Microsoft Store App and ContainerApp proxy connectivity issues when load balancing is used with DNS

Se aplica a: Internet Explorer 11 on Windows 10

Symptoms


In an enterprise environment, the internet proxy server's Domain Name System (DNS) name is load balanced by using the following methods:

  • Global load balancer
  • Round robin method
  • DNS query policies

In this scenario, Microsoft Store applications, such as Microsoft Edge, and container apps, such as Internet Explorer with Enhanced Protected Mode (EPM), experience connectivity issues.

Cause


This issue occurs when the following conditions are true:

  • The Internet proxy servers for apps policy has not been configured or is inaccurately configured.
  • The DNS load balancing scheme causes the app to retrieve a proxy IP address that is not configured in, or discovered by, network isolation. 

The network isolation feature must validate proxy IP addresses through an independent DNS lookup to help prevent malicious proxy use and certain man-in-the-middle attacks.

An app's proxy connection request is blocked when an app tries to use an unvalidated proxy IP address. This is by design for all Microsoft Store apps and container apps.

Resolution


To fix this issue, follow the steps in Isolating Windows Store Apps on Your Network to set up a policy in Group Policy for Internet proxy servers for apps. This policy should contain a list of all the proxy server IP addresses that exist in DNS.