none
Annoying authentication prompt when opening a Word document in IE8 on Windows7 in Word 2010

    Question

  • I hope someone can help us with our next problem:

    The Word documents are located on our intranetsite protected with name and password (Single-Sign-On with Active Directory). Our older clients with Windows XP (SP3) and Word 2003 could open these documents without any problem. PDF documents are not affected.

     

    We discovered also that applying the credentials doesn't work and using the "Remember my credentials" option box doesn't work either. Entering the credentials 3 times will give access to the Word document but just clicking on the Close or Cancel button will do the same.

    Documents from our SharePoint 2010 site are not affected.

    We have searched the internet for a solution for this problem but the hints, tips and solutions found so far do not work for us.

    We applied KB article http://support.microsoft.com/kb/943280 but even this one does not workfor us. This article add a new key AuthForwardServerList to the registry with an URL list so the WebClinet can send credentials through these channels

    Another solution to add our intranetsite to the trusted sites list in IE8 doesn't work either.

    We tried also this one http://www.andornot.com/blog/post/How-to-enable-Windows-7-single-sign-on-for-a-website-using-Windows-authentication.aspx with negative result.

    Things discovered so far:

    If we disable the WebClient service the problem is gone but in that case we can't access documents from our SharePoint site.

    We installed a client with Windows 7 and Office 2003 Pro with the latest service packs and we can direct access the documents in IE8 without any problem. This pintpoints the problem to Office 2010!
    Monday, October 11, 2010 11:17 AM

Answers

  • Hello SR_1,

     

    We made a payed call at Microsoft for this problem and they came up with a solution. Our organisation is willing to share this solution and I hope Microsoft will have no objection sharing this too.

     

    It had to do with the Apache webserver of our provider. It did not response in the correct way at the PROPFIND request from our clients at the moment we opened the documents. The Office programs uses WebDAV. But the webserver does not. The solution is to let the Apache webserver answers the PROPFIND request with 501/Not Implemented. Another solution is that Apache anwers with 403(ACCESS DENIED) and that you put the PROPFIND and OPTIONS method in the list of forbidden methods at the webserver; that is what the provider did.

     

    Without the help of the Microsoft Engineers we would not have solved this problem. It was a very instructive route we made. Now, when we have problems with webservers or whatever communicates with http we start Fiddler or Microsoft Network Monitor and look at the communication.

     

    I hope this helps.

     

    Marcel

    Helpdesk SLO

     

    • Marked as answer by helpdeskslo Wednesday, April 06, 2011 8:36 AM
    Wednesday, April 06, 2011 8:36 AM

All replies

  • Hi,

     

    Try the fix in this KB article:

    You are prompted to enter your credentials when you access an FQDN site from a computer that is running Windows Vista or Windows 7 and has no proxy configured

    http://support.microsoft.com/Default.aspx?id=943280

     

    Best Regards,

     

    Sally Tang

    Tuesday, October 12, 2010 6:03 AM
  • Thanks Sally,

    We already used the information from this article. Two persons tested it on two different Windows 7 systems with Office 2010 with the same result. It did not work.

    Kind Regards,

    Marcel

    Helpdeksk SLO

    Tuesday, October 12, 2010 9:00 AM
  • Hi Marcel

    I'd like to point you to a site which has a webdav implementation. They did quite some research on behavior of Windows/Office regarding remote access.
    Maybe this helps

    http://code.google.com/p/sabredav/wiki/Windows

    Werner

     

    Tuesday, October 12, 2010 1:34 PM
  • Hello,

    We would like to gather additional information relates to Single-Sign-On with Active Directory and please clarify the following:

     

    1.       Whether the user logged into computer is same as SharePoint Site User?  In other words while accessing the SharePoint Site user need to provide different login credentials.

    2.       It is possible to verify whether the issue relates to Authentication by checking what is going on Wire between client and Server.    Network Monitor 3.4 is one of the tools will assist to verify OPTIONS request is successful or not.  Please install the tool from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en  and launch the tool with elevated permission and reproduce the issue.   While verifying the trace data apply HTTP filter to narrow down OPTIONS request.   The initial OPTIONS request sent to server will be Anonymous and Server response most likely 401 requesting NTLM credentials.  The second request will be successful with 200 responses if there is a failure we are dealing with user credentials permission issue hence Authentication Prompt is noticed.  Please check Microsoft Support solution http://support.microsoft.com/?kbid=2019105  for more information.   The solution differs by customer requires close attention.

     

    The second part “Remember my credentials” whether it is displayed in the Prompt or different place.   Selecting Cancel in Authentication Prompt open the Office document most likely Anonymous Access is enabled for the Web Application please confirm from Central Administration | Application Management | Authentication Provider – Select the Web Application | Select a Zone to find whether Anonymous is selected.   There could be more than one Zone.

