🚀 Overview

IT administrators may encounter a scenario where Microsoft Office 2010 or 2013 applications fail to load documents hosted on SharePoint or WebDAV sites. Instead of the expected document, the application launches but displays a completely blank interface. This behavior typically occurs when the host server utilizes Basic Authentication without an underlying Secure Sockets Layer (SSL) connection.

By default, modern Office applications are hardened against security vulnerabilities and will proactively block Basic Authentication over unencrypted HTTP. This results in a “silent failure” where the user is never prompted for credentials, and no explicit error message is generated, leading to significant troubleshooting confusion for end-users.

⚙️ Key Technical Details

The root of this issue lies in the security configuration of the Office client and the Windows WebDAV redirector. Here are the core technical concepts:

• Authentication Handshake: When a server is configured for Basic Authentication, it requires a username and password. However, if the connection is not wrapped in SSL (HTTPS), these credentials are transmitted as base64-encoded text, which is easily intercepted by network sniffers.
• Office Security Defaults: To protect user credentials, Office 2010 and 2013 disable Basic Authentication over non-SSL (HTTP) connections by default. If the server does not support an alternative, more secure authentication method (like NTLM or Kerberos), the file request fails.
• The WebDAV Redirector: The Windows operating system uses a specific service (WebClient) to handle WebDAV connections. This service also has its own independent security levels for authentication that must be aligned with the Office application settings to allow unencrypted traffic.

⚠️ Impact

This issue impacts both the security posture of the organization and the productivity of the user base:

• User Experience: Users experience a “broken” workflow. They click a document link, the Office splash screen appears, but the document never loads, and no “Access Denied” or “Login” prompts appear.
• Administrative Overhead: Troubleshooting is difficult because there are no logs in the application itself. Admins must look at network traces or registry configurations to identify the block.
• Security Risk: Implementing the workaround to allow Basic Authentication over HTTP exposes user credentials to potential theft. Microsoft strongly recommends enabling SSL on the web server as the primary resolution rather than modifying client-side registries.

🛠️ Resolution & Workaround

While the recommended fix is to migrate the server to HTTPS, IT administrators can apply the following registry modifications to client machines if a secure environment (such as a dedicated line) is guaranteed.

Step 1: Configure the Windows WebDAV Redirector

🛡️ This step ensures the Windows WebClient service is permitted to send credentials over HTTP.

For Windows XP and Windows Server 2003:

1. Open the Registry Editor (regedit).
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
3. Create a new DWORD Value named UseBasicAuth.
4. Set the value to 1 (Enabled for SSL) or 2 (Enabled for SSL and non-SSL).
5. Restart the computer.

For Windows Vista, Windows 7, and Windows 8:

1. Open the Registry Editor (regedit).
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
3. Create a new DWORD Value named BasicAuthLevel.
4. Set the Value data to 2.

Mapping Reference: 0 = Disabled; 1 = SSL Only; 2 = SSL and non-SSL.

5. Restart the computer.

Step 2: Update the Office Internet Registry Key

📅 This step is mandatory for Office 2010 and 2013 to allow the applications to utilize the WebDAV redirector’s settings.

1. Open the Registry Editor.
2. Navigate to the appropriate path for your Office version:
   • Office 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
   • Office 2013: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet
3. Create a new DWORD Value named BasicAuthLevel.
4. Set the Value data to 2.
5. Exit the Registry Editor and restart the computer to apply changes.

---

Official Source: Read the full article on Microsoft.com