microsoft, windows

Intranet and Mail hassles with Windows 8

Microsoft has made changes to networking in Windows 8, mainly I presume for security reasons, but there are odd side-effects, at least in the Release Preview version.

One is that if you browse to a site on your intranet in the Metro-style browser, you are likely to get a connection failure. This is what I get when trying to get to my Logitech Media Server (the Squeezebox server):

image

A bunch of useless, misleading suggestions and that is it.

The solution is to go to desktop IE, Tools, Internet options, Security, Trusted Sites, Sites and add the target URL to the list of Trusted sites. Now it works fine in Metro-style IE:

image

I got exactly the same behaviour with Outlook Web Access on the intranet. It did not work from Metro IE until I added the URL to Trusted Sites.

I am not sure if this is “expected behaviour”; I hope it is not, because it is a significant annoyance. The answer may lie in Microsoft’s Enhanced Protected Mode, described here, but although this states that Metro-style apps cannot connect by default to a server running on the same machine, it does not suggest that the entire intranet is blocked. The security benefits are also compromised if you can easily bypass them by running desktop IE.

While I am on the subject, I am still puzzled by the problems the Metro-style Mail app has with connecting to Exchange when this is configured with a self-signed certificate. I obtained a free SSL Cert from StartCom and confirmed that using a cert from a recognised issuer does fix the problem, though it is not a perfect solution for me because of the detail of my setup.

I would still like to know exactly what is stopping the self-signed approach from working. There are numerous discussions on the subject (this is one of the best) but I have not seen any definitive explanation from Microsoft. Following a suggestion from that thread, I have tried publishing the CRL (Revocation List) on the internet but that has not fixed it for me.

Security is great but we do want to get stuff done with our computers and some of this stuff just seems obstructive. Even if Microsoft is doing the right thing here, that is no excuse for false error messages. Mail, for example, reports “Unable to connect. Ensure that the information you’ve entered is correct.” How hard would it be to report a problem with the server certificate?