Oracle Enterprise Manager Not Functional From MS Internet Explorer V7 & 8 After MS Windows Patch KB2661254

Sorry I just got around to posting this fix for at Microsoft security patch that came out in October 2012 for MS Explorer versions 7 & 8 at least.  It’s a patch that forces 512 encryption when encryption is used.  So those apps that don’t support 512 byte encryption like Oracle Enterprise Manager (OEM) 11.1 BREAK… unless without massive additional patching to OEM ugh…

Here is one relativesly easy fix (in my mind – of course you could just use Chrome – the MS patch doesn’t break that) and then the note that led me to the fix for our Oracle Enterprise Manager problem (not able to get to the URL – browser blocks it because the key is only 512 bits).

Test OEM from MS IE 8 first, if its not working, and you just applied the patch, before you make these changes to assure you need the changes to your registry.

On the client running the IE browser

You may want to backup your registry before you do this…

  • ·         Run regedit.exe
  • ·         You may want to backup your registry…
  • ·         Navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config
  • ·         Add a new DWORD for: MinRsaPubKeyBitLength  Value Decimal 512
  • ·         Add a new DWORD for: EnableWeakSignatureFlags Value Decimal 2
  • ·         Stop all running version of IE

http://support.microsoft.com/kb/2661254 explains what needs to be done but, it is buried about 10 pages down in the note…  hint, search for MinRsaPubKeyBitLength.

What you will see is Microsoft provides a work around with 4 registry entries of which you only really need 2 of the 4.

Hope this helps, Mike

Advertisements

One comment

  1. Thanks a lot for this post. My only way of always working around this was deleting the KB2661254 but as you may agree that wasn’t smart. I followed your instructions and in just one shot i was in. Thanks once again for such a great post.

    Daniel.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s