Office file not working for federated authenticated sites in SharePoint (SAML authentication).

 Situation

After implementing “iTrust” – SAML authentication while creating external facing sites(DMZ Area) – office files didn’t work.

 

Task/Analysis

Microsoft Office 2016 clients use modern authentication by default. In certain configurations, modern authentication isn’t supported by the Office 2016 clients with SharePoint Server 2016, such as when it is used for Active Directory Federation Services (AD FS) 3.0 installations. SharePoint administrators can now configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients.

 

Action

To configure SharePoint Server 2016 to suppress modern authentication in Office 2016 clients, follow these steps to run Microsoft PowerShell commands in the SharePoint 2016 Management Shell:

 

When you install SharePoint Server 2016, the user account from which you ran the installation is granted the appropriate permissions to run Microsoft PowerShell cmdlets. If any users have not been added to run a Microsoft PowerShell cmdlet, you can use the Add-SPShellAdmin cmdlet to add them. Before you can use the Add-SPShellAdmin cmdlet to grant permissions, verify that you meet all the following requirements:

 

You must have membership in the securityadmin fixed server role on the SQL Server instance.

 

You must have membership in the db_owner fixed database role on all databases that are to be updated.

 

You must be a member of the Administrators group on the server on which you are running the Microsoft PowerShell cmdlet.

 

At the SharePoint 2016 Management Shell command prompt, type the following commands:

 

$sts = Get-SPSecurityTokenServiceConfig

$sts.SuppressModernAuthForOfficeClients = $true

$sts.Update()

 

Restart Internet Information Services (IIS). To do this, run the following command:

 

iisreset /restart

 

Restart the SharePoint Timer Service (SPTimerV4). To do this, run the following commands:

 

Net Stop SPTimerV4

Net Start SPTimerV4

 

Run the following commands to verify that the change is made:

 

$sts = Get-SPSecurityTokenServiceConfig

$sts.SuppressModernAuthForOfficeClients

 

The last command should return True.

 

Result:

Office files started rendering on the browser.

Comments

Post a Comment

Popular posts from this blog

Power BI Refresh Issue: unable to convert the value '' from the source data type 'VT_BSTR' to the expected data type 'VT_I8.

Image
While scheduling refresh in Power BI, you might get below error . Issue: Unable to convert the value '<pii></pii>' from the source data type 'VT_BSTR' to the expected data type 'VT_I8 .     Cause/Reason Behind: Column datatype mismatch between power bi desktop and power bi cloud report. Solution: Edit query in power bi desktop and change the data type so it’s in sync with Power BI service/cloud. Example: In my case, I have modified a column’s datatype from decimal to whole number (to display no. of days). Now power bi desktop and power bi service synced up and I could perform automatic data refresh.
Read more

Run Powershell script on Remote Computer/Server

Image
PowerShell Remoting allows you to run individual PowerShell commands or access full PowerShell sessions on remote Windows systems.   PowerShell is locked-down by default, so you’ll have to enable PowerShell Remoting before using it. This setup process is a bit more complex if you’re using a workgroup – for example, on a home network — instead of a domain.   Enabling PowerShell Remoting On the computer you want to access remotely, open a PowerShell window as Administrator – right click the PowerShell shortcut and select Run as Administrator.   To enable PowerShell Remoting, run the following command (known as a cmdlet in PowerShell):  Enable-PSRemoting -Force This command starts the WinRM service, sets it to start automatically with your system, and creates a firewall rule that allows incoming connections. The -Force part of the command tells PowerShell to perform these actions without prompting you for each step     Workgroup ...
Read more

SPDActivities - DP.SharePoint.Workflow - Workflow failed to run

Image
One of my SP 2016 application is using SPDActivities of Email extended feature of DP.SharePoint.Workflow to provide custom "From" address. But customers started to complain that they are not getting reminder emails anymore. Find below my STAR analysis, Situation : Recently I was facing an issue - Approval workflow failed to run. Customers not getting reminder emails anymore. Task : - Planned to look into SharePoint services, IIS site, web.config files (WFE and App Server), Latest patch/MS update/CU, Users permission. Analysis : Started looking into each below items,  - SharePoint Timer Service and Administration services were running and good - Account which is running the workflow got required permission - DP.SharePoint.Workflow got activated for the web application - Checked into web.config file in WFE server and App Server for below sections Under <SafeControls> below 3 lines need to added both in WFE and App server web.config files, ...
Read more