This definitely appears to be a client issue, as I'm getting different results for different users, but the upshot is that, after logging into the SharePoint portal (MOSS 2007), some users are getting prompted for credentials when attempting to open Office documents, while others don't get prompted at all. Still others, including me, get prompted for credentials, and yet can never get access to the documents ... and I'm a site administrator! Oddly enough, if I try with Google Chrome or Firefox, it works, without any prompts. So it definitely smells like a client configuration issue. I've tried just about all of the ideas I've seen posted, including adding the site to Trusted and/or Local Intranet sites, enabling/disabling Integrated Windows Authentication, adding the AuthForward (or whatever it is) Registry key, accessing with and without proxy settings, adding Alternate Access Mappings in the Central Administration console, and nothing seems to work! I'm about ready to pull my hair out. Does anyone have any ideas what can be done, so that I can use IE to open documents (particularly without getting prompted again)?

Hello, I am not sure how this may help, On your Internet Explorer settings, Internet options, go to Security tab intranet zone, click on Custom level Scroll almost to the end and there is an option-> Automatic login using...Regards, Rohan

> and there is an option-> Automatic login using... That stops the user being prompted when accessing a SP page provided the login identity is the identity given rights to access that page (site; sub-site etc,). Problems with being prompted when trying to open a document in a document library are usually solved by making sure that the SharePoint site is included in the Trusted Sites list in IE. (Unfortunately this isn't a solution for every problem with this).SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx Both also have links to extensive book lists and to (free) on-line chapters

Doing some more research, I now suspect this is tied to Network Load Balancing. We have an IP cluster (A), that routes to two front-end Web servers, (B) and (C). If I point my browser to the cluster (A), pass-through authentication does not work: I am forced to enter my credentials, just to access the site, and I cannot open Office documents, even after entering credentials. However, if I point my browser directly to the WFE servers (B or C), everything works! My credentials pass-through. I do *not* have to enter credentials, and I *can* access Office documents in the repository. At first glance, everything about the cluster appears to be configured properly. And honestly, despite having to authenticate the first time and not being able to open documents from the repository, everything else on the site works fine. So now my question becomes, how do I fix this? Is there anything I can check? One more note, we're using NTLM and not Kerberos.

I'm not sure why someone marked this post as "answered", when it hasn't been, so I am "unmarking" these. The suggested answers of adding these sites to my Trusted Sites list in IE does *NOT* resolve my issue! Regardless of whether or not these are "Trusted", I still get prompted when accessing the cluster and not hitting the WFE directly.

It's your right as OP to decide when your question has been answered so it's of course fine that you have unmarked these "answers". The usual reason for posts being marked as answers without waiting for the OP (here, you) to say his question has been answered is because the last post was a reply to which the OP hasn't responded. Here, however, the last post was from you saying that your question hadn't yet been answered, so it's odd that posts in the thread have been marked as answers. But remember that Moderators are often working under time pressure and so regard this one as probably being human error - missing the fact that the last post in the thread was from you. (another) ModeratorSP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx Both also have links to extensive book lists and to (free) on-line chapters

Are you 100% sure you hit the site using NTLM and not negotiating for Kerberos when you go through NLB? Did you configure IIS on the two web servers to force NTLM and not negotiate? I use a tool called Fiddler (google it, free to download) to investigate authentication when-ever in doubt. If the web server is sending back negotiate in the header IE will try to negotiate and that might be the reason why it fails. In Fiddler check Inspectors and the Auth-tab for both request and response. As you can see in my case I get a response back with WWW-Authenticate Header = Negotiate: No Proxy-Authenticate Header is present. WWW-Authenticate Header is present: Negotiate WWW-Authenticate Header is present: NTLM And truly I can see Kerberos being used in the next request: No Proxy-Authorization Header is present. Authorization Header (Negotiate) appears to contain a Kerberos ticket: 60 76 06 06 2B 06 01 05 05 02 A0 6C 30 6A A0 30 `v..+..... l0j 0 30 2E 06 0A 2B 06 01 04 01 82 37 02 02 0A 06 09 0...+....7..... 2A 86 48 82 F7 12 01 02 02 06 09 2A 86 48 86 F7 *H÷......*H÷ 12 01 02 02 06 0A 2B 06 01 04 01 82 37 02 02 1E ......+....7... A2 36 04 34 4E 54 4C 4D 53 53 50 00 01 00 00 00 ¢6.4NTLMSSP..... 97 B2 08 E2 05 00 05 00 2F 00 00 00 07 00 07 00 ².â..../....... 28 00 00 00 06 01 B0 1D 00 00 00 0F 42 4D 57 57 (.....°.....BMWW If you truly want to force NTLM you need to alter the metabase in IIS6 or change the order or authentication providers in IIS 7 (removing Negotiate or put NTLM at the top). bmw

Thanks, Bjorn. While I haven't checked it out using any utility, I can say that only NTLM is selected in the SharePoint Central Administration portal, and the only authentication provider listed/enabled for the site (on both WFEs) is NTLM. No other providers are in that list in IIS ... so I guess I'm 99% certain that we're only using NTLM. Just for fun, I'll check out Fiddler and see if it gives me any surprises ...

found the answer to this problem .. i've been searching on and off for years for the answer .. this nailed it and worked .. http://www.quantumofgeek.com/2010/02/windows-7-prompting-for-authentication-when-accessing-sharepoint-documents/ it is a local client issue ..