03-12-2018 06:40 AM - edited 03-12-2018 06:43 AM
03-12-2018 06:40 AM - edited 03-12-2018 06:43 AM
From 3/2/2018, when I access my SharePoint site the following certificate site? is displayed.
And request me to type account and pw.. Although I entered my PW I cant access my sharepoint site. I want to know why? And how can I access my site.
So I want to ask the following questions:
1.When I access the above URL Office 365 sign in page is appeared what is the relationship between Microsoft?
2.Since today Microsoft is beginning to use the [nrb.footprintdns.com] domain?
3. What is the purpose that Microsoft use the [nrb.footprintdns.com]?
4. I googled and I found the following site. And I can also search the domain [37CFD84CE79EF6104C98E018AE6ABD10.nrb.footprintdns.com] in there.
I really don’t understand why microsoft use the thteats? Site for what purpose DNS?
I did not have this situation previous to 3/2/2018.
Can anyone tell me how to resolve this situation..
I do not have any certificate knowledge so I will very appreciate if anyone can tell me the reason simply.
04-17-2018 10:08 AM
Can someone explain the purpose of *.footprintdns.com domains? To be specific what *.nrb.footprintdns.com does? Something weird about this domain.
06-25-2018 05:09 AM - edited 07-02-2018 01:41 AM
I'm also seeing network traffic for this domain and it seems to be loading a 1px .gif image to the page.
The problem here is that the image takes multiple seconds to be loaded!
06-27-2018 02:22 AM
Why is there no response from Microsoft on this?
This domain is blocked by my adblocker under the category "Spyware filter" though it is clearly owned by Microsoft.
We need an official explanation of what this is doing. Most importantly, we need to understand why this is not listed in the official URL list for Office 365.
We also need to know the impact of this domain being blocked which is clearly is being by some security tools.
08-13-2018 11:07 AM
Fiddler to my sharepoint site displays this: The server (0d255cb7441615dbb825de4d81cddac7.nrb.footprintdns.com) presented a certificate that did not validate, because it was issued to a different host.
08-21-2018 01:37 AM
Well since Microsoft have declined to respond. I recommend that everyone just blocks access to the domain.
08-24-2018 04:07 PM
I want to report that I have seen this as well. I have multiple kiosk computers with traffic going to these *.nrb.footprintdns.com sites. All we are doing is logging into Office 365 and using Outlook Online and Online Office Apps on these kiosks. I have them locked down from browsing any websites except approved. Can someone please find out why Microsoft is directing traffic to these sites? They are not listed in the official Office365 URL list.
10-02-2018 04:05 AM
Any progress with knowing what this URL - nrb.footprintdns.com is for? Detecting it from user using o365 services.
10-04-2018 06:48 AM
10-19-2018 04:21 AM
(just click the link if you want to read the source code)
12-08-2018 09:33 AM
Still no response from MS ? Till today it was silent, but now, all the computers are getting this message, and the firewall installed is blocking it (the security certificate is not from a known or approved agency) Anyway, it isn't affecting the operation, so I think it is immaterial, except the nuisance value. But which group of microsoft is tryying to fish here ? The Office 365 group or the windows ?
12-08-2018 02:46 PM
12-08-2018 06:12 PM
My KAV is blocking access due to invalid certificate past 2 days now, too, saying, that these domains are accessed by Outlook. I saw the same in the past, but way less frequently.
12-08-2018 08:53 PM - edited 12-08-2018 08:55 PM
Not sure if this is the place to post, but as others have identified Microsoft Office and Outlook as involved, I'll make my contribution.
My Kaspersky Total Security application is identifying an invalid certificate. The source program is listed as Microsoft Office in the popup. The certificate in question lists the related certificate site as outlook.live.com, and the detailed report lists the involved program as Microsoft Word! I have attached the pertinent screenshots. As you can see, the issue is very repetitive, with a different prefix for the url each time. Comment would be appreciated.
12-08-2018 09:16 PM
I wonder, are we all 'affected persons' under KAV protection?
I just checked up the log of KAV, and it seems quite interesting. It has blocked the footprint not only for outlook but for others too , like ms-excel. Probably if I open up other ms-office files it would do it the same for others.
The domain name "Foot-print" does not seem to be too innocuous.
In addition there is something else too.... probably you people could check up - KAV has blocked several other programs (all windows) - from data mining from other files !
I wonder is Microsoft illegally trying to acquire data ?
Is it the reason why they are silent on this topic ?
Things look too Phishy.
Despite the Russian connection, may be we have to be thankful to Kasp
12-08-2018 09:33 PM - edited 12-08-2018 09:35 PM
I also decided to post on this in the Office 365 community, as all seems related to Office applications.
12-08-2018 11:53 PM
Apparently this domain is exclusively being used bij Microsoft to track your activity. That also explains why applications like Outlook and Excel both use it, but also website like Office365 and SharePoint. It looks like only authenticated users are being tracked, but I'm not totally sure.
The reason why Kasperspy comes up with an issue about the authenticity of the domain is rather simple: some application is trying to access a domain (*.nrb.footprintdns.com) while the channel (outlook.office.com or live.com depending from the application you use) uses a certificate that does not match the url.
So why is Microsoft doing this? Well, that's (sort of) easy. Tracking your users' activity helps improving the product. Okay, that's the political/marketing way of saying it of course. But for business reasons Microsoft is also collecting data from their users, for all kinds of reasons. I would never expect a company like Microsoft to sell data like this (for it would mean their destruction). But using it for ads, improving their products, statistical data for having the best availability will be among the reasons.
