Article ID: 2123563 - View products that this article applies to.
Expand all | Collapse all

On This Page


When you try to open or download a Microsoft Office file that is stored on a web server or a third-party web server, the associated Office application starts, but the selected file is not opened or downloaded. For example, the Office file is stored on a SharePoint server or a Web Distributed Authoring and Versioning (WebDAV) server.

When this problem occurs, try using HTTPS instead of HTTP to access the Office files. For example, use https://www.site.com instead of http://www.site.com.

If you still can’t open the Office files, contact the site server administrator.

Note This problem can happen on any site of a third-party type, or a SharePoint or WebDAV site.

Information for site server administrators

Additional symptom details

When this problem occurs, you may also experience the following additional symptoms:
  • You do not receive a Basic authentication password prompt when you try to open or download the file.
  • You do not receive an error message when you try to open the file. The associated Office application starts, but the selected file does not open.

Cause

This problem occurs when the following conditions are true:
  • The server is configured for Basic authentication.
  • The connection between your computer and the web server does not use Secure Sockets Layer (SSL).
By default, file operations that use Basic authentication over a non-SSL HTTP connection are disabled in Office 2010 and Office 2013 applications.

When Basic authentication is disabled, one of the following events occurs:
  • The client application uses a different authentication method. This occurs if the server supports a different authentication method.
  • The request fails (for details about what happens when a request fails, see the list in the "Additional symptom details" section).

Resolution

If the workaround of using HTTPS instead of HTTP does not work, the resolution is to enable SSL encryption on the web server to allow for client access over HTTPS.

Note By default, Office 2010 applications can access and download files from a web server that uses Basic authentication only over an SSL connection.

Workaround

To work around this problem, let Office 2013 and Office 2010 applications connect to a web server by using Basic authentication over a non-SSL connection.

Warning When you enable Basic authentication without SSL, you are subject to a significant security risk.

About Basic authentication and its security risk

Basic authentication requires users to a valid user name and password to access content. This authentication method does not require a specific browser, and all major browsers support it. Basic authentication also works across firewalls and proxy servers. For these reasons, it is a good choice when you want to restrict access to some, but not all, content on a server.

However, the disadvantage of Basic authentication is that it transmits unencrypted base64-encoded passwords over the network. If the password is intercepted over the network by a network sniffer, an unauthorized user can determine the user name and password, and can then reuse these credentials. It is because of this security risk that Office 2010 applications disable Basic authentication over a non-SSL connection in the default configuration.

You should use Basic authentication only when you know that the connection between the client and the server is secure. The connection should be established either over a dedicated line or by using SSL encryption and Transport Layer Security (TLS). For example, to use Basic authentication with WebDAV, you should configure SSL encryption.

For more information about Basic authentication, see Basic authentication and Configure Basic authentication (IIS 7).

For more information about SSL and certificates, see SSL and certificates.

Enable Basic authentication over a non-SSL connection

The following two steps describe how to enable Office 2013 and Office 2010 applications to open Office file types directly from a server that supports only Basic authentication over a non-SSL connection. You should follow these steps only if you are confident that the connection between the user and the web server is secure. A direct cable connection or a dedicated line would be considered optimal for secure connections.

Note For Office 2013 and Office 2010 applications, both steps are required. For other Office applications, only step 1 is required.

Step 1: Configure WebDAV Redirector on the client
Note This step is required for applications in the 2007 Office suite and in Office 2013 and Office 2010.

On the client computer, configure the WebDAV Redirector to enable Basic authentication over non-SSL connections.

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

Windows XP and Windows Server 2003

To enable Basic authentication on the client computer, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type UseBasicAuth, and then press Enter.
  5. Right-click UseBasicAuth, and then click Modify.
  6. In the Value data box, type 1, and then click OK.

    Note Basic authentication is enabled if the UseBasicAuth registry entry is set to a nonzero value. Basic authentication is disabled if the UseBasicAuth registry entry is not present, or if the UseBasicAuth registry entry is set to 0 (zero). 

    The mapping is as follows: 
    0 - Basic authentication disabled 
    1 - Basic authentication enabled for SSL connections only 
    2 - Basic authentication enabled for SSL and non-SSL connections
  7. Exit Registry Editor, and then restart the computer.

Windows Vista, Windows 7, and Windows 8

To enable Basic authentication on the client computer, follow these steps:
  1. In Windows Vista or Windows 7, click Start, type regedit in the Start Search box, and then press Enter.

    In Windows 8, hold the Windows key (WINKEY) + F, highlight Apps in the Menu bar, type regedit in the Search box, and then press Enter.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type BasicAuthLevel, and then press Enter.
  5. Right-click BasicAuthLevel, and then click Modify.
  6. In the Value data box, type 2, and then click OK.

    Note The mapping is as follows:
    0 - Basic authentication disabled
    1 - Basic authentication enabled for SSL connections only
    2 - Basic authentication enabled for SSL and non-SSL connections
  7. Exit Registry Editor, and then restart the computer.

For more information about how to configure the WebDAV redirector to enable Basic authentication, click the following article number to view the article in the Microsoft Knowledge Base:
841215 Error message when you try to connect to a Windows SharePoint document library: "System error 5 has occurred"
Step 2: Update the Registry on the client
Note This step is required for Office 2013 and Office 2010 applications.

On the client computer, add the BasicAuthLevel registry key and an appropriate value. To do this, follow these steps.

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
  1. Start Registry Editor.
    • In Windows 8, hold the Windows key (WINKEY) + F, highlight Apps in the Menu bar, type regedit in the Search box, and then press Enter. If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
    • In Windows 7 or in Windows Vista, click Start, type regedit in the Start Search box, then press Enter. If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
    • In Windows XP, click Start, click Run, type regedit, and then click OK.

  2. Locate and then click one of the following registry subkeys:

    For Office 2010
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet

    For Office 2013
    HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type BasicAuthLevel, and then press Enter.
  5. Right-click BasicAuthLevel, and then click Modify.
  6. In the Value data box, type 2, and then click OK.

    Note The mapping is as follows:
    0 - Basic authentication disabled
    1 - Basic authentication enabled for SSL connections only
    2 - Basic authentication enabled for SSL and for non-SSL connections
  7. Exit Registry Editor, and then restart the computer.

Properties

Article ID: 2123563 - Last Review: February 14, 2014 - Revision: 27.0
Applies to
  • Microsoft Office Professional 2013
  • Microsoft Office Standard 2013
  • Microsoft Office Home and Business 2013
  • Microsoft Office Home and Student 2013
  • Microsoft Office Standard 2010
  • Microsoft Office Professional 2010
  • Microsoft Office Professional Plus 2010
  • 2007 Microsoft Office Suite Service Pack 1
  • 2007 Microsoft Office Suite Service Pack 2
Keywords: 
kbfixme kbmsifixme kbcip KB2123563

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com