none
Webclient Certificate Prompt

    Question

  • When i try to connect  from a windows 7 workstation to a sharepoint 2010  dav ssl  Network location  \\sharepoint.mydomain.com@SSL\DavWWWRoot  that require client certificate , webclient service prompt for certificate selection even if i have only one.There is an option  to automatically choose  client certificate that follow internet explorer "Do not prompt for client certificate selection when no certificates or only one certificate exists( like kb943280 AuthForwardServerList )?

    • Edited by AttilioDrei Saturday, March 24, 2012 11:59 AM
    • Moved by Niki HanModerator Wednesday, April 04, 2012 5:26 AM IE related (From:Windows 7 Miscellaneous)
    Saturday, March 24, 2012 11:30 AM

All replies

  • 1. Are there any traces in Event logs?

    2. Is this new phenomenon or it appeared after somethingt like update, change of configuration or new application install?

    3. It may help, if you summarize you setup or how you configure your system.

    Regards

    Milos

    Sunday, March 25, 2012 7:44 AM
  • Hi,

    May I know if the issue only occurs on one Windows 7 workstation? How about other user account?

    If the issue occurred recently, you can perform a system restore first.


    Niki Han

    TechNet Community Support

    Monday, March 26, 2012 8:48 AM
  • this occurs also with  a 32 bit windows 7 , a 64 bit windows 7 and  windows server 2008 r2.

    Webclient does not filter CA list sent by the server, so if i install a certificate signed by an unknown authority , this certificate appear in selection even if not trusted by the server.

    • Edited by AttilioDrei Monday, March 26, 2012 12:22 PM
    Monday, March 26, 2012 11:20 AM
  • Can i trace webclient connections ? i don't know how to trace log this service.

    I have not tried before so it seems to be a default behaviour,  may be webclient does not  choose setclientcertificate  in winhttp connection.

    My win7 webclnt.dll  version is 6.1.7601.17514    ,   on a fresh windows 2008 server r2 6.1.7600.16385.

    My client certificate is stored under  CURRENT USER  MY\Personal    

    Monday, March 26, 2012 11:47 AM
  • Hi,

    Please take a look at following kB, if it doesn't meet you scenarios. Please tell me the exactly message about select certificate.

    http://support.microsoft.com/kb/260519

    http://support.microsoft.com/kb/958788


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, March 28, 2012 10:28 AM
  • This occurs always when webclient service start because  i want to browse sharepoint from network location or  i try to open an office document with internet explorer, only  the first time   i have to choose my client certificate.

    Selection only say  select client certifcate ( ok, cancel, view cetificate).

    • Edited by AttilioDrei Wednesday, March 28, 2012 3:54 PM
    Wednesday, March 28, 2012 3:52 PM
  • Hi,

    Please refer to following KB and let me know if this is suitable for your scenarios.

    http://support.microsoft.com/kb/838028

    if not, i'd like to confirm that if this issuse happens only when we open the office documents at first time.


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, March 29, 2012 4:48 AM
  • This issue happens every time https connection is established.
    Friday, March 30, 2012 7:42 AM
  • HI,

    IE has a security setting "Don’t prompt for client certificate selection when no certificates or only one certificate exists. ", so please enable it for a test.


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, March 30, 2012 8:54 AM
  • Yet enabled, as you see in my first post.
    Saturday, March 31, 2012 1:14 AM
  • Hi, could you please help to confirm following points? If we just leave one certificate that pass the cetificate validation from client and server side to user my store, does this issue happen again?

    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Saturday, March 31, 2012 6:26 AM
  • yes.
    Monday, April 02, 2012 9:08 AM
  • Hi,

    Before we go further, I'd like to confirm that if your problem just like below:

    When a user running Office 2010 opens a document from web site, a Windows Security "Select a certificate" prompt appears hidden behind the IE Window.  If the user finds the prompt and clicks ok the file will load.  However, this prompt comes up every time even for the same link in the same session. 

    if not, please describe it in more details, if possible, please provide me steps.


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, April 03, 2012 5:37 AM
  • No, the prompt is only  displayed when

    1) webclient service is stopped  or

    2) https connection is reestablished

    this is true opening document from internet browser or from dav url

    Tuesday, April 03, 2012 7:33 AM
  • Hi,

    Please let me know if your main concerns is that you just want to hide the prompt for certificate selection. If so, i think we could set the ssl setting to ingnore client certificate if the SSL doesn't require client certificate.   


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, April 04, 2012 3:32 AM
  • As you see from my initial post, i just don't want certificate selection appear at all, certificate must be sent without involving the user since i have only 1 valid certificate, and for security reason i want server require client certificate in order to access intranet site.

    Best Regards.


    • Edited by AttilioDrei Wednesday, April 04, 2012 7:30 AM
    Wednesday, April 04, 2012 7:26 AM
  • Hi,

    Please check the following blog.

    http://blogs.technet.com/b/steve_chen/archive/2010/06/25/multiple-logon-while-open-office-document-from-sharepoint.aspx

    Here is a similar post in sharepoint forum.

    http://social.msdn.microsoft.com/Forums/eu/sharepoint2010general/thread/acedc2b3-bc5c-40c8-a4a9-8b4fdaa97703

    If the issue persists, I suggest posting in Sharepoint forum for further insights.

    Friday, April 06, 2012 7:33 AM
  • Note: Use of MSDAIPP on Windows 7 and above is not supported.

    Friday, January 10, 2014 8:09 PM
  • Take a look at http://support.microsoft.com/kb/2647954 and the EnableCTLFiltering and/or EnableAutoCertSelection parameters
    Friday, January 10, 2014 8:15 PM