Microsoft Edge Version 110.0.1587.63 crashing on web sites that use Username and Password Authentication - had to downgrade back to Version 108.0.1462.95

ChevITGuy 26 Reputation points
2023-03-09T16:10:22.3266667+00:00

This is somewhat a CRITICAL situation. We have been moving through the various Microsoft Edge versions for quite some time now without issues. However, with Microsoft Edge Version 110.0.1587.63 I have experienced many "drops" from both internal on-site and off-site websites that require User-Name and Password authentication. We do have the "MicrosoftRootStoreEnabled" GPO setting set to DISABLED ( 0x00000000 ) in our GPO setup. I have not tried enabling it as we have many local Printers with self-signed certificates in our systems. Currently, Version 110 should use BOTH Browser and System certificate store, but we decided to start with the Browser store disabled for now. The problem shows itself as a "crash" of the website session after a short period, requiring a new login that many times works OK. I started noticing this after a normal Microsoft Edge update from Version 108 to the March 9, 2023 available Version 110. The ADMX/ADML GPO files are in place as usual and two other Version 110 GPO's are also set to DISABLED: AutofillMembershipsEnabled and SearchFiltersEnabled (Version 109), as well as, LinkAccountEnabled and TextPreditionEnabled settings.

We need to have this situation FIXED ASAP or we need knowledge of Edge Flags settings or other GPO's we haven't configured, that may reliably resolve this issue. We cannot change the websites as many are on the Internet and not on our Intranet. Everyone's productive help is greatly appreciated. Both Windows 10 Pro X86 and X64 Feature 22H2 systems are experiencing this issue.

ChevITGuy

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,107 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. ShiJieLi-MSFT 7,136 Reputation points Microsoft Vendor
    2023-03-10T08:09:18.5566667+00:00

    Hi @ChevITGuy ,

    According to the description of MicrosoftRootStoreEnabled policy, "when this policy is not set, the Microsoft Root Store or system provided roots may be used".

    Another document says:

    Even after the change, in addition to trusting the built-in roots that ship with Microsoft Edge, the browser will also query the underlying platform for—and trust—locally installed roots that users and/or enterprises installed. As a result, scenarios where a user or enterprise installed additional trusted roots to the host operating system's root store should continue to work.

    So, you can try leaving this policy unconfigured and see whether this issue still occurs. Also, you can test in Edge Dev, which is now 111.0.1661.36.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,

    Shijie Li

    0 comments No comments

  2. ChevITGuy 26 Reputation points
    2023-03-14T17:15:07.8866667+00:00

    Thank you for your reply, ShiJie Li! I have updated Microsoft Edge to Version 110.0.1587.69 now (before yesterday's Version 111 was posted) and set MicrosoftRootStoreEnabled to NOT Configured to get it OUT of the Discussion. When trying to login to our Fortinet VPN, the login is successful and the frdsviewer package is activated to login to my Windows 10 Pro X86 Feature 22H2 system at my workplace. Generally, within 60 seconds the Fortinet frdsviewer process unexpectedly CLOSES and then an attempt to restart it yields a Session Expired notice and the VPN session is TERMINATED. Microsoft Edge does not drop and the login panel for the VPN site can be used to login again. This also occurs when accessing our payroll and timeclock web site. The website drops back to the Sign-In panel, but Microsoft Edge continues to run. Now the most annoying is our Internal IT Ticketing website/database that we've subscribed to for YEARS (with updates). While posting a fix for a user's Ticket, the IT Ticketing website suddenly "loses authentication" and drops back to the sign-in panel! Returning the Windows 10 Pro Feature 22H2 PC back to Microsoft Edge Version 108.0.1462.95 resolves the issue. Either I have a GPO setting that Version 110 does not like or Version 110 has quite a big problem. What is troubling is that others haven't posted (yet) on this issue OR I haven't yet found any posts. We have 55 to 62 GPO settings applied plus HideSideBarEnabled under Recommended set to 0x0, all 9 Sync Types disabled, along with EdgeUpdate GPO settings. We match the version of the ADMX/ADML files to the running version of Microsoft Edge in Group Policy. I'm not sure how to troubleshoot this. I may try an installation with NO GPO's set and see how that testing goes.

