FortiGate HTTPS Error

KB ID Article

Problem

While attempting to connect to a FortiGate firewall (with Firefox over HTTPS) you may see this error;

Secure Connection Failed

An error occurred during a connection to {x.x.x.x} SSL received a record that exceeded the maximum permissible length error code : SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem

Solution: SSL_ERROR_RX_RECORD_TOO_LONG

My colleague went all round the houses trying to fix this, then asked If I knew what was wrong, annoyingly one Google search gave me the answer;

You can only manage the FortiGate via HTTP when using an evaluation licence!

Related Articles, References, Credits, or External Links

NA

mac OSX: Opening JNLP Files?

KB ID 0001767

Problem

I needed to get onto a HPE server’s iLO at work today. I was using Firefox and the .Net extensions no longer work, so I was forced to use Java web start. Annoyingly that opened my Windows 10 VM (that runs in VMware Fusion), then it fell over!

So the problem is, I need to be able to ‘RUN‘ jnlp file on my MacBook, but there’s no Java application in the applications folder.

Opening JNLP Files (mac OSX)

Try to execute the jnlp file again, but under ‘Open with” Select Other.

Select your hard drive, then System > Library > CoreServices > JavaLauncher.app > (Tick Do this automatically for files like this from now on.) > Open.

Now the file will get blocked by security (if you’ve done anything technical on a Mac you should know how to get round that) Click the Apple Icon (at the top of your screen) > Preferences > Security and Privacy > General Tab > Open Anyway.

You might get some further Java warnings but you should now be able to run the application.

Related Articles, References, Credits, or External Links

NA

Microsoft Edge on Server 2019/2016 (and Citrix)

KB ID 0001657

Problem

In a fit of lunacy Microsoft have called ‘their’ new browser Microsoft Edge, so we can spend the next few months confusing it with Edge. Plus every Google search for GPO settings, error messages etc will all now show search results for the old Edge Browser not the new Microsoft Edge browser! Perhaps the same doofus at Microsoft who called the Exchange sync Active Sync when Microsoft already had a product called Active Sync was involved?

Anyway I got a request from a client this week to have Microsoft Edge on their Citrix environment, there was some confusion (imagine that), because Edge does not work on server 2016, (and it’s not shipped as part of server 2016), but would Microsoft Edge work?

Installing Microsoft Edge on Server 2019/2016 (With IE11)

Why is Internet explorer still alive? Anyway If you want to install Edge on a modern Windows server firstly ensure you are fully up to date with updates! Then open IE. Internet Options > Security > Custom > Scripting > Enable Active Scripting > OK > Yes > Apply > OK.

 Then go to https://www.microsoft.com/en-us/edge/business and install it manually.

Microsoft Edge on Server 2019/2016

The first test was, ‘would it run on Server 2016’, it detected the OS as Windows 10 (unsurprisingly), and installed fine;

Microsoft Edge on Remote Desktop Services

Well Citrix is really just Remote Desktop Services in a leather jacket, so the next test was,’ would it work in RDS?’ I span up an RDS farm on the bench, and was pleased to see I could select Microsoft Edge as a RemoteApp, (not that I needed to deploy it using RemoteApp, but it being detected was promising).

And in an RDS session it worked faultlessly.

Deploy Microsoft Edge on Citrix (Server 2016)

Here’s where we had a problem, it installed fine, but every time I went to open it, all I got was a ‘white screen’ for about 5 minutes, after this it burst into life, which I couldn’t really ask the client to put up with!

As this was happening when I launched the browser I ‘wrongly’ assumed it was a ‘first run‘ problem (for the uninitiated, previous Microsoft browsers got an annoying ‘how do you want to set the browser up’ routine, then finally dumped you on the MSN webpage, (does anyone actually use the MSN webpage?) While it didn’t cure my problem it’s worth mentioning how I stopped the first run dialog happening);

Controlling Microsoft Edge with Group Policies

If you are used to importing ADMX and ADML files then this will be a breeze to you. If you are really interested I cover the subject in great deal in the following post;

Setup up a Central ‘PolicyDefinitions’ Store (for ADMX files)

Essentially download the latest msedge.adml and msedgeupdate.adml files and (on a Domain controller,) copy them to;

[box]

C:\Windows\SYSVOL\{domain-name}\Policies\PolicyDefinitions\en-US

[/box]

Note: Other Input locales are available, my servers are using English (US).

Then copy the msedge.admx and msedgeupdates.admx files to;

[box]

C:\Windows\SYSVOL\{domain-name}\Policies\PolicyDefinitions

[/box]

Microsoft Edge Stop ‘First Run’ With Group Policy

The two policies I used are both located at;

[box]

Computer configuration > Policies > Administrative Templates > Microsoft Edge

[/box]

Microsoft Edge: Stop Importing of Bookmarks/Favourites

Locate: ‘Automatically import another browser’s data and settings at first run‘ > Enable the policy, and select ‘Disable automatic import and the import section of the first run experience is skipped‘ > Apply > OK.

Microsoft Edge: First Run

This will disable the entire first run dialog;

Locate: ‘Hide the First-run experience and splash screen‘ > Enable the policy > Apply > OK.

Then either wait or force a policy refresh.

Deploy Microsoft Edge on Citrix

As it was working in RDS and not working on Citrix, then the problem was probably Citrix*. Citrix is one of my weaker subjects, so credit for the actual fix should go to my colleague (Dan Brookes). 

*After I had discounted existing group policies, and other installed applications.

Running Microsoft Edge while it was ‘hanging’ and looking at what was going on in ‘Process Monitor’ showed a lot of hook64.dll entries;

This pointed to the culprit, open the registry Editor (regedit) and navigate to;

[box]

HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > CtxUvi

[/box]

Locate the UviProcesExcludes REG_SZ value, edit it and add ‘msedge.exe;‘ to the end.

Theres probably one service you can restart, but I simply rebooted the server, (problem solved).

FSLogix and Microsoft Edge

If you are running FSLogix you should also add an ‘exclusion’ to the Redirections.xml file, (located in your \\{domain-name}\NETLOGON folder).

[box]

<Exclude>AppData\Local\Microsoft\Edge Dev\User Data\Default\Cache</Exclude>

[/box]

 

Related Articles, References, Credits, or External Links

Microsoft Edge (macOS) Migrate Bookmarks from Safari