Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Cannot connect to Microsoft Communty or Microsoft Account

  • 22 freagra
  • 4 leis an bhfadhb seo
  • 129 views
  • Freagra is déanaí ó cor-el

more options

All of a sudden today I am unable to connect to the Microsoft Community https://answers.microsoft.com/en-us/ and to my Microsoft Account https://account.microsoft.com/privacy/. I can connect with Edge but not FF 95.0. It seems according to the MS Forum that I am not the only one with this problem. Please see screenshots of what I and others are getting.

All of a sudden today I am unable to connect to the Microsoft Community https://answers.microsoft.com/en-us/ and to my Microsoft Account https://account.microsoft.com/privacy/. I can connect with Edge but not FF 95.0. It seems according to the MS Forum that I am not the only one with this problem. Please see screenshots of what I and others are getting.
Attached screenshots

Réiteach roghnaithe

Hi

Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue.

If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.

Read this answer in context 👍 2

All Replies (20)

more options

Just to test... Try downloading a different version of Firefox and run it. Do not sign into your Firefox account and see if you have the same issue.

https://www.mozilla.org/en-US/firefox/all/#product-desktop-release

more options

I've seen this error today with another user going to docs.microsoft.com. I also got the error a few times, but it works for me in different versions of Firefox. see screenshot

Athraithe ag jonzn4SUSE ar

more options
more options

jonzn4SUSE said

Just to test... Try downloading a different version of Firefox and run it. Do not sign into your Firefox account and see if you have the same issue. https://www.mozilla.org/en-US/firefox/all/#product-desktop-release

I tried that and it did not work sorry to say. Thanks for your help.

more options

FredMcD said

There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connection certificates and send their own. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-firefox-did-not-connect https://support.mozilla.org/en-US/kb/websites-dont-load-troubleshoot-and-fix-errors What do the security warning codes mean


Thank you for the info. I use Norton 360 and never had a problem connecting to MS. I have no problems with EDGE connecting.

more options

jonzn4SUSE said

I've seen this error today with another user going to docs.microsoft.com. I also got the error a few times, but it works for me in different versions of Firefox. see screenshot


I just tried docs.microsoft.com from your response and cannot connect to that as well. This problem happens on my wife's laptop as well. Now if I use my VPN (ProtonVPN) I can connect.

more options
more options

FredMcD said

Web search; https://www.bing.com/search?q=MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING One response says Solved.

I looked at that Fred but could not grasp what was done to resolve the issue. I did this morning download the Firefox App from the MS store and still the same thing happens. I have uninstalled and reinstalled Firefox several time and even installed the 32 bit one but still the same thing happens. It is funny that every website I use connects except for MS Community.

Respectfully

UPDATE:

Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.

Athraithe ag new_aged2perfection ar

more options

FredMcD said

Web search; https://www.bing.com/search?q=MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING One response says Solved.

I looked at that Fred but could not grasp what was done to resolve the issue. I did this morning download the Firefox App from the MS store and still the same thing happens. I have uninstalled and reinstalled Firefox several time and even installed the 32 bit one but still the same thing happens. It is funny that every website I use connects except for MS Community.

Respectfully

UPDATE:

Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.

more options

Hi there,

I too got an error just now. After reading https://www.askvg.com/mozilla-pkix-error-ocsp-response-for... I can try explain what happening.

When you browse to any site with https the browser checks out the security of the connection using the Certificate provided from the sites server (eg xxxx.Microsoft.com - see screenshot with Certificates Subject Alternative Name).

Firefox checks the certificate to ask how to verify its a trusted certificate, and uses that to get an Trust or Don't trust response. For Microsoft.com certificate it looks like there is 2 methods - 1. Use MS server to verify or 2 Use the Online Certificate Status Protocol (OCSP).  (See screenshot with Certificate Authority Information Access )

OSCP tells Firefox to go ask the certificate authority (CA) if this should be trusted. When it does that the certificate providers server knows you have requested to visit that site. This is where the "stapling" part comes in. Rather than asking the Certificate Providers server, the sites server is asked to do the Trust check. So Firefox ask Microsoft.com to prove its valid. Microsoft.com asks the CA for a receipt that its valid and staples it onto the response back to Firefox - then Firefox knows if it can trust Microsoft.com

The error shown is basically saying something in the response from Microsoft.com is fishy as its missed stapling the OSCP response.

So the issue is with Mircosoft.com's servers. My guess is it works on other browsers because either they are using Option 1 provided by Microsoft (to trust its own server ?) or not checking the OSCP stapled response.

Configuring Firefox to ignore the stapling means that its ignoring the missing OSCP response. It could be that Firefox is coded to always check OCSP if its available as a option to check and the setting is on. When the setting is off the check isn't done.

