Hi,

Users have been getting the following message in Excel, Visio and Powerpoint when starting up the application for the first time post-update KB2956191.

'Access to this web server is disabled by default because it is controlled by basic authentication and does not use Secure Sockets Layer (SSL). Do you want to search the Microsoft Online Support Center to view possible solutions?'

This warning prompt repeats 4 times (for each application) and then vanishes and cannot be replicated on closing and reopening the app or a reboot. Has anyone else seen this?

I understand it was a security feature introduced a while back for opening Office documents from 'insecure' locations, but in this instance we're not even opening any documents and it's not affecting Word either.....

Cheers, Rich.

Hi,

As far as I know, this error message was pop-up, when the following conditions are true:

• The server is configured for Basic authentication.
• The connection between your computer and the web server does not use Secure Sockets Layer (SSL).

By default, file operations that use Basic authentication over a non-SSL HTTP connection are disabled in Office 2010

When Basic authentication is disabled, one of the following events occurs:

• The client application uses a different authentication method. This occurs if the server supports a different authentication method.
• The request fails (for details about what happens when a request fails, see the list in the "Additional symptom details" section).

You have two options to fix the issue:

1) Enable SSL in confluence.

2) Disable basic authentication on the client computer. More info about this can be found in the Microsoft KB.

https://support.microsoft.com/en-us/kb/2123563

I suppose that this issue was not caused by the Windows update, please try the above methods first.

Regards,

Hi George,

Yes, I'd seen that article but we're not opening any documents - just opening the application 'blank' causes this. There's no documents, servers, basic authentication or SSL involved at this point.

If we remove update 2956191, the issue goes away. Any other thoughts?

Cheers, Rich.

Hi,

We have not received similar report about this KB 2956191 on our forum yet, thus, We'll monitor this issue, if we have any update, we'll post here.

Thanks for your understanding.

Regards,

I can confirm the problem.

Our systems:

- Domain based network
- W2K8 R2 SP1 Servers
- Windows 7 SP1 x64 clients
- Office 2010
- Mandatory profiles
- Internet traffic filtered by an proxy server.

Each! time users are login in with there mandatory profiles and opening one off the Office 2010 applications (MS-Word, MS-Excel, MS-Powerpoint, MS-Outlook), a proxy popup windows is opening , showing that the application is trying to connect to the internet. I am NOT talking about opening any documents, just the "blank" application.

The proxy popup does NOT show an internet address the application is trying to connect to. It just show the address of our proxy server on port 8080.

The ONLY "Solution" so far: Removing and/or denying Update KB2956191 through WSUS

Any help is welcome.

Regards
Tasse

I have the same problem. I have the same configuration, windows 7 sp 1, windows 2008 R2 and office 2010. Microsoft has no answer to this problem ?

Hi George,

Since applying May 2015 updates this week, we are getting the same issue as previously reported with kb2956191. Removing kb2999439, which superseded kb2956191 does not seem to fix the problem.

Like one of the other respondents, we use an internal/external proxy. This is not under our jurisdiction and we have no control over the configuration of it, but if I remove the proxy settings from IE the issue does not occur.

If I apply the changes you detailed in https://support.microsoft.com/en-us/kb/2123563 to allow basic authentication over non-SSL connections, instead of the SSL error message (x4) I get a proxy authentication box (x4).

I guess I should reconsider the question I am actually wanting resolved. Why do Office 2010 applications try to make a web connection when they start up, and can I disable this with GPO settings??

I know the SSL/basic authentication security feature is not new, but something in these most recent updates seems to be FORCING the Office apps to make a web connection at startup because we've never seen this behaviour before April 2015.

Regards

Rich

• Edited by farscapes 15 hours 5 minutes ago

Hi George,

Since applying May 2015 updates this week, we are getting the same issue as previously reported with kb2956191. Removing kb2999439, which superseded kb2956191 does not seem to fix the problem.

Like one of the other respondents, we use an internal/external proxy. This is not under our jurisdiction and we have no control over the configuration of it, but if I remove the proxy settings from IE the issue does not occur.

If I apply the changes you detailed in https://support.microsoft.com/en-us/kb/2123563 to allow basic authentication over non-SSL connections, instead of the SSL error message (x4) I get a proxy authentication box (x4).

I guess I should reconsider the question I am actually wanting resolved. Why do Office 2010 applications try to make a web connection when they start up, and can I disable this with GPO settings??

