Environment
Situation
When using the Microsoft Internet Explorer (IE) web browser to access Reflection ZFE (RZFE) sessions or Host Access Management & Security Server (MSS, included with Reflection ZFE), you may experience blank screen issues such as the following:
- Reflection ZFE renders properly for some URLs and not others (a blank screen is displayed). The behavior varies depending on whether the ZFE session is using an IP address, short hostname, or fully-qualified name.
- In MSS, you can’t create or open a ZFE session unless that session is on the same server as MSS. A blank screen displays where you expect to see the session.
Resolution
To use Internet Explorer 10 or 11 with RZFE and MSS servers, you need:
- Compatibility View disabled
- Third-party Cookies enabled
You need to determine what zone your web site is in and then make the necessary adjustments to the Internet Explorer settings. Because Internet Explorer can be configured in so many different ways depending on your situation, it is hard to provide one solution for successfully using Internet Explorer with Reflection ZFE and MSS. These are some possible configurations to follow:
- If both RZFE and MSS are in the Internet zone, manually add the RZFE server to the Local Intranet or Trusted Sites zone (Internet Options > Security > Local intranet > Sites). Use fully qualified hostnames or IP addresses.
- If both servers are in the Internet zone, change the default behavior for that zone and enable Third-party Cookies (Internet Options > Privacy > Advanced > Override automatic cookie handling).
- If both servers are in the Local Intranet zone, change the default behavior for that zone and disable Compatibility View (Tools > Compatibility View settings).
Cause
This issue is specific to the way Internet Explorer toggles various settings depending on its interpretation of website security. The settings in question are Compatibility View and Third-party Cookies. Depending on what “zone” Internet Explorer determines your web site to be in, these settings need to be either enabled or disabled. Internet Explorer bases its determination on the site URL. For example, if the server name in the URL does not contain dots (for example, http://mycorporateserver/rweb/AdminStart.html), Internet Explorer assumes the address belongs in the Local Intranet zone. If it does not, the site is assigned to the Internet zone.
| Zone |
Internet Explorer Default Settings |
| Local Intranet Zone |
Compatibility View enabled (not desired) Third-party Cookies enabled (desired) |
| Internet Zone |
Compatibility View disabled (desired) Third-party Cookies disabled (not desired) |
While it is possible for a website to override Compatibility View by specifying Document Mode with an X-UA-Compatible meta HTML tag, and Reflection ZFE does use that particular mode, MSS does not. Thus, if a Reflection ZFE server and a Management and Security Server are both in the Local Intranet zone (with default Compatibility View enabled), it is likely that Reflection ZFE would still perform correctly, but MSS would not. See http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx for more information.