Unable to open Documents from SharePoint/OneDrive with Office 2013

Steel Contributor

Starting a few days ago, our Office 2013 users started reporting issues opening documents on SP en OneDrive. The version of Office 2013 is Professional Plus 15.0.4420.1017 (so it is not suitable for modern authantication).

 

A message pops up requesting to log in to open the document, but login fails. The user is properly logged in to Office.

 

We found that an entry in the credential manager is missing, and is not created automatically.

 

 

The only fix we have found so far is to manually create the entry in the credential manager.

 

MicrosoftOffice15_Data:orgid:<e-mail>

Login: <login>

Paswoord: <pw>

Persistence: Domain

 

We use ADFS and AADSync.

 

The issue is currently not present on Office 2016.

6 Replies

Obvious question perhaps since you mention that your Office version is too old for ADAL auth but could it be that modern auth has been switch on for the Office 365 tenant?

 

Is this happening for all users?

 

Brjann

- Azure AD Customer Success team

Well as far as I understand the documentation, modern authentication is always enabled by default on SharePoint but not on Exchange and Skype. So far we've never changed this.

 

Luckily it doesn't happen on all our installation. The only change on our side was a GPO for setting the trusted sites. Could a change in trusted sites result in credentials being revoked from the credential manager?

 

We now think that there are two issues playing, the first being stored credentials being revoked, the second issue not being redirected to our ADFS when presented with an authentication dialog through Word.

Only way I can think of trusted sites change would be if this change meant that you moved the site in or out of being able to do SSO (using same as with the Intranet Zone). Could be other things in there as well as it is a more relaxed security setting.

The ADFS not being presented really sounds like you did move site that previously wasn't doing integrated auth to now trying to do that.

I would recommend installing Fiddler on the box and capture the traffic and perhaps even more importantly connect with our Support team to help you track this down as they know exacatly how to capture the traffic and do the analysis that might take you hours/days.

Brjann

Hi Bart, were you able to find any resolution to this?  

 

We're experiencing the same issue.  Only impacting Office 2013 instances.  We've updated the clients to the latest May 2017 updates (15.0.4927.1000).  

 

For some users, simply enabling ADAL by adding the EnableADAL & Version registry keys has resolved.  However we still have some users who are receiving the login prompt when attempting to open SharePoint documents or calendars within their local Office clients.  They're unable to get past this prompt.

 

I will try manually adding the credential to their credential manager.

Hello David,

 

No solution so far. I'm currently thinking it is linked to alternate login feature. Do you have alternate login enabled on ADFS?

 

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-logi...

 

Although it is weird that it is spreading so slowly, only a few cases are reported every day. 

 

Bart

I'm waiting for confirmation, but I believe we do have alternate login enabled.

 

We've been able to resolve the issue for some office 2013 products by enabling modern authentication.  This does require the office instance to be recently patched and up-to-date (see using modern authentication).

 

Unforatunely this fix only applies to some of the office products:  Excel, Word, PowerPoint, OneNote, InfoPath.  It does not resolve the issue for Outlook (with SharePoint calendars) or SharePoint Designer 2013.