kcorbinakc
asked on
Certain PCs are promted for a password when opening Office attachments in OWA
A couple of my users are being prompted for their password when they attempt to open up Office documents in Outlook Web Access. If you enter the username and password several times you can view the document but it only does this for Office types; PDFs, TXTs, etc. open up just fine. Oddly, if you hit 'Cancel' when prompted for your password you can open Word documents.
Most of the PCs in the office have no problems opening up Office documents in OWA regardless of whether they only have Office 2003 or Office 2010 or the Word and Excel Viewers.
I've removed and re-added the PC to the domain, re-installed IE8, run the MS registry fix that's supposed to set the file types (it's never had a problem opening up a document locally or from the network though), and then also did a number of OWA server fixes like adding the MIME types to IIS, adding the MIME types to Internet Message Formats in Exchange System Manager, and setting the authentication types on the Exchange Virtual Server.
So, because it only affects a few machines, I think it's a local thing, but I can't figure it out either way.
Ideas of what else to try?
It's Exchange 2003 running on Server 2003 SR2 and the workstation in question is running XP SP3 with IE 8.
Most of the PCs in the office have no problems opening up Office documents in OWA regardless of whether they only have Office 2003 or Office 2010 or the Word and Excel Viewers.
I've removed and re-added the PC to the domain, re-installed IE8, run the MS registry fix that's supposed to set the file types (it's never had a problem opening up a document locally or from the network though), and then also did a number of OWA server fixes like adding the MIME types to IIS, adding the MIME types to Internet Message Formats in Exchange System Manager, and setting the authentication types on the Exchange Virtual Server.
So, because it only affects a few machines, I think it's a local thing, but I can't figure it out either way.
Ideas of what else to try?
It's Exchange 2003 running on Server 2003 SR2 and the workstation in question is running XP SP3 with IE 8.
Anastasia D. Gavanas
You should probably check that the client machines with this behavior, dont have the IE security setting that requires to prompt for username and password.
Or also ensure the integraded authentication is set on IIS and that the firewall is set properly so users can connect. Also make sure that those setting are ported to Exchange
I also find another answer on a similar issue here, if you want to take a look in case the above suggestions dont work
http://itknowledgeexchange
http://itknowledgeexchange
Just out of curiosity, have the user passwords expired, or close to expiration? We had a situation where expired passwords were the culprit.
ASKER
No, the setting 'Prompt for user name and password' is not checked in IE Settings.
Integrate authentication is enabled in IIS and the firewall is fine. The affected machines are on the local intranet checking other users mailboxes like so: http://exchange/exchange/username
The user's mailboxes they are checking haven't expired their passwords, in fact they are set to never expire.
I do think it's possibly related to anonymous authentication actually. I did some testing logging in into OWA when logged into the local machine as the user who owns the mailbox, and then as a different user. When logged in as the actual user (so it's using Windows authentication) I was able to open Office documents in OWA just fine. When logged in as a different user and then opening OWA I was prompted for the username and password again when trying to open the Office docs. If I put the username and password in I am able to open the documents though. If I simple click 'Save' rather than 'Open' I can save the document though without additional prompting.
Integrate authentication is enabled in IIS and the firewall is fine. The affected machines are on the local intranet checking other users mailboxes like so: http://exchange/exchange/username
The user's mailboxes they are checking haven't expired their passwords, in fact they are set to never expire.
I do think it's possibly related to anonymous authentication actually. I did some testing logging in into OWA when logged into the local machine as the user who owns the mailbox, and then as a different user. When logged in as the actual user (so it's using Windows authentication) I was able to open Office documents in OWA just fine. When logged in as a different user and then opening OWA I was prompted for the username and password again when trying to open the Office docs. If I put the username and password in I am able to open the documents though. If I simple click 'Save' rather than 'Open' I can save the document though without additional prompting.