     

    The following solution http://support.microsoft.com/kb/2123563 may work if Basic Anonymous is enabled on the Web Application

     

    Regards,

    Chris Nicholas

    Microsoft Online Community Support

    Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     

     

    • Marked as answer by Sally Tang Friday, October 22, 2010 8:54 AM
    • Unmarked as answer by helpdeskslo Wednesday, October 27, 2010 12:56 PM
    Tuesday, October 19, 2010 2:39 PM
    Moderator
  • Hello,

    We would like to gather additional information relates to Single-Sign-On with Active Directory and please clarify the following:

     

    1.       Whether the user logged into computer is same as SharePoint Site User?  In other words while accessing the SharePoint Site user need to provide different login credentials.

    2.       It is possible to verify whether the issue relates to Authentication by checking what is going on Wire between client and Server.    Network Monitor 3.4 is one of the tools will assist to verify OPTIONS request is successful or not.  Please install the tool from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en  and launch the tool with elevated permission and reproduce the issue.   While verifying the trace data apply HTTP filter to narrow down OPTIONS request.   The initial OPTIONS request sent to server will be Anonymous and Server response most likely 401 requesting NTLM credentials.  The second request will be successful with 200 responses if there is a failure we are dealing with user credentials permission issue hence Authentication Prompt is noticed.  Please check Microsoft Support solution http://support.microsoft.com/?kbid=2019105  for more information.   The solution differs by customer requires close attention.

     

    The second part “Remember my credentials” whether it is displayed in the Prompt or different place.   Selecting Cancel in Authentication Prompt open the Office document most likely Anonymous Access is enabled for the Web Application please confirm from Central Administration | Application Management | Authentication Provider – Select the Web Application | Select a Zone to find whether Anonymous is selected.   There could be more than one Zone.

     

    The following solution http://support.microsoft.com/kb/2123563 may work if Basic Anonymous is enabled on the Web Application

     

    Regards,

    Chris Nicholas

    Microsoft Online Community Support

    Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     

     


    1. Our intranetsite is not a SharePoint site.

    2. We made a payed call at Microsoft and this is now under investigation of a MSF engeneer.

    Kind Regards,

    Marcel Kollenaar

    Helpdesk SLO

    Monday, October 25, 2010 12:30 PM
  • Hi,

    I installed the network monitor. When I start the monitor the behaviour has changed. I can open the document normally without the credentials screen after I have clicked Ok and the Close button in the credentials window first. After that I can open the document as it shout and multiple times after each other. When I stop the network monitor everything is as it was before, WRONG. The network monitor adds something to the system but I don't know what. Nevertheless a very nice tool we'll keep in mind, thanks.

    The other option such as the basicauthentication etc. doesn't help.

    [..] please confirm from Central Administration | Application Management | Authentication Provider – Select the Web Application | Select a Zone to find whether Anonymous is selected.   There could be more than one Zone. [..]

    Where do I find these settings?

    Kind regards,

    Marcel Kollenaar

     

    Wednesday, October 27, 2010 1:10 PM
  • Hi Marcel

    I'd like to point you to a site which has a webdav implementation. They did quite some research on behavior of Windows/Office regarding remote access.
    Maybe this helps

    http://code.google.com/p/sabredav/wiki/Windows

    Werner

     


    Thanks Werner for the information, so far no success.

    Wednesday, October 27, 2010 1:15 PM
  • Check MSIE 8 settings, maybe add the URL to the trusted sites?
    Thursday, November 04, 2010 6:52 PM
  • Did that already but that is not the solution! The problem stays.
    Friday, November 12, 2010 8:54 AM
  • I will first just explain our situation.

    We have an AD integrated WEB aplication.
    So when we would click on the App link, it would automatically authenticate etc.
    When we upgraded to IE8 it all of a sudden started asking for user name and password.
    Here is what I did to fix our problem:

    - Go to Tools>Internet Options,
    - Under Security Tab, click the Custom Level button.
    - Scroll all the way down, and under Login, select "Automatic logon with current user name and password" radio button (the third option).

    Most probably, you or Ms guys have already thought of this, but just in case you didn't, it did work for us.

     

    Friday, November 12, 2010 2:32 PM
  • Did what you told above. The authentication message prompt appears after a long (longer than i had before the change) time with the credentials aleady in the fields. I have to push 3 times on OK. Then the document opens. Wow the problem remains.

    Thanks anyway for your input mmusicki.

