Update 7/7/2008: After many other troubleshooting and research, it turns out that although SP1 fixes the issue, registry settings are required to make it work. More info on the KB Article below
http://support.microsoft.com/kb/943280/en-us
- Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
|
- On the Edit menu, point to New, and then click Multi-String Value.
|
- Type AuthForwardServerList, and then press ENTER.
|
- On the Edit menu, click Modify.
|
- In the Value date box, type the URL of the server that hosts the Web share, and then click OK.
Note You can also type a list of URLs in the Value date box. For more information, see the "Sample URL list" section in this article. |
|
|
After this registry entry is created, the WebClient service will read the entry value. If the client computer tries to access a URL that matches any of the expressions in the list, the user credential will be sent successfully to authenticate the user, even if no proxy is configured.
Note You have to restart the WebClient service after you modify the registry.
Sample URL list
The following is a sample URL list:
https://*.Contoso.com
http://*.dns.live.com
*.microsoft.com
https://172.169.4.6
This URL list enables the WebClient service to send credentials through the following channels.
Note After you configure this URL list, the credentials will automatically authenticate to the WebDAV servers, even if these servers are on the Internet.
| • |
Any encrypted channel to a child domain of a domain whose name is Contoso.com. |
| • |
Any nonsecure channel to a child domain of a domain whose name is dns.live.com. |
| • |
Any channel to a server whose name ends with ".microsoft.com." |
| • |
Any encrypted channel to a host whose IP address is 172.169.4.6. |
Update 2/25/2008: Vista SP1 finally resolves this issues. Now looking back it took MS 12 months to resolve (Quite a long time knowing the workaround below were not working for everybody). I would love to hear from you about your experience with this issue
There is an issue in Vista where a user tries to open a document from a document library in Sharepoint and they are prompted by Office to authenticate themselves. This would be acceptable behavior if the user weren't already authenticated on the MOSS site they were browsing.
For some reason, when XP users try to open the same document from Sharepoint, they DO NOT get prompted for authentication. This is a Vista only issue. I've stumbled across many newsgroup posts that claim that this issue has something to do with the "Protected Mode" in IE7. Their recommended solution is to add the Sharepoint site to Trusted Sites in Internet Explorer 7 and to disable "Protected Mode".
However, even after adding the site to trusted sites in IE and disabling protected mode, the issue still persists. The issue is only replicable after a fresh reboot - once a user authenticates in office, those credentials are cached for future use. Due to this caching in office, many people cannot pinpoint how to replicate this issue.
SOLUTION 1
The First SOLUTION to this issue is to DISABLE the WebClient service in Vista. Here is a quick script that accomplishes this: VistaMossOfficeMossSSOFix.bat Here is the code for those who'd like to incorporate this script into their environment:
net stop "WebClient"
WMIC SERVICE WHERE Caption="WebClient" CALL ChangeStartMode "Disabled"
SOLUTION 2
There is also a second workaround that involves tricking IE to use a fake proxy and to have IE bypass the fake proxy for everything - this workaround is PREFERRED since the first Solutions ends up severing some of the nicer integration features between Office and MOSS (such as the ability to save directly from office on to a sharepoint document library)
In Internet Options, click the "Connections" tab and then click "LAN Settings":
Click "Advanced" and enter * as an exception to the proxy:
Conclusion
In conclusion, the SECOND SOLUTION seems to be more appropriate as the first one tends to do more harm than good.