Applies To:

Show Versions Show Versions

Supplemental Document: Windows 8.1 Support Notes

Original Publication Date: 11/25/2014

Windows 8.1 Support Notes

The following document describes current limitations, known issues, and fixes in BIG-IP APM to support Windows 8.1 clients and Internet Explorer 11. This document also describes known issues for Windows 8.1 Inbox F5 VPN client. While these limitations and known issues are true for the predefined set of versions/hotfixes mentioned in this support document, we highly recommend that you refer to the product release notes as they become available to find the latest and updated information on these limitations and issues.

Limitations, Known Issues, and Fixes in BIG-IP APM for Windows 8.1 support

Limitations

ID

Title

Summary

386472

Rewritten Sharepoint uses HTTP instead of DAV when user open file through direct link or context menu

Windows 8 does not share persistent cookies between the browser and Office components. This prevents session management tools like APM from connecting Windows 8 clients with Sharepoint services.

Limitation with Windows 8/IE10, Windows 8.1/IE11, and Sharepoint.

The Microsoft case number is 112090575901186.

431216 [NA][WIN] Client proxy settings do not work when using NA with IE 11

Internet Explorer does not recognize Proxy Auto-Configuration (PAC) files specified with the "" prefix. As a result Client proxy settings does not work when using Network Access with Internet Explorer 11.

This is a Microsoft issue: IE11 does not recognize PAC files specified with the "" prefix.

As a workaround, enable the Client Proxy Uses HTTP for Proxy Autoconfig Script option in the Network Access resource.

This limitation is fixed in 11.5.0, 11.4.1-HF2, 11.4.0-HF4 and 11.2.1-HF10.

431776 Protected Workspace disabled on Windows 8.1

This temporary fix disables Protected Workspace on Windows 8.1. Windows 8.1 users will be directed to the fallback branch in APM Access Policy

435566 Internet Explorer 11 always prompts to save credentials on the APM logon page

As part of the password management improvement, IE11 ignores the autocomplete=off option for the password input field. Therefore, a notification bar at the bottom of the page prompts you to choose a password saving action.

Fixed Issues

ID

Title

Summary

Fixed on

430965

NA cannot be used after reinstallation on Win8.1/IE11[BSOD]

Windows 8.1 changed the format of hardware IDs strings it exposed a bug in VPN driver installer. As a result, the driver installer did not properly remove the VPN driver from Windows 8.1.
Subsequent driver re-installation caused Windows to crash [windows core dump]. Now, SetupDiGetDeviceRegistryProperty returning hardware IDs with spaces were replaced with underscores to allow the VPN driver to uninstall successfully.

Hotfix-BIG-IP-11.4.1-625.1-HF1

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.2.1-1217.59-HF10

Known Issues

ID

Title

Summary

Found on
431076 Windows crashes when connection establishes after deleting urfltv64.sys If you delete the file %systemroot%\system32\drivers\urfltv64.sys, Windows will crash when establishing a VPN connection. Hotfix-BIG-IP-11.4.1-635.0-HF2
424587 Sharepoint 2013 homepage can display JavaScript error in Internet Explorer 11 when it runs through APM content rewrite The Sharepoint 2013 homepage cannot successfully render in Internet Explorer 11.

Hotfix-BIG-IP-11.4.1-635.0-HF2

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.2.1-1217.59-HF10

Hotfix-BIGIP-11.4.0-2425.0-HF4

432333 Java Application Tunnels do not work when Internet Explorer runs with Enhanced Protected Mode

By default, Internet Explorer 11 starts with Enhanced Protected Mode and browser process runs inside the AppContainer. Enhanced Protected Mode(AppContainer technology) in Internet Explorer 11 prevents interception of connection requests. App Tunnels cannot redirect traffic to proxy running on loopback address.

As a workaround:

Disable Enhanced Protected Mode in Internet Explorer 11 or add a backend server to Trusted or Intranet Sites List.

Hotfix-BIG-IP-11.4.1-635.0-HF2

433982 APM Portal Access does not detect Internet Explorer 11

Internet Explorer has changed user-agent string format and APM Portal Access feature does not always recognize it correctly. As a result some sites can displayed incorrectly in Internet Explorer 11.

Hotfix-BIG-IP-11.4.1-635.0-HF2

431076

Windows crashes when connection establishes after deleting urfltv64.sys

If you delete the file %systemroot%\system32\drivers\urfltv64.sys, Windows will crash when establishing a VPN connection.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

424587

Sharepoint 2013 homepage can display JavaScript error in Internet Explorer 11 when it runs through APM content rewrite

The Sharepoint 2013 homepage cannot successfully render in Internet Explorer 11.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

430965

NA cannot be used after reinstallation on Win8.1/IE11[BSOD]

Windows 8.1 changed the format of hardware IDs strings it exposed a bug in VPN driver installer: As a result the driver installer did not properly remove the VPN driver from Windows 8.1.
Subsequent driver re-installation caused Windows to crash [windows core dump].

