Applies To:
Show Versions
BIG-IP APM
- 11.2.1
Windows 8.1 Support Notes
The following document describes current limitations, known issues, and fixes in BIG-IP APM to support Windows 8.1 clients and Internet Explorer 11. This document also describes known issues for Windows 8.1 Inbox F5 VPN client. While these limitations and known issues are true for the predefined set of versions/hotfixes mentioned in this support document, we highly recommend that you refer to the product release notes as they become available to find the latest and updated information on these limitations and issues.
Limitations, Known Issues, and Fixes in BIG-IP APM for Windows 8.1 support
Limitations
ID |
Title |
Summary |
386472 |
Rewritten Sharepoint uses HTTP instead of DAV when user open file through direct link or context menu |
Windows 8 does not share persistent cookies between the browser and Office components. This prevents session management tools like APM from connecting Windows 8 clients with Sharepoint services. Limitation with Windows 8/IE10, Windows 8.1/IE11, and Sharepoint. The Microsoft case number is 112090575901186. |
| 431216 | [NA][WIN] Client proxy settings do not work when using NA with IE 11 | Internet Explorer does not recognize Proxy Auto-Configuration (PAC) files specified with the "" prefix. As a result Client proxy settings does not work when using Network Access with Internet Explorer 11. This is a Microsoft issue: IE11 does not recognize PAC files specified with the "" prefix. As a workaround, enable the Client Proxy Uses HTTP for Proxy Autoconfig Script option in the Network Access resource. This limitation is fixed in 11.5.0, 11.4.1-HF2, 11.4.0-HF4 and 11.2.1-HF10. |
| 431776 | Protected Workspace disabled on Windows 8.1 | This temporary fix disables Protected Workspace on Windows 8.1. Windows 8.1 users will be directed to the fallback branch in APM Access Policy |
| 435566 | Internet Explorer 11 always prompts to save credentials on the APM logon page | As part of the password management improvement, IE11 ignores the autocomplete=off option for the password input field. Therefore, a notification bar at the bottom of the page prompts you to choose a password saving action. |
Fixed Issues
ID |
Title |
Summary |
Fixed on |
430965 |
NA cannot be used after reinstallation on Win8.1/IE11[BSOD] |
Windows 8.1 changed the format of hardware IDs strings it exposed a bug in VPN driver installer. As a result, the driver installer did not properly remove the VPN driver from Windows 8.1. |
Hotfix-BIG-IP-11.4.1-625.1-HF1 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.2.1-1217.59-HF10 |
Known Issues
ID |
Title |
Summary |
Found on |
| 431076 | Windows crashes when connection establishes after deleting urfltv64.sys | If you delete the file %systemroot%\system32\drivers\urfltv64.sys, Windows will crash when establishing a VPN connection. | Hotfix-BIG-IP-11.4.1-635.0-HF2 |
| 424587 | Sharepoint 2013 homepage can display JavaScript error in Internet Explorer 11 when it runs through APM content rewrite | The Sharepoint 2013 homepage cannot successfully render in Internet Explorer 11. | Hotfix-BIG-IP-11.4.1-635.0-HF2 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.2.1-1217.59-HF10 Hotfix-BIGIP-11.4.0-2425.0-HF4 |
| 432333 | Java Application Tunnels do not work when Internet Explorer runs with Enhanced Protected Mode | By default, Internet Explorer 11 starts with Enhanced Protected Mode and browser process runs inside the AppContainer. Enhanced Protected Mode(AppContainer technology) in Internet Explorer 11 prevents interception of connection requests. App Tunnels cannot redirect traffic to proxy running on loopback address. As a workaround: Disable Enhanced Protected Mode in Internet Explorer 11 or add a backend server to Trusted or Intranet Sites List. |
Hotfix-BIG-IP-11.4.1-635.0-HF2 |
| 433982 | APM Portal Access does not detect Internet Explorer 11 | Internet Explorer has changed user-agent string format and APM Portal Access feature does not always recognize it correctly. As a result some sites can displayed incorrectly in Internet Explorer 11. |
Hotfix-BIG-IP-11.4.1-635.0-HF2 |
431076 |
Windows crashes when connection establishes after deleting urfltv64.sys |
If you delete the file %systemroot%\system32\drivers\urfltv64.sys, Windows will crash when establishing a VPN connection. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 |
424587 |
Sharepoint 2013 homepage can display JavaScript error in Internet Explorer 11 when it runs through APM content rewrite |
The Sharepoint 2013 homepage cannot successfully render in Internet Explorer 11. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 |
430965 |
NA cannot be used after reinstallation on Win8.1/IE11[BSOD] |
Windows 8.1 changed the format of hardware IDs strings it exposed a bug in VPN driver installer: As a result the driver installer did not properly remove the VPN driver from Windows 8.1. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.2.1-1217.0-HF10
|
431375 |
[VDI] Citrix HTML5 client doesn't work with IE11 |
Citrix HTML5 client does not work with IE 11. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.4.1-625.1-HF1 |
432484 |