So whats the impact to you without OSCP_STAPLING ? Efectively the Certificate Authority knows where you have browsed. (Any info firefox sends the CA in the request to verify, which is headers, network info etc).

Athraithe ag Paul Winter ar

more options

Missing screenshot re Subject Alternative names affected (ie Sites affected by this)

more options
more options

new_aged2perfection said

UPDATE: Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.

By disabling stapling, you are reverting to the old school method of checking whether a website's SSL certificate has been revoked. There are two minor issues, but they may not be important to you compared to being able to access the Microsoft site successfully.

Classic method: look up every SSL certificate during verification using an OCSP address provided in the certificate.

The concern there is a slight privacy leak: the certificate issuer receives a request from your browser indicating that your browser is visiting a site using that certificate. In theory, the certificate issuer can collect information about your browsing habits across multiple sites for which it has issued certificates. Do they? I have not seen any real world data on that.

Stapling: browsers can accept a copy of the OCSP response provided by the site with its certificate to bypass the classic request and close off the privacy leak. It also has a performance benefit by avoiding an extra request.

All that said, I'm not getting an error accessing the site today, so maybe Microsoft changed something?

more options

jscher2000 said

new_aged2perfection said

UPDATE: Fred I went to this website and accessed "about:config" and searched on "security.ssl.enable_ocsp_stapling" and set it's value to "false" then I restarted my browser. I can now access MS Community and Account. Please tell me if this will cause any problems by doing this.

By disabling stapling, you are reverting to the old school method of checking whether a website's SSL certificate has been revoked. There are two minor issues, but they may not be important to you compared to being able to access the Microsoft site successfully.

Classic method: look up every SSL certificate during verification using an OCSP address provided in the certificate.

The concern there is a slight privacy leak: the certificate issuer receives a request from your browser indicating that your browser is visiting a site using that certificate. In theory, the certificate issuer can collect information about your browsing habits across multiple sites for which it has issued certificates. Do they? I have not seen any real world data on that.

Stapling: browsers can accept a copy of the OCSP response provided by the site with its certificate to bypass the classic request and close off the privacy leak. It also has a performance benefit by avoiding an extra request.

All that said, I'm not getting an error accessing the site today, so maybe Microsoft changed something?


Thank you so very much for the great info you provided to me. I always say you learn something new everyday and me turning 70 next month that saying holds true. I just checked MS Community and my account and was able to access both so I guess MS found the problem and corrected it. Thank you again.

Respectfully, Don

UPDATE: Just tried again and account page was scrambled and forum could not connect.

Athraithe ag new_aged2perfection ar

more options

new_aged2perfection said

I just checked MS Community and my account and was able to access both so I guess MS found the problem and corrected it.

Thats' good to hear. Well Done for them. Please flag your https://support.mozilla.org/en-US/questions/1360911#answer-1466327 post as Solved Problem as this can help others with similar problems. Go to that post and click the 'Solved' button to its right.

more options

FredMcD said

new_aged2perfection said

I just checked MS Community and my account and was able to access both so I guess MS found the problem and corrected it.

Thats' good to hear. Well Done for them. Please flag your https://support.mozilla.org/en-US/questions/1360911#answer-1466327 post as Solved Problem as this can help others with similar problems. Go to that post and click the 'Solved' button to its right.


Sorry Fred but I just tried again and account page was scrambled and forum could not connect. MS Forum owner Kristen is now suggesting changing Stapling in about:config until issue is resolved. Back to the drawing board.

more options

The problem has been identified as Firefox not supporting SHA-2 hashes in certificate IDs in OCSP certificates. Apparently some of the OCSP certificates in the Microsoft/Akamai network use SHA-2 hashes that way.

A patch was submitted a few hours ago that needs to undergo testing, and assuming it doesn't cause other problems, it should be included in the next update. I don't have an idea of when that might be released.

more options

jscher2000 said

The problem has been identified as Firefox not supporting SHA-2 hashes in certificate IDs in OCSP certificates. Apparently some of the OCSP certificates in the Microsoft/Akamai network use SHA-2 hashes that way. A patch was submitted a few hours ago that needs to undergo testing, and assuming it doesn't cause other problems, it should be included in the next update. I don't have an idea of when that might be released.

Thank you so very much for that information and sharing that with us.

more options

Réiteach Roghnaithe

Hi

Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue.

If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.

more options

Seburo said

Hi Just a quick note to ask you to look out for an update to Firefox that should be with you very soon that should resolve this issue. If you have used a temporary workaround in about:config, I recomend that you reverse this measure at this time.

Thank you so very much for the info.

  1. 1
  2. 2