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.2.1-1217.0-HF10

431375

[VDI] Citrix HTML5 client doesn't work with IE11

Citrix HTML5 client does not work with IE 11.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.4.1-625.1-HF1

432484

Windows Client Checkers does not work if Enhanced Protected mode is enabled on Internet Explorer 11

Windows Process Checker does not work if Enhanced Protected mode is enabled with Internet Explorer 11.

A workaround is to disable Enhanced Protected mode by adding BIG-IP VS into the Trusted sites List.

Hotfix-BIG-IP-11.2.1-1217.59-HF9

431337

OWA 2013, IE11 throws JavaScript error when you click LinkedIn button.

The "LinkedIn" button is a part of the new feature in Outlook Web App 2013 - "Apps in Outlook Web App."
This causes Outlook Web App 2013 in Internet Explorer 11 to throw a JavaScript error when you click the LinkedIn button.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.4.1-625.1-HF1

433972 New Event dialog widget is shifted to the left and Description field does not have action widget

Rewritten dialog "Calendar>Event>new event" is shifted to the left and Description field does not have action widgets on top of the field.

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.4.1-625.1-HF1

433982 APM Portal Access does not detect Internet Explorer 11

Internet Explorer has changed user-agent string format and APM Portal Access feature does not always recognize it correctly. As a result some sites can displayed incorrectly in Internet Explorer 11.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix- BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

435542 Re-installation of VPN driver on Windows 8.1 requires system reboot

In some cases re-installation of VPN driver on Windows 8.1 require system reboot.
Without reboot user can be presented with error: "The modem (or other connecting device) is already in use or is not configured properly."

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.4.1-625.1-HF1

432333 Java Application Tunnels do not work when Internet Explorer runs with Enhanced Protected Mode

By default, Internet Explorer 11 starts with Enhanced Protected Mode and browser process runs inside the AppContainer. Enhanced Protected Mode(AppContainer technology) in Internet Explorer 11 prevents interception of connection requests. App Tunnels cannot redirect traffic to proxy running on loopback address.

As a workaround:

Disable Enhanced Protected Mode in Internet Explorer 11 or add a backend server to Trusted or Intranet Sites List.

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

432020 Optimized Applications and Static AppTunnels do not work with IE 11 running with Enhanced protected mode

By default Internet Explorer 11 starts with Enhanced Protected Mode and browser process runs inside AppContainer. Enhanced Protected Mode(AppContainer technology) in Internet Explorer 11 prevents interception of connection requests. App Tunnels cannot redirect traffic to a proxy running on a loopback address.

As a workaround:

Disable Enhanced Protected Mode in Internet Explorer 11 or add a backend server to Trusted or Intranet Sites List.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.4.1-625.1-HF1

437652 IE11 generates security exception with document.write() call in HTTPS If the HTML page is loaded via HTTPS and contains a script which uses document.write() call to change closed document, IE11 suppresses this operation even in emulation mode. As a result, any such page will not work correctly in Portal Access mode.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.4.1-625.1-HF1

432469 State of Microsoft Windows Firewall is not detected

APM Client Firewall Check does not detect the current state of Windows 8.1 firewall.

Hotfix-BIGIP-10.2.4-817.35-HF7

Hotfix-BIG-IP-11.2.1-1217.59-HF9

Hotfix-BIG-IP-11.2.0-2805.25-HF7

Hotfix-BIG-IP-11.3.0-3144.0-HF8

Hotfix-BIGIP-11.4.0-2425.0-HF4

Hotfix-BIG-IP-11.4.1-625.1-HF1

441830 [BSOD]When upgrade VPN driver on Win8.1 from BIG-IP v10.2.4 HF7

If you have an older VPN driver (e.g. 7050,2011,607,846 10.2.4 HF7), when you try to update components with a browser or package and you try to establish a connection, you will get either an error of a BSOD.

This might happen when you had a Windows 8.0 operating system with BIG-IP 10.2.4 and you upgraded to Windows 8.1 and BIG-IP 11.5.0 at the same time.

Found on all versions of BIG-IP

434753 [APM] Windows RT client is asked to install browser extension for Windows Cache and Session Control

Windows RT does not support browser exceptions (ActiveX). There is a notification pop-up to install required components during execution access policy with Windows Cache and Session Control.

Hotfix-BIGIP-11.4.0-2427.0-HF5

Found on BIG-IP version 10.2.4 to 11.3.0

431083 Can not manually update VPN driver using driver files

When you download and install an old VPN driver and then you selected "Update Driver Software," the VPN driver did not update.

Found on all versions of BIG-IP

439280 [BSOD]When installing VPN driver on Windows 8.1 with partially uninstalled VPN driver

If client components without BZ430965 fixed are installed and then uninstalled on Windows 8.1 F5 Networks VPN Adapter will be uninstalled only partially. A subsequent attempt to install VPN Adapter driver on such client machine may lead to BSOD.

