I have an issue where certain website the icon-fonts are missing.
1. firewall is off
2. enabled protection mode is disabled
3. Font download is enabled
What is interseting is that if UEM GPO is disabled the icons appears normally; however, once the UEM GPO is applied the icons are missing. The GPO is simiple there are no logon scripts running, and the user's profile folders are redirected to a SMB share.
I also created a new UEM GPO that points to another freshly created config file. I disbaled all the Config Files in the Personalization Tab and I still get the same experince where the icons are missing.
Has anyone come across this similar issue ?
So, indeed, this is related to DirectFlex. Specifically, the fontdrvhost.exe process does not seem to like the fact that we inject our FlexHook*.dll (which we do as soon as DirectFlex is enabled -- it does not matter for which Flex config file.)
So, DirectFlex blacklist to the rescue: adding fontdrvhost.exe to the blacklist seems to keep the webfonts working perfectly fine in my test setup. To configure this, create a Blacklist.xml file in ...\General\FlexRepository\DirectFlex folder (which does not exist by default), with the following content:
<?xml version='1.0' encoding='utf-8'?>
<setting type='blacklist' list='fontdrvhost.exe'/>
The attachment contains this XML file with the correct folder structure. If you already have this Blacklist.xml file, just update its list attribute by adding |fontdrvhost.exe at the end of the current value (note the '|' (pipe character), which acts as a separator).
As it took me a while to reproduce the issue, I'd highly appreciate it is someone can test this fix. Thanks!
Not sure what may cause this in relation to UEM, but which settings are you applying from the UEM GPO? And are you able to rule out settings from this GPO?
If you talk about GPO do you mean AD GPO or do you mean ADMX based settings from UEM?
The UEM GPO on Active directory is only redirecting the User's folders to a SMB path and the UEM settings are pointing to the defined config paths similar to this document
It's strange, Once the policy is disabled, the font icons works properly. I was hoping someone else was experinicng similar issue. Maybe it is just me.
We experience a similar issue, but by now, we still search for the cause.
Internet Explorer sometimes doesnt load fonts from our internal website. (like you, we have font download enabled)
We even have a program that load fonts from a network share and fails to do that sometimes.
This error happens very often, but not every time. If the error starts to happen, it persists for the whole user session.
Only logon/logoff could solve the problem.
Even when you try to install the font manually while this error is active, windows says that it cannot recognize the font.
We use Windows 10 LTSB x64 1607 instant clones, AppVolumes 2.12.1, UEM 9.2 and Horizon 7.1.
This just happens in our Horizon environment.
Hi, We have the same problem here, but this time for font-awesome (which is being used in our LOB webapp and on some other websites too).
Without installing the font beforehand when we open the website it does not render the font (not being able to download it, eventhough the gpo for Internet Explorer is configured to allow font downloads). When I install the font manually it works until I log off and log on again. Immediately after logon it may stll work, but after some time it stops working.
After I give deny on apply group policy to myself on the UEM gpo (which only contains the UEM settings) the font-awesome is always correctly displayed. When I turn on the GPO again it stops working.
This is a real problem for us as the only solution would be to stop using UEM.
You can test it on Font Awesome Icons with internet explorer 11 on Windows 10 Enterprise 1607 in a Windows 2012 R2 domain with UEM 9.2 via group policy extensions.
Other browsers do not have this problem.
I disabled "Enable Protected Mode) on the internet zone (where the website is located) and in the advanced page I disabled "Enable Enhanced Protection Mode" in Internet Explorer 11 and the problem did no longer occur.
I know IE 11 makes use of appcontainers when enhanced protection mode is enabled, which I believe runs in the usercontext.
Maybe UEM does something with the appcontainer IE11 creates which causes the webfonts not to be downloaded/used.
Of course this creates the problem that websites in internet no longer are protected and the users see a warning when they open an website in the internet zone.
Can''t have my cake and eat it I guess.
Just to make sure I understand everything correctly:
If you do indeed use folder redirection:
Please see below
Just to make sure I understand everything correctly:
Correct, I’ve disabled all configuration for personalization.
I’m actually using a GPO to redirect the Desktop, Documents, Favorites and Pictures Folder.
Should I try having UEM redirect the folders instead of GPO ?
Thank you for the additional information. No need to switch to UEM for folder redirection; I thought you were already doing that, and wanted to rule that out as a contributing factor.
In your original post, you said that the icons appear normally once you disable the UEM GPO. Does this GPO only contain UEM policy settings, or also the folder redirection configuration?
If it's just UEM policy settings, could you provide a FlexEngine log file at log leve DEBUG, covering a full session from logon to logoff? If the GPO also contains folder redirection configuration, could you try without folder redirection?
Is the debug log from a user and computer on which that particular GPO was applied? I'm asking since there should be a Redirected folders: Desktop, Favorites, Personal log message due to those folders having been redirected.
Would it be possible to test whether the issue also occurs if you remove those folder redirection settings from the GPO (but leave the UEM-related settings intact)?
Also, when I visit the Font Awesome Icons site (from a v1607 x64 machine with UEM 9.2), the icons from the web font show up correctly. I've also tried with folder redirection (configured through UEM instead of GPO, though), and then it also works just fine. Can you reproduce the issue by visiting that site?
(And although I can't imagine it is related to this particular issue: Windows 10 v1607 is officially supported starting with UEM 9.1. Also, I don't think Horizon 6.2.1 is supported on v1607. Again, not relevant for the font issue, but just something to be aware of in general.)
The issue occurs with or without the folder redirection. In the previous message I took a screen shot of the GPO with only the UEM settings; however, I think I found the culprit. It seems that disabling DirectFlex on certain applications such as office suite fixed the issue of the font-icons not appearing properly.
Can you try enabling DirectFlex on the office suite to see if you’re also able to reproduce the issue some of us are having?
That's good new info, thanks! I have DirectFlex enabled in my test setup, but I don't have any Office applications installed.
In your setup, does the problem occur only after launching other applications (like Office), or can you reproduce it by just launching IE after having removed the user's profile?