    Kind regards,

    Marcel

    Monday, November 15, 2010 2:40 PM
  • helpdeskslo, did you ever find a resolution to this?   i've tried all of the following and nothing works:

     

    -disabled the loopback check

    -added site to trusted sites

    -added AuthForwardServerList to registry

    -automatic logon with current username/password

     

    etc etc etc

    Tuesday, March 22, 2011 5:09 PM
  • Hello SR_1,

     

    We made a payed call at Microsoft for this problem and they came up with a solution. Our organisation is willing to share this solution and I hope Microsoft will have no objection sharing this too.

     

    It had to do with the Apache webserver of our provider. It did not response in the correct way at the PROPFIND request from our clients at the moment we opened the documents. The Office programs uses WebDAV. But the webserver does not. The solution is to let the Apache webserver answers the PROPFIND request with 501/Not Implemented. Another solution is that Apache anwers with 403(ACCESS DENIED) and that you put the PROPFIND and OPTIONS method in the list of forbidden methods at the webserver; that is what the provider did.

     

    Without the help of the Microsoft Engineers we would not have solved this problem. It was a very instructive route we made. Now, when we have problems with webservers or whatever communicates with http we start Fiddler or Microsoft Network Monitor and look at the communication.

     

    I hope this helps.

     

    Marcel

    Helpdesk SLO

     

    • Marked as answer by helpdeskslo Wednesday, April 06, 2011 8:36 AM
    Wednesday, April 06, 2011 8:36 AM
  • Werner, you were very close with your link to WebDAV. At that time we had not the knowledge to understand what was happening.

    Thanks anyway for your answer.

    Marcel

    Helpdesk SLO

    Wednesday, April 06, 2011 8:47 AM
  •  

    Hello helpdeskslo,

    I see your helpful post.

     

    In our environment, the same problem had occurred.

    I tried as your explanation as following.

    -----

    Another solution is that Apache anwers with 403(ACCESS DENIED)

    and that you put the PROPFIND and OPTIONS method in the list of

    forbidden methods at the webserver; that is what the provider did.

    -----

     

    Put follow line to my httpd.conf

     

    -----

    <Directory />

    snip

        <Limit OPTIONS PROPFIND>

            Order allow,deny

        </Limit>

    snip

    </Directory>

     

    <Directory /usr/local/apache/htdocs>

    snip

        <Limit OPTIONS PROPFIND>

            Order allow,deny

        </Limit>

    snip

    </Directory>

    -----

     

    And check response code from apache.

     

    # telnet hostname 80

    Trying ...

    Connected to hostname.

    Escape character is '^]'.

    OPTIONS / HTTP/1.0

     

    HTTP/1.1 403 Forbidden

    Date: Wed, 05 Oct 2011 04:25:08 GMT

    Server: Apache

    Content-Length: 202

    Connection: close
    Content-Type: text/html; charset=iso-8859-1
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don't have permission to access /
    on this server.</p>
    </body></html>
    Connection closed by foreign host.
    # telnet hostname 80
    Trying ...
    Connected to hostname.
    Escape character is '^]'.
    PROPFIND / HTTP/1.0
    HTTP/1.1 403 Forbidden
    Date: Wed, 05 Oct 2011 04:25:18 GMT
    Server: Apache
    Content-Length: 202
    Connection: close
    Content-Type: text/html; charset=iso-8859-1
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don't have permission to access /
    on this server.</p>
    </body></html>
    Connection closed by foreign host.
    response code is 403, OK!
    But the same problem occurred again.
    Please let me know if you know how to change httpd.conf
    or other configuration file in your case ?
    Best regards,
    - fhdyc
    • Edited by fhdyc Wednesday, October 05, 2011 6:17 AM
    Wednesday, October 05, 2011 6:17 AM
  • Hello,

    The problem was solved by modifying source code of my Web Application (Moodle).

    Thank you!

     

    Monday, October 17, 2011 1:16 AM
  • Hi fhdyc,

    We are also using an apache web server and have tried everything in this thread to get this to work.  What modifications did you make to your application code to get this to work?

    thank you

    Monday, July 16, 2012 6:56 PM
  • Hi,

    I have the same problem with Moodle.

    What changes have you made to Moodle ? (file(s) affected).

    Thanks

    Monday, October 22, 2012 2:25 PM
  • We're having the exact same problem with our Moodle, can you give any information about the modifications you made to fix this?

    Thanks,

    Dan Jackson (Lead ITServices Technician)

    Long Road Sixth Form College

    Cambridge, UK.

    Tuesday, January 13, 2015 9:12 AM
  • This issue is fixed for Moodle in version 2.8, we have updated recently and this problem went away.
    Thursday, April 23, 2015 10:38 AM