To work around this issue, you must uninstall the VPN Adapter driver completely.

  1. Open Device Manager.
  2. In the main menu select View -> Show hidden devices.
  3. Expand Network adapters.
  4. Right-click on F5 Networks VPN Adapter.
  5. In the popup menu select Uninstall.
  6. In the next window check Delete the driver software for this device.

Found on all versions of BIG-IP

Known issues for Windows 8.1 Inbox Plugin VPN Client

The F5 Inbox VPN Client is fully supported by F5 Networks, Inc. for all administrators of BIG-IP APM. Because this client is part of the Windows OS, software updates and fixes are distributed as part of Microsoft Windows Cumulative Updates and hotfixes. The following issues were found on Windows 8.1 Inbox Plugin VPN Client version 1.0.0.1.

For a comprehensive list of documentation that is relevant to the Windows 8.1 F5 InboxVPN Client, refer to the following docs:
APM Feature Comparison Doc for Inbox Client Windows 8.1 Support
Configuration Notes: Inbox F5 VPN Cilent for Microsoft Windows 8.1
Client Compatiblity Matrix for 11.4.0
Client Compatiblity Matrix for 11.4.1

ID

Title

Summary

425336

Unable to establish F5 VPN connection using rasdial.exe

You cannot use rasdial.exe to establish an F5 VPN connection on Windows 8.1.

426258 Proxy settings configured through default VPN configuration UI in "PC Settings" have no effect Proxy settings configured through default VPN configuration UI in PC Settings have no effect.
426346 Windows 8.1 Inbox VPN Client does not exclude local IP subnets from DNS and proxy configuration Windows 8.1 Inbox VPN Client does not exclude local IP subnets from DNS and proxy configurations when Allow Local Subnet option is configured for VPN connection.
427144 Network Access Resource "Proxy port" option is ignored and port 80 used for all protocols The Windows 8.1 Inbox VPN client uses proxy port 80 for all protocols.
428042 DNS Address Space or DNS Exclude Address Space support FQDN or templates with '*' symbol at the beginning only DNS Address Space or DNS Exclude Address Space work only with templates like *.domain or FQDN. IP subnets or templates that contain the symbol '*' in the middle or at the end do not work.
428324 VPN cannot reconnect if VPN tunnel IP address space overlaps with DNS server In some situations after establishing a VPN connection, the client cannot resolve the FQDN of the VPN server. As a result, the client cannot reconnect to VPN after network routing changes occur, such as: DHCP IP renewal, network media disconnection or APM session time-out.
428806 Windows 8.1 does not distinguish DNS Address Space and DNS Default Domain Suffix Windows 8.1 does not distinguish "DNS Address Space" and "DNS Default Domain Suffix" and treats all "*.domain" configuration in DNS Address Space and DNS Default Domain Suffix.
430868 Maximum number of PIN entry attempts was not translated and displayed in English The maximum number of PIN entry attempts was not translated and appears only in English: The card cannot be accessed because the maximum number of PIN entry attempts has been reached.
424862 Routes to local networks are not deleted Although the option Force all traffic through tunnel is selected for the network access resource, the Windows 8.1 client does not delete routes to local networks.
424959
Existing static routes not deleted when VPN connection is established
Existing static routes are not deleted when a VPN connection is established regardless of the Network Access Resource split tunneling configuration.
425073 Proxy configuration is ignored for URLs that contain IP address If a user tries to access a server from a browser, and specifies the IP address instead of the domain name, the proxy configuration is ignored. The connection is then established to the server directly, bypassing the proxy server.
425168 Network Access Resource "IPV6 Exclude Address Space" option does not work The IPV6 Exclude Address Space option does not work with Windows 8.1 Inbox Client if IPv6 is not enabled on the physical NIC.
425818 Proxy Auto-configuration file does not apply if Split Tunneling is provisioned on the client. Proxy Auto-configuration (PAC) file is applied if the VPN entry was created without '-SplitTunneling $True', and is not applied if the '-SplitTunneling $True' option was specified.
426654 Client SSL profile assigned to VPN virtual server should not use "Require" value for client certificate option The Windows 8.1 VPN Inbox Client sends a client certificate only on connections that are used for authentication.
427287 Proxy exclusion option supports *.domain templates or FQDN only The proxy exclusion option works with templates like *.domain or FQDN only. IP subnets or templates that contain the symbol '*' in the middle or at the end do not work.
430415 Cannot re-establish connection after logging off during active VPN connection This can happen when the Windows 8.1 VPN Inbox Client configuration specifies using a client certificate for authentication. With this configuration, a user cannot re-establish a VPN connection after logging off from a device while a VPN connection was active. Reboot the system and wait for some period of time before reestablishing the VPN connection.
426013 System reboot is required in case of IP address collision If the IP address of the VPN interface that was issued by the VPN server is identical to one of the local IP addresses assigned to the physical NIC, the VPN connection fails and you will have to reboot the system before you can use any VPN connection again.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)