable them with the following commands:

netsh int tcp set global chimney=disabled

netsh int tcp set global rss=disabled