Office file not working for federated authenticated sites in SharePoint (SAML authentication).

 Situation

After implementing “iTrust” – SAML authentication while creating external facing sites(DMZ Area) – office files didn’t work.

 

Task/Analysis

Microsoft Office 2016 clients use modern authentication by default. In certain configurations, modern authentication isn’t supported by the Office 2016 clients with SharePoint Server 2016, such as when it is used for Active Directory Federation Services (AD FS) 3.0 installations. SharePoint administrators can now configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients.

 

Action

To configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients, follow these steps to run Microsoft PowerShell commands in the SharePoint 2016 Management Shell:

 

When you install SharePoint Server 2016, the user account from which you ran the installation is granted the appropriate permissions to run Microsoft PowerShell cmdlets. If any users have not been added to run a Microsoft PowerShell cmdlet, you can use the Add-SPShellAdmin cmdlet to add them. Before you can use the Add-SPShellAdmin cmdlet to grant permissions, verify that you meet all the following requirements:

 

You must have membership in the securityadmin fixed server role on the SQL Server instance.

 

You must have membership in the db_owner fixed database role on all databases that are to be updated.

 

You must be a member of the Administrators group on the server on which you are running the Microsoft PowerShell cmdlet.

 

At the SharePoint 2016 Management Shell command prompt, type the following commands:

 

$sts = Get-SPSecurityTokenServiceConfig

$sts.SuppressModernAuthForOfficeClients = $true

$sts.Update()

 

Restart Internet Information Services (IIS). To do this, run the following command:

 

iisreset /restart

 

Restart the SharePoint Timer Service (SPTimerV4). To do this, run the following commands:

 

Net Stop SPTimerV4

Net Start SPTimerV4

 

Run the following commands to verify that the change is made:

 

$sts = Get-SPSecurityTokenServiceConfig

$sts.SuppressModernAuthForOfficeClients

 

The last command should return True.

 

Result:

Office files started rendering on the browser.

Comments

Post a Comment

Popular posts from this blog

Power BI Refresh Issue: unable to convert the value '' from the source data type 'VT_BSTR' to the expected data type 'VT_I8.

Image
While scheduling refresh in Power BI, you might get below error . Issue: Unable to convert the value '<pii></pii>' from the source data type 'VT_BSTR' to the expected data type 'VT_I8 .     Cause/Reason Behind: Column datatype mismatch between power bi desktop and power bi cloud report. Solution: Edit query in power bi desktop and change the data type so it’s in sync with Power BI service/cloud. Example: In my case, I have modified a column’s datatype from decimal to whole number (to display no. of days). Now power bi desktop and power bi service synced up and I could perform automatic data refresh.
Read more

Run Powershell script on Remote Computer/Server

Image
PowerShell Remoting allows you to run individual PowerShell commands or access full PowerShell sessions on remote Windows systems.   PowerShell is locked-down by default, so you’ll have to enable PowerShell Remoting before using it. This setup process is a bit more complex if you’re using a workgroup – for example, on a home network — instead of a domain.   Enabling PowerShell Remoting On the computer you want to access remotely, open a PowerShell window as Administrator – right click the PowerShell shortcut and select Run as Administrator.   To enable PowerShell Remoting, run the following command (known as a cmdlet in PowerShell):  Enable-PSRemoting -Force This command starts the WinRM service, sets it to start automatically with your system, and creates a firewall rule that allows incoming connections. The -Force part of the command tells PowerShell to perform these actions without prompting you for each step     Workgroup Setup If your computers aren
Read more

wsp not getting deployed in all servers

Last week, got into an issue that wsp was not deployed in all servers and hang. Please find below more information on that: Issue: Unable to deploy wsp solution in SP2016 On-Premise server Resolution : C leared SharePoint config cache and rebooted all SharePoint servers and the SQL server, r an the command Add-SPSolution and  Install-SPSolution and the .wsp solution got deployed Troubleshooting Steps Followed: -     ​In Central Admin checked in Farm Solution Management the status was stuck on deploying​ -     Stopped the SharePoint Admin and SharePoint Timer services -     Checked and found multiple One-time jobs​, deleted those using the scripts below ​   -     Find onetimer running job from timer job definition and delete with below query Get-SPTimerJob | where{$_.schedule.description -eq "One-time"} | ForEach-Object{$_.Delete()}​ Get-SPTimerJob | where{$_.DisplayName -eq $null} | foreach-object {$_.Delete()}Get-SPTimerJob | where{$_.sc
Read more