As it seems this is not an OWA issue but rather an issue with opening any Office attachment where it is accessed via a URL. It may happen to Office 2003 and later version. There's related KB 838028 talks about the reasons why Office is prompting for credentials. The explanation is under the "Identifying known drawbacks that are caused by Office Protocol Discovery" section (second paragraph).
You can try getting the latest service packs and hotfixes for office 2003 and
office 2007.
You are prompted for credentials every two weeks when you try to view
a Web resource in Office 2003
http://support.microsoft.com/kb/916658
Description of the 2007 Office system hotfix package: June 26, 2008
http://support.microsoft.com/kb/954573
How documents are opened from a Web site in Office 2003
http://support.microsoft.com/kb/838028
You can try getting the latest service packs and hotfixes for office 2003 and
office 2007.
You are prompted for credentials every two weeks when you try to view
a Web resource in Office 2003
http://support.microsoft.com/kb/916658
Description of the 2007 Office system hotfix package: June 26, 2008
http://support.microsoft.com/kb/954573
How documents are opened from a Web site in Office 2003
http://support.microsoft.com/kb/838028
I also found this on a discussion on the same problem, a while back:
Workaround (it can pose some security risk):
1. Added the registry values to the "KnownContentTypes" (server)
HK_LOCAL_MACHINE\SYSTEM\Cu
+ application/msword
+ application/vnd.ms-excel
Related KB:KnownContentTypes registry entry
http://support.microsoft.com/?kbid=873138
2. Added the registry values (server)
HKEY_LOCAL_MACHINE\SYSTEM\
a. Remove "application/octet-stream"
b. Add "application/octet-stream"
c. restart the Microsoft Exchange System Attendant
Workaround (it can pose some security risk):
1. Added the registry values to the "KnownContentTypes" (server)
HK_LOCAL_MACHINE\SYSTEM\Cu
+ application/msword
+ application/vnd.ms-excel
Related KB:KnownContentTypes registry entry
http://support.microsoft.com/?kbid=873138
2. Added the registry values (server)
HKEY_LOCAL_MACHINE\SYSTEM\
a. Remove "application/octet-stream"
b. Add "application/octet-stream"
c. restart the Microsoft Exchange System Attendant
One more article that may have the solution
http://support.microsoft.com/kb/955375
and this comment
I was able to correct my continuous credential request issue by adding the exchange server under trusted sites and then customizing the security for Trusted sites to use the same username and password every time.
Worked like a charm! Just wanted to say THANKS!!
http://support.microsoft.com/kb/955375
and this comment
I was able to correct my continuous credential request issue by adding the exchange server under trusted sites and then customizing the security for Trusted sites to use the same username and password every time.
Worked like a charm! Just wanted to say THANKS!!
ASKER
I did already try adding it to the KnownContentType to the OWA Admin interface with no success. I'll have a chance to look at the others more in-depth tomorrow when I get back in the office.
ASKER
I already have the local subnet and domain names specified in Intranet sites through Group Policy.
I also tried resetting the IUSR and IWAM system account passwords and synchronizing them in IIS Manager.
I tested another couple of machines, and so far the problem only seems to exist on the machines with Office 2010 installed. The one's with Office XP or only the Word and Excel 2007 viewers don't have the problem. This may be coincidental, but I think it's a key to the issue.
People with the same issue: http://social.technet.microsoft.com/Forums/en-US/officeappcompat/thread/91a1708d-4ae6-450e-a9b9-32f1e872c629/
The only thing that throws this off is that my PC has 2010 installed but doesn't have the same problem.
I also tried resetting the IUSR and IWAM system account passwords and synchronizing them in IIS Manager.
I tested another couple of machines, and so far the problem only seems to exist on the machines with Office 2010 installed. The one's with Office XP or only the Word and Excel 2007 viewers don't have the problem. This may be coincidental, but I think it's a key to the issue.
People with the same issue: http://social.technet.microsoft.com/Forums/en-US/officeappcompat/thread/91a1708d-4ae6-450e-a9b9-32f1e872c629/
The only thing that throws this off is that my PC has 2010 installed but doesn't have the same problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found a work-around