Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Warning: The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see Internet Explorer 11 desktop app retirement FAQ.

Symptoms

Assume that you try to upload a file by using an XMLHttpRequest object in Level 2 specification in Internet Explorer 10. The file upload cannot be finished if the POST receives a 401 authentication challenge. The upload either freezes indefinitely or times out if a 401 challenge is received on the HTTP POST.

Additionally, this affects POSTs that contain files that are attached by using a formData().append method. The failures can occur in one of two ways during the network traces, depending on whether the Kerberos protocol or the NT LAN Manager (NTLM) protocol is used:
 

  • If Internet Explorer sends the POST, and the server responds with a 401 including the Authentication Header (AH), and then the Kerberos protocol is negotiated:

    • Internet Explorer sends the initial POST that contains the full body.

    • Server responds with Authenticate: Negotiate.

    • Internet Explorer sends Kerberos hash to the server together with content-length that states a full POST body is present but does not include the content.

    • Server waits for the remaining payload. However, the payload is never sent.

  • If Internet Explorer sends the POST, and the server responds with a 401 including the AH, and then the NTLM protocol is negotiated:

    • Internet Explorer sends the initial POST that contains the full body.

    • Server responds with Authenticate: Negotiate or Authenticate: NTLM.

    • Internet Explorer sends NTLM hash to the server together with content-length = 0.

    • Server responds with server hash.

    • No follow-up POST that contains the completed hash or a full POST body is sent by the client.

Resolution

Update information

To resolve this issue, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update.

For technical information about the most recent cumulative security update for Internet Explorer, go to the following Microsoft website:

http://www.microsoft.com/technet/security/current.aspxNote This update was first included in security update 2975687.

For more information about security update 2977629, click the following article number to view the article in the Microsoft Knowledge Base:
 

2977629 MS14-052: Cumulative security update for Internet Explorer: September 9, 2014

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

See the terminology that Microsoft uses to describe software updates.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×