Also technically it's a good practise to use a separate service for this kind of activity. Being such a large company it's no surprise MSFT connected it to a different domain. Although it surprises me that they didn't use a microsoft.com domain.
12-09-2018 12:07 AM
I do know that they try to track, but naturally I won't like to be tracked, even when I am not doing anything that "deserve" to be tracked :-)
And doing it for the authentic (i.e. licenced) users, is something I won't even appreciate.
User Experience improvement ? I am old-timer, and I won't agree to, at the cost of invasion of privacy. Whether my data is being sold or not is immaterial. The raw data is collected, and I am sure is stored. The statistical report is next stage, and no one destroys raw data, even after the concise report is generated (at least as ex-student of Statistics, I won't, since these could be used for some further study, on some other aspect).
By the way, the Kasp had, when I checked, blocked Chrome browser too. That was done without notifying me. I am thankful to Kasp, except that they shouldn't bother me by notifying, let them just block these. May be I would have to tell Kasp, that after a few "Disallow" s, they could as well black-list these domains, for my subscription at least.
12-09-2018 12:35 AM
Came here for the same reason. Since yesterday KAV has been informing me about the SSL connection *.nrb.footprintdns.com
What really irks me is that I pay Microsoft for this software.
12-09-2018 12:38 AM
Well, it looks we are paying Microsoft to snoop on us :-)
(the silence of Microsoft team on this subject is speaking)
12-09-2018 03:38 PM
This issue is discussed at "https://forum.kaspersky.com/index.php?/topic/291160-cannot-guarantee-authenticity-of-the-domain-to-w...".
12-09-2018 06:49 PM
Simple- Kasp says that the domain safety certificate is issued by some one, on whom either Kasp has no confidence on, or doesn't even know about it. In that case, the domain could be safe, could be unsafe (hackable), or could be even malicious by itself.
If I have Kasp on, I will go by its advice. Even if it is against MS' own domain (which it isn't, but is a sub-let domain). Let MS do its security analysis and ensure that the firewalls don't flag it down.
12-09-2018 08:39 PM
This domain was detected as part of a peice of software called password viewer. this peice of software is malware that sends all trafic to a godaddy server.
You can protect yourself from this by removing it with malwarebytes.
However the trojan that installs it is removable with superantispyware.
I recommend running these before allowing the connection.
12-09-2018 11:56 PM
Over here the same with Outlook now. I did add *.*.footprintdns.com to KAV which did not stop the Certificate pop-up warning ... but in the block logs of Parental Control this shows up numerous times:
https://*.nrb.footprintdns.com/apc/trans.gif (the * is a random batch of numbers and letters).
I presume this is a tracking pixel of some kind? And presume it is embedded in the GUI of Outlook?
Anyway, it all is very strange to say the least ....
12-10-2018 04:57 AM
Well, for me Kasp takes care, by keeping that fellow incommunicado. But probably that may be a doubtful information, since these are the Microsoft servers domains, unless Microsoft itself is compromised or are deliberately compromising their official, licenced users.
12-11-2018 11:31 AM
I cannot comment on Sharepoint, Word, Excel etc etc etc but I did notice it when using Outlook 365. Noticing this certificate issue for myself on my computer, I did some research and discovered that if you turn off the "Coming Soon" button in the top right corner of Outlook, the "Invalid Certificate" issue went away.
It seems to me that by activating this part of office, it is allowing Microsoft to send adverts about their products. I am lucky that I am using Windows 7 where that OS was never designed to be one large advertising platform where Windows 10 is.
I haven't investigated too deeply but after seeing this thread, I though I would give my 2 cents worth. I hope it helps some people out.
01-07-2019 05:41 PMSolution
The domain nrb.footprintdns.com is owned by Microsoft and represents servers in Microsoft datacenters. It is used for telemetry purposes that comply with Microsoft privacy commitments that you can read about at: https://products.office.com/en-us/business/office-365-trust-center-privacy. Data sent to this domain is used to identify network connectivity and performance issues and to support improvements to the service. We have plans to rename it to be more descriptive, and to publish it at the Office 365 IP Address and URL publishing site at http://aka.ms/o365ip. If you have any problems using Office 365 related to this, please raise a support incident so that we can assist at https://support.office.com/
01-14-2019 08:09 AM
How can I disable and/or opt-out of this service?
Our SharePoint implementation is extremely slow. Hundreds of files are downloaded on every request, many of them unnecessary, and this represents a large portion of them. I'm trying to speed up the user experience. Please do not respond by saying it is a necessary feature, or that it doesn't affect our site, because both of those responses would be wrong and unhelpful.
01-14-2019 08:26 AM
If you are getting that kind of problem, it sounds like your caching policies aren't quite right.
I just did a quick test loading a SharePoint document library and I got just 83k transferred. A 100 or so requests.
The issue raised here wasn't a performance one but an identification and security issue which Microsoft have finally answered.
However, I can say that I blocked this domain for quite a long time and didn't see any issues.
01-14-2019 08:39 AM
Thanks! I will try blocking this domain.
Regarding caching, everything seems to be cached except for client-side web part queries (as expected), footprint activity (calls from fp.js), and a vast array of owa/o365 calls. It's the latter two that I'm trying to eliminate from my site. I don't need alerts from O365, and I don't want to participate in "customer improvement" programs.
01-14-2019 09:34 AM
Hi @dmcclellan, I will pass your question on to the team that owns this domain. Regarding your performance issue with SharePoint Online, I'd encourage you to ask Microsoft Support of you haven't already.