IE Mode "Not Secure" on some parts of intranet site

Copper Contributor

Hello,
I'm trying to understand why Edge IE Mode is reporting that a new article on our SharePoint is "Not Secure". 

Opening the article under IE, Chrome or Edge (without IE Mode) doesn't give the error so only IE Mode think that something is wrong.

The only thing I see using Fiddler is a "HTTP/1.1 416 Requested Range Not Satisfiable" message about a video embedded in the page, could this be the issue?

Should be nice to have a troubleshooting tool for IE Mode as we can't start the developer tools 

Gerald

12 Replies

@Gerald Mathieu Thanks for reaching out!  It sounds like you might be encountering a similar issue to something that was discussed here recently.  Would you be able to take a look at IE Mode - Not Secure for internal websites - Microsoft Tech Community?  

 

Another possibility, since you mentioned a video on the page, might be related to mixed content.  We had this policy which is now deprecated:  https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#strictermixedcontenttreatmentena... 

 

-Kelly

@Kelly_Y I already tested the first link and it doesn't work with our issue.

If I understand correctly the explanation, this is used to hide the "Not Secure" message on websites that can't or don't use TLS.

I don't want to hide it, I want to know why only IE mode report that this new article is "Not Secure" on  the SharePoint, who is using TLS and has a valid certificate because it will happen again.

Maybe something you can report to the PG  it that it's a bit disturbing to have your browser pretending that your site is not secure but when you click on the error, you see nothing that explain why you have this error.  


When a end user see this, he don't understand why his intranet is not secure.

2020-11-26 09_16_37-Clipboard.png

We are in the middle of the migration from IE to Edge and it's not possible to promote a new Microsoft Browser if the built-in tools report errors we can't explain and that Chrome don't report.

It's hard to explain to an end user that it's because it's IE mode blablabla... The user don't care about technical issues, he just see an error and think this new browser is not reliable.

 

Gérald

 

I think I found the explanation. Using the debugging tools in Internet Explorer, I found this error, which is indeed linked to the video posted in the article:

2020-11-26 09_54_03-Clipboard.png

 

Why is IE Mode triggering a security issue if others browsers are ignoring it? 
It seems that IE mode is more strict than other browsers and this should be tuned.
The gpo can't be used here to hide the message because this is not Edge reporting the security issue but IE Mode.

Gérald 

@Gerald Mathieu Hi Gérald - Thanks for the feedback about this and the "Not Secure" message description.  I've reached out to the IE Mode team and will follow up with any insights/updates from them.  

 

-Kelly

Hi we have the same problem with IE Mode. Is there a solution for it?

@Bayram_Bostanci 

 

I also have this issue.  How do i get rid of the Not Secure. Main concern is our MS SharePoint Intranet site

 

@licensing287 @Bayram_Bostanci Hello!  Just to confirm, are you both experiencing the "Not Secure" message on your internal SharePoint sites?  Like the original post, does the SharePoint have a link to a video on a file:// URLs?

 

Thanks! 

 

-Kelly

Hi @Kelly_Y 

 

One of my customer has the same problem.

When can we expect an official fix from Microsoft?

My client urgently needs to replace Internet Explorer, but cannot do it, because MS Edge classifies its intranet site as insecure, despite a valid wildcard certificate.

 

Best,

Lucas

@Kelly_Y
We have the same issue. Our web application (silverlight based) runs fine on IE. When we run it on Edge (in IE mode), the address bar always shows Not Secure (and no reason is provided if I drill into that). The application still works fine. NOTE that the url in my case is a valid production endpoint with a valid server certificate that's returned (zone shown is: internet)

 

When running on IE, and checking into devtools > console, I see this (that seems to be a link to the silverlight install image )

SEC7111: HTTPS security is compromised by http://go.microsoft.com/fwlink/?LinkId=161376

@sundarpn @lmagoni Hello!  I'm not sure if you folks are experiencing the same thing but it could be related to how the browser reacts when "Passive Mixed content" (HTTP-served images, for example) appears within a secure, HTTPS-served page.

 

  • In IE11, the non-secure image reference simply hides the lock icon from the address bar.
  • In IE Mode in Edge, the non-secure image reference triggers the "Not Secure" text (rather than hiding the lock icon.) 

Do you have HTTP content on your pages?  

 

-Kelly

If you are running a Silverlight app in Edge IE mode, make sure the http: references on your home page are changed to https:.  The default links to the Silverlight support pages are http:

 

Capture.JPG