Saturday, July 26, 2008

Office 2007 on Vista authentication prompts with Sharepoint docments

Under Windows Vista, sometimes when you open an Office document stored on a WSS or MOSS site, Vista keeps prompting you for user credentials and integrated security just doesn't seems to work.  This can be caused by a number of different configuration issues in your environment and sometimes you need to have all the stars aligned for it to work.

  • First thing to check is make sure your Sharepoint site is working with integrated security to start with, that is you have configured either NTLM or Kerberos correctly.  So when you navigate to your Sharepoint site in Internet Explorer with your desired url, it should not prompt you for username or password.

    If you are having trouble here, check these items.
    • Make sure the url you're using is in the Intranet zone and not the Internet zone.  By default on Vista, only Intranet zone does integrated security.
    • Check that you are using NTLM on your WFE server.
    • If you are using Kerberos, make sure SPN are configured correctly.  Check out this post from Martin Kearn on kerberos and Sharepoint.
  • Now make sure Vista is running SP1, if not, install the hotfix http://support.microsoft.com/?id=943280 on your clients.
  • Add AuthForwardServerList to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters in the registry.  The value in this key should be the URLs of your sharepoint stie.  Restart the WebClient or for the changes to take effect.  I've used the new group policy preference to deploy this key.

With everything configured correctly, there shouldn't be any more annoying authentication prompts from Vista when you open an Office 2007 document.

No comments: