Yup, same issue we had. :) Last I heard, Bluecoat will direct you to the same KB article, but the fix has to come from their end. The registry fix will just disable that new feature until they support it. The registry DWORD update you'll need to apply is most likely the client one. We didn't need to use the server value. It was pretty consistent for us where we couldn't go to any Google web site through any version of IE, but it may be based on however your appliance was configured. We also couldn't go to www.virustotal.com.
Problem with that MS15-121 update is that you must install that with MS15-115, MS15-121 and MS15-122 in that order. While we were troubleshooting the issue, we removed all three updates (in reverse order) to get it working again even though it was MS15-121 related. Not sure what will happen if you just pull that one update out. Once someone pointed out that KB article, we rolled that fix out and will now proceed with deploying the three updates again. From: [email protected] [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Monday, November 16, 2015 1:50 PM To: [email protected] Subject: [mssms] RE: Nov Patches break google? We do have a web proxy that inspects and re-signs https traffic (Bluecoat). Google is not broken for most of our computers - less than 1 or 2%. My computer just reinstalled the November updates following a system restore (which "fixed" the problem) and now I can't get to google again. I will check out the MS15-121 stuff about schannel. More... Creating that DWORD to disable the security feature did correct the problem. Thanks. I will investigate whether the Bluecoat proxy can be updated to account for this problem or discuss the implecations of that registry edit with the security office. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Edward Woo Sent: Monday, November 16, 2015 3:32 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Nov Patches break google? Do you have some kind of web content inspection proxy on your network? It's most likely related to a feature added in MS15-121 for the Extended Master Secret Transport Layer Security. If you check out the known issues at https://support.microsoft.com/en-us/kb/3081320, you'll see the registry changes you may need to make to your client PCs to disable the feature. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Monday, November 16, 2015 1:21 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] Nov Patches break google? My own machine and several others have had this problem since applying November patches. The percentage of broken systems is very low. Following November updates, I am no longer able to visit any *.google.com web site using internet explorer. Alternate browers continue to work. In order to fix, I tried upgrading from IE 10 to IE 11 which had no effect. I tried logging in as an new user onto the broken computer. It was broken for all users on the computer. I AM able to visit foreign google sites like www.google.co.uk<http://www.google.co.uk> - just not google.com. I get an almost immediate "The page can't be displayed" It will still redirect from http -> https://www.google.com but the site doesn't load. It is also broken for the whole domain. IE maps.google.com. Groups.google.com... I did a system restore and that corrected the problem. Not sure what is going on. Is anyone else in the same boat? Any ideas about a solution. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
