Prompt for Credentials When Accessing FQDN SharePoint Sites

​This is a problem that has been plaguing me for years.  When you access a SharePoint site with a fully qualified domain name (FQDN) such as https://sharepoint.envisionit.com, you get repeatedly prompted for credentials.  A FQDN has periods in the name, as in the URL above.  Since we do a lot of work with Extranets, we typically use SSL (secure https sites) and FQDNs on our sites, since they will be accessed externally as well as internally.

The first fix is in the browser itself.  In order to have the browser pass your logged on credentials to the server, it needs to be in the Intranet zone.  FQDNs are automatically considered to be Internet sites by the browser.  To change this do the following:

  1. From the browser Tools menu, select Internet Options
  2.  Go to the Security tab
  3. Select Local intranet
  4. Click Sites
  5. Click Advanced
  6. Add the FQDN to the Websites list

The above was the easy part, and applies to the browser.  However if your applications use WebDav, you still get prompted for credentials, even if you are already logged in with the correct credentials.  This will cause you grief with all the Office applications (Word, Excel, PowerPoint, InfoPath), opening a library in Explorer (so you can move files around easily), and many other situations.

Our Systems Administrator and resident guru Wes found the appropriate changes needed to support this.  Basically you'll need to add a registry entry to each client computer, after which you should not be repeatedly prompted for credentials.

  1. From the Start-Run menu run RegEdit
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters path
  3. Right-click Parameters and create a New Multi-String Value
  4. Name it AuthForwardServerList
  5. Enter one or more FQDNs that you want the rule to apply to

Note that you can also enter wildcards such as *.envisionit.com, for both the Intranet zone browser settings and the WebDav support.

Of course the ideal way to do both of these is by adding a Group Policy Preferences to your AD (which is what Wes did).

1 Comment

Renato on 5/15/2013 4:50:05 PM

You can also use URL rename ISAPI module, or a web proxy that will rename the FQDN to the internal host name.


Leave a Comment

Name  
Email (will not be published)    
Comment  
 
Enter both words, separated by a space.