May 17 2022 04:12 AM
May 17 2022 04:12 AM
We are in the process of setting up a policy for organizational users using Edge and GPO.
We have had a few hickups, two of which I would be happy for assistance with fixing.
It's important that all the fixes are via the GPO settings (ADMX as of build 101 of Edge).
The first issue is that when the browser starts, we want it to open to our organizational portal, but it opens to "edge://newtab". We managed to set the home page (when you click the home icon) to our portal, but can't figure out how to get Edge to always open with our portal as the main page.
The second issue is even more problematic.
On some external web sites, even those you would not expect to get it, we get a "Your connection isn't private" message (when trying to browse to "www.google.com" for example. and the internal error is "NET::ERR_CERT_NO_REVOCATION_MECHANISM"
We don't have this issue with IE or chrome to the same websites on the same ws's. And we don't have this issue with internal websites.
Anyone have any idea why this is happening only on Edge and what the parameter that could be causing this ? Again, it does not happen on all web sites.
Some web sites that give this error allow us to move forwards, while others like google, won't even allow that.
Would appreciate any help.
May 17 2022 04:27 AM - edited May 17 2022 04:42 AM
Regarding the first issue: Did you configure "Action to take on startup" -> "Open a list of URLs" with the page you want to open on the list?
Regarding the second issue: probably, you don't have the same issue in IE and Chrome because they are not hardened. How many hardening configurations do you have? You can try to remove them step by step, for example, 10 in each step, and then check if Edge starts working properly. Thereby you will be able to find the root cause of the issue with the connection.
May 17 2022 04:38 AM
May 17 2022 05:10 AM
Yes, please, try to write it in the "Sites to open when the browser starts" area.
Here you can find some useful information Sites to open when the browser starts.
Regarding the second issue: probably, you restricted some cipher or encryption types in Edge that are not supported by some websites and that are supported by other.
May 17 2022 05:01 PM
May 17 2022 09:56 PM
So I did as you suggested and looked at the certificate, and indeed, it seems as though our systems are generating a new certificate for www.google.com (See attached picture).
What is odd to me is why I do not see this problem with the Chrome browser or Firefox, but only on the Edge, and I am pretty sure it has to do with one of the settings we have set, I just don't for the life of me know which one.
We are currently using a proxy from Broadcom (to be replaced in a few months) from Symantec.
Any pointers as to what setting may be causing this issue on Edge only ?
We have hardened the Chrome as well as a side note.
Thanks for the help so far,
May 17 2022 11:05 PM
Based on what you said, I looked over my parameters and found the following setting:
"Specify if online OCSP/CRL checks are required for local trust anchors" Which we had set to Enabled. As per the explanation "If Microsoft Edge can't get revocation status information, these certificates are treated as revoked ("hard-fail")." The moment I set this back to Not Configured, everything started working again.
So thank you for your excellent assistance.
Since I can't mark two posts as Best Response, and since I got the help I needed from you and from @mikhailf I hope you will both accept my thanks alone in this.