Office 2013/2016 Client Integration Fails when using FBA with SharePoint Server 2016

If you find that once you have configured FBA with SharePoint 2016 that you are unable to do the following with Office 2013 / 2016

Issues

  1. Open Office Documents directly from Libraries
  2. Export to Excel
  3. Open with Explorer
  4. Open a site with SharePoint Designer

However, if Office 2010 is installed you will be able to

  1. Open Office Documents directly from Libraries
  2. Export to Excel
  3. Open with Explorer

Also, you will note you click export to excel on the ribbon from a list or library as soon you open the .iqy in excel it’s going to pass the List GUID along with the View GUID to _vti_bin/lists.asmx which due to authentication is going to fail and you will get stuck in an endless authentication loop. By this point you realize that Office 2013 / 2013 Client Integration with SharePoint Server 2016 does NOT work.

If you open fiddler and capture the results of the session you will find that you’re getting a 403 and X-MSDAVEXT_Error: 917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.

There is an obscure security update for SharePoint Server 2016: June 13, 2017 that will allow you to resolve this issue. However, it doesn’t mention the issue of FBA, Office 2013 or any of the issues listed above. But by running the following PowerShell cmdlets you will be able to use Office 2016 and 2013. However, it will break your ability to use the client integration with Office 2010.

Resolution: Open the SharePoint 2016 Management Shell and at the SharePoint 2016 Management Shell command prompt, type the following commands:

$sts = Get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients = $true
$sts.Update()

Restart Internet Information Services (IIS). To do this, run the following command:

iisreset /restart

Restart the SharePoint Timer Service (SPTimerV4). To do this, run the following commands:

Net Stop SPTimerV4
Net Start SPTimerV4

Run the following commands to verify that the change is made:

$sts = Get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients

The last command should return True.

SuppressModernAuthForOfficeClients

One of the SharePoint 2016 environments at Rackspace worked and others the SharePoint environment needed to be rebooted…

What made this more fun, is during this period a few of the clients engineers also started modifying their registry to get WebDav working…We had to reset these users registry and clear the webdavs cache for Office and delete the Keys below HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Common\Internet\Server Cache\ then restart the WebClient… Open Services and scroll down to Web Client, right click and choose restart

Reference:

Its clear that On-Premise environments are NOT getting any love as everyone has access to Microsoft Office 365 and its too easy to focus only on this clients..I’ve been hearing for years that:

On-Premise is dead, LONG LIVE ON-PREM!!!!

 

Cheers,

Ivan

No comments yet. Be the first.

Leave a Reply