As consultants we often get asked to provide the best end user experience for our clients. This goes beyond installing SharePoint correctly, or completing a migration successfully, the first time. We have to take it a step further and ensure that each user is capable of completing their work without issues. This often requires us to work out issues on individuals PC’s and this blog will outline a key end user configuration that has created some very satisfied clients.
Problem
SharePoint keeps prompting you for credentials in the following scenarios:
1. You get prompted for credentials when you access the site in the browser.
2. You get prompted for credentials when you open a document from SharePoint.
3. You get prompted for credentials after you open a document from SharePoint and try to “Save As”.
Cause
The most likely cause of your problem is that you are using an FQDN for SharePoint (For example, sharepoint.company.com) and your client machine runs Windows 7. By default, Internet Explorer and WebDAV assume that this address which contains a “.” is on the Internet and as a security measure and will not automatically pass in your credentials. This is not an issue with clients running Windows XP
Solution
If your scenario is the same as above, then you will need to do two things.
1. Add your SharePoint server’s FQDN to your Trusted Sites zone.
2. Modify your registry settings for the WebClient service.
Why Trusted Sites and not Local Intranet zone?
We have conducted lots of testing and found that adding the FQDN to the Trusted Sites zone provides the best end results. When trying to open PowerPoint presentations from search results, if the FQDN is not in the trusted sites zone, it will open up the file in read only format. This prevents users from editing the document and allowing them to save changes directly back to the site.
By having FQDN’s in this zone we have also suppressed the following error. I still get this error if I were that have added demo.csgpro.com to my Local Intranet zone:
Add your SharePoint server’s FQDN to your Trusted Sites zone.
When using Trusted sites, ensure that you do not select “Require server verification (https:) for all sites in this zone”.
1. Internet Explorer → Internet Options → Security → Trusted Sites Sites
2. Add the URL(s) of your SharePoint server(s). (Ex. http://demo.csgpro.com or http://contoso.microsoft.com)
3. Click OK
4. Click Custom Level → Scroll to the bottom -> User Authentication
5. Ensure that it is set to Automatic logon with current user name and password
Modify your registry settings for the WebClient service.
1. Open Regedit, Start→Run → regedit
2. Browse to the location: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters
3. Create a new Multi-String Value and call it AuthForwardServerList
4. Under Value data: Type in the URL of the SharePoint sites, one on each line. You may use wildcards.
5. Click OK.
6. Open Services console, Start -> Run -> services.msc
7. Look for the WebClient service, and click on Restart.
If this solution works for your users like it has for our clients, then your IT department should look at deploying a GPO to all computers to give each user the optimal end user experience when working with SharePoint.
There is more information from this Microsoft KB Article. This information was hard to find so it prompted me to blog about it.
http://support.microsoft.com/kb/943280/en-us