Mar 26 2017 03:09 AM
Starting a few days ago, our Office 2013 users started reporting issues opening documents on SP en OneDrive. The version of Office 2013 is Professional Plus 15.0.4420.1017 (so it is not suitable for modern authantication).
A message pops up requesting to log in to open the document, but login fails. The user is properly logged in to Office.
We found that an entry in the credential manager is missing, and is not created automatically.
The only fix we have found so far is to manually create the entry in the credential manager.
MicrosoftOffice15_Data:orgid:<e-mail>
Login: <login>
Paswoord: <pw>
Persistence: Domain
We use ADFS and AADSync.
The issue is currently not present on Office 2016.
Mar 28 2017 07:20 AM
Obvious question perhaps since you mention that your Office version is too old for ADAL auth but could it be that modern auth has been switch on for the Office 365 tenant?
Is this happening for all users?
Brjann
- Azure AD Customer Success team
Mar 28 2017 07:49 AM
Well as far as I understand the documentation, modern authentication is always enabled by default on SharePoint but not on Exchange and Skype. So far we've never changed this.
Luckily it doesn't happen on all our installation. The only change on our side was a GPO for setting the trusted sites. Could a change in trusted sites result in credentials being revoked from the credential manager?
We now think that there are two issues playing, the first being stored credentials being revoked, the second issue not being redirected to our ADFS when presented with an authentication dialog through Word.
Apr 04 2017 03:30 PM
May 11 2017 05:44 AM
Hi Bart, were you able to find any resolution to this?
We're experiencing the same issue. Only impacting Office 2013 instances. We've updated the clients to the latest May 2017 updates (15.0.4927.1000).
For some users, simply enabling ADAL by adding the EnableADAL & Version registry keys has resolved. However we still have some users who are receiving the login prompt when attempting to open SharePoint documents or calendars within their local Office clients. They're unable to get past this prompt.
I will try manually adding the credential to their credential manager.
May 11 2017 05:51 AM
Hello David,
No solution so far. I'm currently thinking it is linked to alternate login feature. Do you have alternate login enabled on ADFS?
Although it is weird that it is spreading so slowly, only a few cases are reported every day.
Bart
May 12 2017 06:03 AM
I'm waiting for confirmation, but I believe we do have alternate login enabled.
We've been able to resolve the issue for some office 2013 products by enabling modern authentication. This does require the office instance to be recently patched and up-to-date (see using modern authentication).
Unforatunely this fix only applies to some of the office products: Excel, Word, PowerPoint, OneNote, InfoPath. It does not resolve the issue for Outlook (with SharePoint calendars) or SharePoint Designer 2013.