Problem
Enterprise Vault icons missing when users are performing Enterprise Vault Search in Internet Explorer or Outlook.
Error Message
The main error displayed in IE Developer Tools > Console tab:
CSS3111: @font-face encountered unknown error.
Roboto-Regular-webfont.woff
The following error could be seen on client machine in combination with the error above:
Open the Event Viewer (eventvwr.exe) and go to Application and Service Logs > Microsoft > Windows > Win32k > Operational
Log Name: Microsoft-Windows-Win32k/Operational
Source: Microsoft-Windows-Win32k
Date: 6/2/2020 6:44:44 AM
Event ID: 260
Task Category: (260)
Level: Information
Keywords: (4294967296)
User: EV\user1
Computer: Win10-Client
Description:
C:\Program Files (x86)\Internet Explorer\iexplore.exe attempted loading a font that is restricted by font loading policy.
FontType: Memory
FontPath:
Blocked: true
Cause
Error CSS3111 from IE Developer Tools > Console tab, could be caused by Windows feature called Untrusted Font Blocking. The Untrusted Font Blocking feature can stop users from loading un-trusted fonts that are processed by the Graphics Device Interface (GDI). Un-trusted fonts are any fonts that are installed outside the %windir%Fonts directory.
Solution
Determine if Blocking Untrusted Fonts feature is turned ON through Group Policy or through Registry
- Open the Group Policy editor (gpedit.msc) and go to Computer Configuration\Administrative Templates\System\Mitigation Options\Untrusted Font Blocking
- Open the registry editor (regedit.exe) and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions
1. Perform the following steps if untrusted Fonts are blocked through Group Policy:
1. Open the Group Policy editor (gpedit.msc) and go to Computer Configuration\Administrative Templates\System\Mitigation Options\Untrusted Font Blocking.
2. Click Disabled to turn the feature off.
3. Click OK.
4. Restart client machine.
2. Perform the following steps if untrusted Fonts are blocked through the Registry:
1. Open the registry editor (regedit.exe) and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\.
2. Right click on the MitigationOptions key, and then click Modify.
The Edit QWORD (64-bit) Value box opens.
3. Make sure the Base option is Hexadecimal, and then update the Value data, making sure you keep your existing value, like in the important note below:
• To turn this feature on. Type 1000000000000.
• To turn this feature off. Type 2000000000000.
• To audit with this feature. Type 3000000000000.
Important Note: Your existing MitigationOptions values should be saved during your update. For example, if the current value is 1000, your updated value should be 1000000001000.
4. Restart client machine.