Windows Client Checkers does not work if Enhanced Protected mode is enabled on Internet Explorer 11 | Windows Process Checker does not work if Enhanced Protected mode is enabled with Internet Explorer 11. A workaround is to disable Enhanced Protected mode by adding BIG-IP VS into the Trusted sites List. |
Hotfix-BIG-IP-11.2.1-1217.59-HF9 |
431337 |
OWA 2013, IE11 throws JavaScript error when you click LinkedIn button. | The "LinkedIn" button is a part of the new feature in Outlook Web App 2013 - "Apps in Outlook Web App." |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.4.1-625.1-HF1 |
| 433972 | New Event dialog widget is shifted to the left and Description field does not have action widget | Rewritten dialog "Calendar>Event>new event" is shifted to the left and Description field does not have action widgets on top of the field. |
Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.4.1-625.1-HF1 |
| 433982 | APM Portal Access does not detect Internet Explorer 11 | Internet Explorer has changed user-agent string format and APM Portal Access feature does not always recognize it correctly. As a result some sites can displayed incorrectly in Internet Explorer 11. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix- BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 |
| 435542 | Re-installation of VPN driver on Windows 8.1 requires system reboot | In some cases re-installation of VPN driver on Windows 8.1 require system reboot. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.4.1-625.1-HF1 |
| 432333 | Java Application Tunnels do not work when Internet Explorer runs with Enhanced Protected Mode | By default, Internet Explorer 11 starts with Enhanced Protected Mode and browser process runs inside the AppContainer. Enhanced Protected Mode(AppContainer technology) in Internet Explorer 11 prevents interception of connection requests. App Tunnels cannot redirect traffic to proxy running on loopback address. As a workaround: Disable Enhanced Protected Mode in Internet Explorer 11 or add a backend server to Trusted or Intranet Sites List. |
Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 |
| 432020 | Optimized Applications and Static AppTunnels do not work with IE 11 running with Enhanced protected mode | By default Internet Explorer 11 starts with Enhanced Protected Mode and browser process runs inside AppContainer. Enhanced Protected Mode(AppContainer technology) in Internet Explorer 11 prevents interception of connection requests. App Tunnels cannot redirect traffic to a proxy running on a loopback address. As a workaround: Disable Enhanced Protected Mode in Internet Explorer 11 or add a backend server to Trusted or Intranet Sites List. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.4.1-625.1-HF1 |
| 437652 | IE11 generates security exception with document.write() call in HTTPS | If the HTML page is loaded via HTTPS and contains a script which uses document.write() call to change closed document, IE11 suppresses this operation even in emulation mode. As a result, any such page will not work correctly in Portal Access mode. | Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.4.1-625.1-HF1 |
| 432469 | State of Microsoft Windows Firewall is not detected | APM Client Firewall Check does not detect the current state of Windows 8.1 firewall. |
Hotfix-BIGIP-10.2.4-817.35-HF7 Hotfix-BIG-IP-11.2.1-1217.59-HF9 Hotfix-BIG-IP-11.2.0-2805.25-HF7 Hotfix-BIG-IP-11.3.0-3144.0-HF8 Hotfix-BIGIP-11.4.0-2425.0-HF4 Hotfix-BIG-IP-11.4.1-625.1-HF1 |
| 441830 | [BSOD]When upgrade VPN driver on Win8.1 from BIG-IP v10.2.4 HF7 | If you have an older VPN driver (e.g. 7050,2011,607,846 10.2.4 HF7), when you try to update components with a browser or package and you try to establish a connection, you will get either an error of a BSOD. This might happen when you had a Windows 8.0 operating system with BIG-IP 10.2.4 and you upgraded to Windows 8.1 and BIG-IP 11.5.0 at the same time. |
Found on all versions of BIG-IP |
| 434753 | [APM] Windows RT client is asked to install browser extension for Windows Cache and Session Control | Windows RT does not support browser exceptions (ActiveX). There is a notification pop-up to install required components during execution access policy with Windows Cache and Session Control. |
Hotfix-BIGIP-11.4.0-2427.0-HF5 Found on BIG-IP version 10.2.4 to 11.3.0 |
| 431083 | Can not manually update VPN driver using driver files | When you download and install an old VPN driver and then you selected "Update Driver Software," the VPN driver did not update. |
Found on all versions of BIG-IP |
| 439280 | [BSOD]When installing VPN driver on Windows 8.1 with partially uninstalled VPN driver | If client components without BZ430965 fixed are installed and then uninstalled on Windows 8.1 F5 Networks VPN Adapter will be uninstalled only partially. A subsequent attempt to install VPN Adapter driver on such client machine may lead to BSOD. To work around this issue, you must uninstall the VPN Adapter driver completely.
|
Found on all versions of BIG-IP |
Known issues for Windows 8.1 Inbox Plugin VPN Client
The F5 Inbox VPN Client is fully supported by F5 Networks, Inc. for all administrators of BIG-IP APM. Because this client is part of the Windows OS, software updates and fixes are distributed as part of Microsoft Windows Cumulative Updates and hotfixes. The following issues were found on Windows 8.1 Inbox Plugin VPN Client version 1.0.0.1.
