Office 2013/2016 Client Integration Fails when using FBA with SharePoint Server 2016
If you find that once you have configured FBA with SharePoint 2016 that you are unable to do the following with Office 2013 / 2016
Issues
- Open Office Documents directly from Libraries
- Export to Excel
- Open with Explorer
- Open a site with SharePoint Designer
However, if Office 2010 is installed you will be able to
- Open Office Documents directly from Libraries
- Export to Excel
- Open with Explorer
Also, you will note you click export to excel on the ribbon from a list or library as soon you open the .iqy in excel it’s going to pass the List GUID along with the View GUID to _vti_bin/lists.asmx which due to authentication is going to fail and you will get stuck in an endless authentication loop. By this point you realize that Office 2013 / 2013 Client Integration with SharePoint Server 2016 does NOT work.
If you open fiddler and capture the results of the session you will find that you’re getting a 403 and X-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.
There is an obscure security update for SharePoint Server 2016: June 13, 2017 that will allow you to resolve this issue. However, it doesn’t mention the issue of FBA, Office 2013 or any of the issues listed above. But by running the following PowerShell cmdlets you will be able to use Office 2016 and 2013. However, it will break your ability to use the client integration with Office 2010.
Resolution: Open the SharePoint 2016 Management Shell and at the SharePoint 2016 Management Shell command prompt, type the following commands:
$sts = Get-SPSecurityTokenServiceConfig $sts.SuppressModernAuthForOfficeClients = $true $sts.Update()
Restart Internet Information Services (IIS). To do this, run the following command:
iisreset /restart
Restart the SharePoint Timer Service (SPTimerV4). To do this, run the following commands:
Net Stop SPTimerV4 Net Start SPTimerV4
Run the following commands to verify that the change is made:
$sts = Get-SPSecurityTokenServiceConfig $sts.SuppressModernAuthForOfficeClients
The last command should return True.
One of the SharePoint 2016 environments at Rackspace worked and others the SharePoint environment needed to be rebooted…
What made this more fun, is during this period a few of the clients engineers also started modifying their registry to get WebDav working…We had to reset these users registry and clear the webdavs cache for Office and delete the Keys below HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Common\Internet\Server Cache\ then restart the WebClient… Open Services and scroll down to Web Client, right click and choose restart
Reference:
- How modern authentication works for Office 2013 and Office 2016 client apps
- Enable Modern Authentication for Office 2013 on Windows devices
- Description of the security update for SharePoint Server 2016: June 13, 2017
- Making Microsoft Office to Work with WebDAV Server
Its clear that On-Premise environments are NOT getting any love as everyone has access to Microsoft Office 365 and its too easy to focus only on this clients..I’ve been hearing for years that:
On-Premise is dead, LONG LIVE ON-PREM!!!!
Cheers,
Ivan