I know the SSL/basic authentication security feature is not new, but something in these most recent updates seems to be FORCING the Office apps to make a web connection at startup because we've never seen this behaviour before April 2015.

Regards

Rich

• Edited by farscapes Wednesday, May 27, 2015 4:26 PM

Hi George,

Since applying May 2015 updates this week, we are getting the same issue as previously reported with kb2956191. Removing kb2999439, which superseded kb2956191 does not seem to fix the problem.

Like one of the other respondents, we use an internal/external proxy. This is not under our jurisdiction and we have no control over the configuration of it, but if I remove the proxy settings from IE the issue does not occur.

If I apply the changes you detailed in https://support.microsoft.com/en-us/kb/2123563 to allow basic authentication over non-SSL connections, instead of the SSL error message (x4) I get a proxy authentication box (x4).

I guess I should reconsider the question I am actually wanting resolved. Why do Office 2010 applications try to make a web connection when they start up, and can I disable this with GPO settings??

I know the SSL/basic authentication security feature is not new, but something in these most recent updates seems to be FORCING the Office apps to make a web connection at startup because we've never seen this behaviour before April 2015.

Regards

Rich

• Edited by farscapes Wednesday, May 27, 2015 4:26 PM

Hi George,

Since applying May 2015 updates this week, we are getting the same issue as previously reported with kb2956191. Removing kb2999439, which superseded kb2956191 does not seem to fix the problem.

Like one of the other respondents, we use an internal/external proxy. This is not under our jurisdiction and we have no control over the configuration of it, but if I remove the proxy settings from IE the issue does not occur.

If I apply the changes you detailed in https://support.microsoft.com/en-us/kb/2123563 to allow basic authentication over non-SSL connections, instead of the SSL error message (x4) I get a proxy authentication box (x4).

I guess I should reconsider the question I am actually wanting resolved. Why do Office 2010 applications try to make a web connection when they start up, and can I disable this with GPO settings??

I know the SSL/basic authentication security feature is not new, but something in these most recent updates seems to be FORCING the Office apps to make a web connection at startup because we've never seen this behaviour before April 2015.

Regards

Rich

• Edited by farscapes Wednesday, May 27, 2015 4:26 PM

Hi George,

Since applying May 2015 updates this week, we are getting the same issue as previously reported with kb2956191. Removing kb2999439, which superseded kb2956191 does not seem to fix the problem.

Like one of the other respondents, we use an internal/external proxy. This is not under our jurisdiction and we have no control over the configuration of it, but if I remove the proxy settings from IE the issue does not occur.

If I apply the changes you detailed in https://support.microsoft.com/en-us/kb/2123563 to allow basic authentication over non-SSL connections, instead of the SSL error message (x4) I get a proxy authentication box (x4).

I guess I should reconsider the question I am actually wanting resolved. Why do Office 2010 applications try to make a web connection when they start up, and can I disable this with GPO settings??

I know the SSL/basic authentication security feature is not new, but something in these most recent updates seems to be FORCING the Office apps to make a web connection at startup because we've never seen this behaviour before April 2015.

Regards

Rich

• Edited by farscapes Wednesday, May 27, 2015 4:26 PM

Hi George,

Since applying May 2015 updates this week, we are getting the same issue as previously reported with kb2956191. Removing kb2999439, which superseded kb2956191 does not seem to fix the problem.

Like one of the other respondents, we use an internal/external proxy. This is not under our jurisdiction and we have no control over the configuration of it, but if I remove the proxy settings from IE the issue does not occur.

If I apply the changes you detailed in https://support.microsoft.com/en-us/kb/2123563 to allow basic authentication over non-SSL connections, instead of the SSL error message (x4) I get a proxy authentication box (x4).

I guess I should reconsider the question I am actually wanting resolved. Why do Office 2010 applications try to make a web connection when they start up, and can I disable this with GPO settings??

I know the SSL/basic authentication security feature is not new, but something in these most recent updates seems to be FORCING the Office apps to make a web connection at startup because we've never seen this behaviour before April 2015.

Regards

Rich

• Edited by farscapes Wednesday, May 27, 2015 4:26 PM

Hi,

just want to confirm the problem (again) after installing Update KB2999439.

With the removal of KB2956191 the proxy authentication popup (after opening MS-Office 2010 applications) has not appeared anymore, only to pop up again after installing KB2999439.

