This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering issues using Microsoft Edge

Have run into a weird issue and wonder if anyone has seen this.

 

On our domain joined machines (only domain joined, issue does not present if not domain joined), we have been having issues accessing corporate URLs when using Edge.

 

The pages fail to load with the generic "Hmmm...can't reach this page" error from Edge.

 

After a long search it was discovered that the sites would load if the Sophos Web Filter service was stopped.  If you stopped this service, loaded any of the sites, you could then start the service and all would be well, even following reboot.

This led us to the discovery that stopping the service allowed for the writing of this reg key:

 

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabProcConfig]

"corporatedomain.com=dword:00000179

 

This works within Windows 10, but not Windows 7.

 

Any ideas how to resolve this issue?



This thread was automatically locked due to age.
Parents
  • We're also seeing this issue on our domain machines but only those that have 1709+ installed. Had a 2 hour webex with a developer last week in order to try and move things forward. Whitelisting the IP address of one site seems to mean that users can visit any site after visiting that one site. 

  • Does it help to add the URLs in IE to the trusted site list?


    Also, given the information here:
    https://blogs.msdn.microsoft.com/ieinternals/2012/06/05/the-intranet-zone/

    about how IE classifies the intranet zone.  If the problematic site is a.b.c.com for example, which resolves to 10.1.1.1, then you might expect that both:
    http://a.b.c.com and http://10.1.1.1 would both fail.  However to resolve the site without any '.' (dot) then a hosts file mapping of say:

    10.1.1.1 test

    Would then http://test work if it is then classified as local intranet.

    Regards,
    Jak

  • I've been experiencing the same issues.  Randomly thought it was a TLS Edge issue since it was all fine in Chrome/IE.  However, I did notice that the Edge DevTools showed the connection as Pending.  This suggested to me that the connection was blocked before it even got going and wireshark seemed to agree.  I didn't realise at that point that Web Control installed a local proxy.

    Having disabled Web Control, Edge starts working again fine.  One of my developers also noted that when she moved to the guest WiFi instead of our domain network, any website she was having a problem with magically started working.

  • jak said:

    Does it help to add the URLs in IE to the trusted site list?

    That does indeed help. However we have sites for research groups etc being added by the day and the list would be unmanageable.

    The developer I was webex'ing with has now replicated the problem in his environment which is a start...

    Creating the reg key seems the best "workaround" for the time being...

    Thanks

    Martin

  • What about using a wildcard for the parent domain, e.g. *.domain.com?

    Regards,
    Jak

Reply Children
  • This is still an ongoing case for us as well. We have tried to make exclusions to our affected sites, but that does not work. Rawcap or disabling the web control service is the only thing that allows the connection. Our case has been open for over a month now and our users are still unable to use edge with internal resources. This is occurring for us on all versions of Windows 10 (1607, 1709, 1803). 

  • Does is not help to add the sites to the intranet or trusted zone in IE settings?

  • I'm seeing this same problem with Sophos Endpoint Security on Windows 10 Versions 1709 and 1803. When I try to visit an affected website in Edge, I get a message from the browser that my connection reset and lists error INET_E_DOWNLOAD_FAILURE. IE, Chrome, and Firefox work without issue.

    In my case, I see this problem connecting to multiple sites hosted off the same Windows Server 2016 server running Microsoft IIS. The problem comes up if I connect by typing in the domain names or their IP addresses (I have two, neither work).

    Disabling real-time Internet scanning in Sophos allows me to connect. I've tried using real-time scanning exceptions to mixed success - 2 of the 3 domains I tested worked OK after I added exceptions, but one still did not. Adding an IP address exception worked when I tried going to that IP directly, but not when I connected to a domain name that resolved to that IP address.

    Interestingly, Sophos never increments any of the counters that show it has blocked anything. I don't see consistent logging of the issue either - I'll sporadically get a message that microsoftedgecp was blocked, but not every time there was a block.

    I'm using the TabProcConfig registry key settings as a temporary workaround, but this is hardly ideal.