For a comprehensive list of documentation that is relevant to the Windows 8.1 F5 InboxVPN Client, refer to the following docs:
APM Feature Comparison Doc for Inbox Client Windows 8.1 Support
Configuration Notes: Inbox F5 VPN Cilent for Microsoft Windows 8.1
Client Compatiblity Matrix for 11.4.0
Client Compatiblity Matrix for 11.4.1
ID |
Title |
Summary |
425336 |
Unable to establish F5 VPN connection using rasdial.exe | You cannot use rasdial.exe to establish an F5 VPN connection on Windows 8.1. |
| 426258 | Proxy settings configured through default VPN configuration UI in "PC Settings" have no effect | Proxy settings configured through default VPN configuration UI in PC Settings have no effect. |
| 426346 | Windows 8.1 Inbox VPN Client does not exclude local IP subnets from DNS and proxy configuration | Windows 8.1 Inbox VPN Client does not exclude local IP subnets from DNS and proxy configurations when Allow Local Subnet option is configured for VPN connection. |
| 427144 | Network Access Resource "Proxy port" option is ignored and port 80 used for all protocols | The Windows 8.1 Inbox VPN client uses proxy port 80 for all protocols. |
| 428042 | DNS Address Space or DNS Exclude Address Space support FQDN or templates with '*' symbol at the beginning only | DNS Address Space or DNS Exclude Address Space work only with templates like *.domain or FQDN. IP subnets or templates that contain the symbol '*' in the middle or at the end do not work. |
| 428324 | VPN cannot reconnect if VPN tunnel IP address space overlaps with DNS server | In some situations after establishing a VPN connection, the client cannot resolve the FQDN of the VPN server. As a result, the client cannot reconnect to VPN after network routing changes occur, such as: DHCP IP renewal, network media disconnection or APM session time-out. |
| 428806 | Windows 8.1 does not distinguish DNS Address Space and DNS Default Domain Suffix | Windows 8.1 does not distinguish "DNS Address Space" and "DNS Default Domain Suffix" and treats all "*.domain" configuration in DNS Address Space and DNS Default Domain Suffix. |
| 430868 | Maximum number of PIN entry attempts was not translated and displayed in English | The maximum number of PIN entry attempts was not translated and appears only in English: The card cannot be accessed because the maximum number of PIN entry attempts has been reached. |
| 424862 | Routes to local networks are not deleted | Although the option Force all traffic through tunnel is selected for the network access resource, the Windows 8.1 client does not delete routes to local networks. |
| 424959 | Existing static routes not deleted when VPN connection is established
|
Existing static routes are not deleted when a VPN connection is established regardless of the Network Access Resource split tunneling configuration. |
| 425073 | Proxy configuration is ignored for URLs that contain IP address | If a user tries to access a server from a browser, and specifies the IP address instead of the domain name, the proxy configuration is ignored. The connection is then established to the server directly, bypassing the proxy server. |
| 425168 | Network Access Resource "IPV6 Exclude Address Space" option does not work | The IPV6 Exclude Address Space option does not work with Windows 8.1 Inbox Client if IPv6 is not enabled on the physical NIC. |
| 425818 | Proxy Auto-configuration file does not apply if Split Tunneling is provisioned on the client. | Proxy Auto-configuration (PAC) file is applied if the VPN entry was created without '-SplitTunneling $True', and is not applied if the '-SplitTunneling $True' option was specified. |
| 426654 | Client SSL profile assigned to VPN virtual server should not use "Require" value for client certificate option | The Windows 8.1 VPN Inbox Client sends a client certificate only on connections that are used for authentication. |
| 427287 | Proxy exclusion option supports *.domain templates or FQDN only | The proxy exclusion option works with templates like *.domain or FQDN only. IP subnets or templates that contain the symbol '*' in the middle or at the end do not work. |
| 430415 | Cannot re-establish connection after logging off during active VPN connection | This can happen when the Windows 8.1 VPN Inbox Client configuration specifies using a client certificate for authentication. With this configuration, a user cannot re-establish a VPN connection after logging off from a device while a VPN connection was active. Reboot the system and wait for some period of time before reestablishing the VPN connection. |
| 426013 | System reboot is required in case of IP address collision | If the IP address of the VPN interface that was issued by the VPN server is identical to one of the local IP addresses assigned to the physical NIC, the VPN connection fails and you will have to reboot the system before you can use any VPN connection again. |
