Fixing SharePoint Office Integration Problems

Applies To: SharePoint

We recently upgraded to SharePoint 2010. Things went relatively smoothly, but we began to experience problems with some of our Office users. I looked everywhere but I couldn’t find anything that described our problem perfectly or that provided a solution. So here is the guide I wish we’d had before we called Microsoft Support.

Symptoms:

Windows 7/Vista machines had missing/broken links to the sites within the SharePoint Sites library on their machine. These were all users with MySites most of whom had had no problem opening and saving documents directly within Office to SharePoint 2007. This was affecting both Office 2007 and Office 2010 users.

The Save/Open dialog showing a normal SharePoint Sites Library

Sometimes there was a MySite link, sometimes just a Member Sites folder, sometimes neither and sometimes various levels of Member Sites with the wrong type of Icon (Not like shown above). Some users could connect fine although it was very slow, others would have some very strange issues.

In addition to constantly asking for authentication or telling them access was denied to their own MySite, there were users who seemed to be saving their documents nowhere. Checking the Upload Center would show they did save them but not as expected.

For instance, one guy added his personal documents library to Office using the Connect To Office button on the SharePoint Ribbon. Trying to save a word document he double clicked on this link within the SharePoint Sites Library and everything saved. Further investigation with SharePoint Designer showed that their was a word document at his MySite root named PersonalDocuments.aspx.doc!

Obviously these links were broken. Sometimes they were gone from one day to the next and this was causing a lot of frustration. We tried messing with the registry entries, checking our version of Office, verifying access was setup correctly and finally gave up and called Microsoft Support.

Our Environment:

We had had a SharePoint 2007 farm using Windows Authentication. We built a new SharePoint 2010 farm and used the Database Attach upgrade approach. The new farm was built to use Kerberos authentication. When everything was good to go we switched the DNS entries to the new farm and voila, everything worked! (Obviously excluding the weird Office problems).

Our clients are mostly XP machines running Office 2007 – these had no issue. The Windows 7 clients running both Office 2007 and Office 2010 began experiencing the problems even though everything worked fine with SharePoint 2007.

Our DNS entry for SharePoint was set to the FQDN (ie sharepoint.something.something). Although alternate access mapping was setup for just the sharepoint portion, the FQDN is the only public url. This turned out to be the problem.

The Cause of the Problem:

The solution was found in this Microsoft Support article: Prompt for Credentials When Accessing FQDN Sites From a Windows Vista or Windows 7 Computer

In summary, the Web Client service uses Windows HTTP Services (WinHTTP) to do network operations behind the scenes (including requesting the list of Member Sites and MySite urls to update your SharePoint Sites Library). WinHTTP only sends user credentials in response to requests that occur on a local intranet site.

So just add your site to the Trusted Sites list and you’re done! Just kidding, that’s far too easy! WinHTTP does NOT use the security zone settings in Internet Explorer to determine if it should send the credentials. Instead it uses some pretty basic logic:

Are there any periods in the server’s name?
Nope: must be local – send them credentials!
Yes: Eeeek! Evil Internet, no credentials for you!

So if you happen to be using a FQDN or anything else with periods in the address, unless you’ve setup a local (no perioded(?)) proxy, no authentication is gonna happen which is pretty problematic for nearly every use case in SharePoint.

A hotfix is available for Vista and was included in Windows 7. But the hotfix doesn’t fix the logic nor does it start using the security zone definitions from your internet options. It provides a registry configuration of trusted sites (see solution below).

Testing the Problem:

Office only requests this list of sites/libraries once every 24 hours or so based on a registry key. However, following the steps below you can get it to make the request(s) again. In order to watch them, download and install Fiddler. You should be able to see all the requests as it makes them.

Close all Office programs (including Outlook)

Using RegEdit, delete the LinkPublishingTimestamp registry key.

Vista and Above:
HKEY_CURRENT_USER\Software\AppDataLow\Microsoft\Office\14.0\Common\Portal\LinkPublishingTimestampWindows
XP:
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Portal\LinkPublishingTimestamp

If you are using Office 2007, just replace the 14.0 used above with 12.0

Restart the Web Client service using the Services console (Administrator Tools > Services or Run services.msc)

Open Word and choose Save As (It may take a few minutes to start populating).

In Fiddler you should see all or at least most of the requests receive 401 responses (unauthorized). So, let’s get it fixed.

Solution:

  1. Using RegEdit, navigate to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  2. Add a New Multi-String Vlaue (Edit > New).
  3. Name it AuthForwardServerList and press Enter.
  4. Set the value (Edit > Modify) to your FQDN. Or you can do something more comprehensive like http://*.something.something
  5. To verify it worked follow the steps above and see if everything updates (Or wait a day for things to recycle)

Now slap that registry setting in a Group Policy targeted at Windows 7/Vista users and you’re good to go.

9 thoughts on “Fixing SharePoint Office Integration Problems

  1. Thanks for the sharing, it works for us, another question is whether it is possible to get the recycle timer less than 24 hours? I find some users can see the links straight away whilst some takes longer than 24 hours?

    Lucas

  2. THANK YOU for this page! You have no idea how long I spent bashing my head against the wall over this one. There are pleas for help on this one all over the internet, but I couldn’t find any that actually had not just a solution, but a complete explanation of the problem and why it occurs.

    Sir, you rock!

  3. We had this problem with SharePoint 2010 but fixed it by clicking in a document library and clicking connect to office. This initiated the population of the member sites. Unfortunately, we have upgraded to SharePoint 2013 and we are having a similar issue. The links are populating but they don’t work. In fact, we made some structural changes when we moved to 2013 and some of the links that are populating still point to the old environment. Has anyone had any experience getting this to work with SharePoint 2013?

  4. […] “SharePoint integration must be really hard, judging by this new infographic, “Seven Alcoholic Drinks to Imbibe as Your SharePoint Integration Project Fails.” . . . Why is SharePoint so hard to integrate? There’s the obvious reason, of course: Microsoft’s built it for Microsoft ecosystems with little concern for heterogeneous environments. Still, that’s not the only reason it’s a pain. In fact, SharePoint had integration problems even with other Microsoft solutions, as this 2012 post by an application architect shows.” […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s