I would like to ask the same question(s):
- What is the reason for Office 2010 applications to open, all of a sudden (starting with updates on April 2015), web connections?
- And which address are they trying to connect to?
- Is Microsoft going to fix this unwanted "behaviour"?

Regards
Tasse

Hello,

in my environment I experienced same problems and after a call with Microsoft support I was informed that update  KB3054875 released today should finally solve this problem - https://support.microsoft.com/en-us/kb/3054875?wa=wsignin1.0

"When you open an Office 2010 application on a computer that uses a proxy server with basic authentication, a dialog box prompts you for basic authentication credentials. This occurs even though Office.com connectivity is disabled by Group Policy settings."

Regards

Hi,

No, Hotfix KB3054875 does NOT fix the problem. With Hotfix KB3054875 installed we see the very same proxy authentication window poping up again.

Right now all three hotfixes, the original KB2956191 (April 2015) and its superseding updates KB2999439 (May 2015) and KB3054875 (June 2015) results in a proxy popup window as soon as the user opens an Office 2010 application.

Please keep in mind: we are using MANDATORY PROFILES. Therefore any change to the profile is discarded as soon as the user log off.

Dear Microsoft Employees,

please get this problem fixed, so we do not loose the last confidence in your (security) patch procedures to make the Window Client and Server Systems more secure.
Concerning the quality of the patches, the last months cast a very poor light on Microsoft on this point.

Best
Tasse

I am also seeing the same things as described above.  We started out getting a proxy login dialog when opening Outlook, but the same SSL authentication warnings as above for the other Office apps.  Running Wireshark on the client PC while opening Office apps shows packets going out to 'office14client.microsoft.com', despite all attempts to lock this down.  We're behind a gov't proxy and absolutely DO NOT want this traffic going out.  Pls see the following thread elsewhere for my previous activity:

https://social.msdn.microsoft.com/Forums/en-US/8e0424a0-7a2d-44ff-85ed-5dd94a756df5/ssl-prompt-on-startup?forum=excel

It began after installing KB2956191, but we can't uninstall it because it doesn't show in Control Panel in the Installed Updates, nor can we find an uninistall string in the registry.  Nothing we've done has suppressed that traffic, and that's the one thing we want to do.  I've tried reinstalling per the blog tech recommendation, but it won't install because it thinks it's already installed.  Catch-22.

This has been going on for 2 months now, and it appears the installation of KB2956191 is what started this circus.  But that KB was theoretically supposed to FIX something about the sites issue, and all it's done is cause our entire user base grief.

We have found a repeatable fix.  I can't explain why these items come together to do the job, but they work.

Update User GP Preferences with new Registry entry: under 'HKCU\Software\Microsoft\Office\14.0\Common' create a new DWORD called 'BasicAuthLevel', value of '2'.

Update Computer GP Preferences with new Reg entry: under 'HKLM\Software\Policies\Microsoft\Office\14.0\Common\OfficeUpdate' create a new DWORD called 'EnableAutomaticUpdates', value of '0'.

Install June updates KB3040272, KB3065979 and KB3064209.

In any one of your Office apps per each machine installation, go to File-Options-Trust Center-Trust Center Settings-Privacy Options, and clear the 7 tick boxes in the right pane.

Finally, troll thru the user-side GP settings in your Office templates and disable every item that talks about URLs or in any way reaching out to Office.com.  You only need to deal with the Office-named ones, you don't need to worry about individual Word, Excel, Outlook, etc., settings.  If your standard users are in separate OUs to admin users, and admin users make use of Office, they'll want the same settings applied.

We see 2 basic issues here: A) the fact that Office is sending non-SSL calls to Office.com when we don't want it to, and B) Office is either warning us about unauthorised calls to unsecure sites (that IT initiated), or giving us our proxy authentication dialogs after A) returns the prompt from the proxy server, depending on security settings that normally aren't touched by hand.  Once the outbound traffic is stopped, there is no proxy response to handle.

Hello,

in my environment I experienced same problems and after a call with Microsoft support I was informed that update  KB3054875 released today should finally solve this problem - https://support.microsoft.com/en-us/kb/3054875?wa=wsignin1.0

"When you open an Office 2010 application on a computer that uses a proxy server with basic authentication, a dialog box prompts you for basic authentication credentials. This occurs even though Office.com connectivity is disabled by Group Policy settings."

Regards

I can confirm: KB3054964 finally fixed the problem for us.

Tasse