Friday, July 11, 2008

How do I make our SharePoint site stop asking me to login? – Part III


In my previous 2 posts, I explained the settings needed to allow Internet Explorer to automatically login to your SharePoint sites without presenting the popup login box. Even if you have addressed the issues I documented there however, you may still receive repetitive login boxes when opening files with the MS Office programs such as Word, Excel, and PowerPoint.

The problem occurs when you are working on Windows Vista, and has to do with the way Vista accesses SharePoint data locations when using a fully qualified domain name without a proxy server. If you are using Windows XP as your desktop operating system, using a proxy server for internet access, or are typing a NetBIOS name to reach your SharePoint server - this problem should not exist and this solution will likely not help. The full issue and solution is now documented in the Microsoft Knowledge base in article
#943280. Here is the quick and dirty answer they recommend, which has successfully fixed the problem in my own personal testing.

First of all, the way Vista accesses SharePoint data locations has been modified by Vista Service Pack 1 - so... you really should install SP1. If you cannot install SP1 or are awaiting a central deployment, you can request a specific hotfix from Microsoft instead by following the steps mentioned in the knowledge base article above.

Once you have Vista SP1 or the hotfix installed, a registry entry must be created to list the URL's to which Windows is allowed to automatically send credentials. Of course, all of the normal cautions that you receive when editing the registry should apply here. Here's how to do that:
  1. Go to START > RUN, and type regedit.



  2. When the Registry Editor window opens, follow this path:
    HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > WebClient > Parameters.



  3. Right-click the 'Parameters' subkey, and choose New > Multi-String Value.

  4. Type the name AuthForwardServerList.

  5. Open the AuthForwardServerList value and type in the list of SharePoint server URL's that are trusted for your organization - one URL per line.



    NOTE:
    You can use wildcards to reduce the number of lines needed.
    (e.g. http:// *.domain.com)
    You will have to type in separate URL's for both http and https URL's if you use them.
  6. Close the Registry Editor window.



  7. Reboot your PC, or at least go to START > ADMINISTRATIVE TOOLS > SERVICES, and restart the WebClient service.

These steps should eliminate the login box from occuring within the MS Office products. See my previous posts (Part I and Part II) if your login prompts occur in Internet Explorer.

4 comments:

Unknown said...

Hello! We have been having this same issue with MOSS 2010 and InfoPath forms.

Every time you try to publish a form or open a form to fill it out you will be asked for credentials. If you simply hit cancel InfoPath goes on with no errors what so ever.

I added this reg key to two machines and it has resolved the issue.

This only started happening when we changed the access mapping to the SharePoint Sites to a FQL rather than just the machine name.

I would like to know if you have any other suggestions before beside pushing out this reg key to 20,000 workstations.

Chetan said...

Did not work on 3 machines I tested with. Huge issue, cannot recommend moving to Windows 7 at this time.

Archytype said...

I am having this issue with Windows 7 Pro computers (both 32bit and 64bit editions of windows)

Both use IE8

Tried adding the regkey but still prompts for Crendentials when opening a Word Document in ReadOnly mode.

Get prompted twice, no-less.

Archytype said...

I would like to further add that this worked for 7 out of 8 computers I have implemented it on.

The 8th computer I am trying to resolve at the moment.

It has the Reg key in place and has our public fqdn added in to the list. Put the sitename in the Local Intranet Zone and credentials propmt doesn't happen but IE "Can't display this webpage".

Remove the site from the Local Intranet Zone list and the logon prompt for credentials appears and users can gain access!

Bit odd, but that's how it is....