    CheITGuy

    0 comments No comments

  3. ChevITGuy 26 Reputation points
    2023-03-14T17:46:29.4166667+00:00

    UPDATE! It is NOT necessary to use the Fortinet frdsviewer process to witness a "loss of authentication" - Session Expired drop. I waited 10-30 seconds BEFORE selecting a host to login to on the VPN's selection panel. Each time, the "Session Expired" problem occurred. I closed the Microsoft Edge browser and then restarted it and logged in to the VPN site again. Same result. I then went back to the PC running Microsoft Edge Version 108.0.1462.95 and stayed on the host selection panel of the VPN website for well over ONE MINUTE. NO unexpected behavior occurred!

    I then went to the PC with Version 110.0.1587.69 and logged in to the VPN site and selected a host. The "session expired" incident occurred and then I logged in again immediately and selected a host where I have typed this posting on. The frdsviewer process appears to NOT be a part of the incident/issue. I will likely repeat this test to our payroll/time-card site.

    ChevITGuy

    0 comments No comments

  4. ChevITGuy 26 Reputation points
    2023-03-14T19:30:09.2466667+00:00

    GPO settings: StartupBoostEnabled set to 0x00000000

    NewTabPagePrerendererEnabled set to 0x00000000

    NewTabPageAppLauncherEnabled set to 0x00000000

    SleepingTabsEnabled set to 0x00000001 with Timeout of 900 seconds (15 minutes)

    BackgroundModeEnabled set to 0x00000000

    BrowserSignin set to 0x00000000

    ConfigureDoNotTrack set to 0x00000001

    EncryptedClientHelloEnabled set to 0x00000000

    EventPathEnabled set to 0x00000000

    PaymentMethodQueryEnabled set to 0x00000000

    QuicAllowed set to 0x00000000

    SmartScreenEnabled set to 0x00000001

    GuidedSwitchEnabled set to 0x00000000

    LinkedAccountEnabled set to 0x00000000

    There are many others, of course. The Background Sync setting is set to BLOCKED. Payment Handler Install is also BLOCKED. These settings need to be implemented in GPO's !!! While driving in to our company site, I recalled that when Microsoft Edge is NOT running by user invocation, NO Microsoft Edge processes are desired to be running. This is one of the bases for our GPO settings.

    Microsoft Edge Update is BLOCKED by GPO/Registry settings, of course. As this is a BUSINESS, nearly ALL of the consumer/home settings for Microsoft Edge such as Shopping or Rewards or Autofill or Auto-Importing are DISABLED by GPO. We are debating whether or not Passwords should be stored at all. I do NOT allow passwords to be stored in my own Microsoft Edge browser installations by my own browser settings.

    ChevITGuy


  5. ChevITGuy 26 Reputation points
    2023-03-20T19:33:35+00:00

    ANSWER: The "Enable the network service sandbox" GPO was set to NOT Configured and all testing on three Windows 10 Pro X64 PC's at Feature 22H2 on Intel Core2Duo E8400 processors with at least 4 GBytes of Main Memory was SUCCESSFUL. No other GPO's were changed. At least 3 company VPN logins were attempted with NO "session expired" events occurring on each PC. Next, one of the IT department PC's at Windows 10 Pro X86 on Feature 22H2 with Intel Core2Duo E8500 processor (4 GBytes of RAM) was updated to Version 110.0.1587.69 with the same ADMX/ADML files for that version. Again the "Enable the network service sandbox" GPO was set to NOT Configured and gpupdate was run. Testing an internal IT Ticketing website and the payroll/timecard website were SUCCESSFUL with NO session dropping observed. This GPO is not normally enabled on the Domain systems, so it is possible that updating to Version 110 would have been uneventful!

    End of Story. Thanks to to ShiJie Li for stimulating the GPO search. Luckily it was the FIRST one I picked that resolved the issue for now. The Microsoft Edge team needs to evaluate if this "Enable the network service sandbox" GPO setting has a problem or not.

    ChevITGuy

    0 comments No comments