However, adding the registry key from that KB (with many variations on vle.domain.county.sch.uk) doesn't do anything, regardless of service or computer restarts. Even stopping the WebClient service outright does nothing, even though that is reputedly the source of the credentials challenge. Setting the local security policy to automatic logon with current username and password does nothing. LM & NTLM responses are sent anyway for SSO. This registry key doesn't help either. The whole VLE uses FQDN throughout so switching to the NetBIOS name isn't workable.
Removing the domain from the proxy exceptions (i.e. filtering the VLE through Smoothwall) does work, but prevents SSO from working, and I'd rather have that. Bizarrely, moving the domain into Trusted Sites (i.e. out of Intranet where it normally lives) makes PowerPoint work without prompting for credentials, but Word and Excel are still problematic.
What the bejesus? At this point I can only assume it's a setting within Moodle, so if anyone has any light to shed there please let me know - although we have a support contract so I can't get at the back end, just the various settings inside Moodle. I'm all for trying any other steps I can take on Windows (I saw something about forcing XP SP2 compat for Office but that seems likely to have unintended consequences) or even steps on the Smoothwall to pass the SSO through to the VLE.
Last edited by sonofsanta; 11th October 2012 at 10:17 AM.
To be precise, if a user clicks on an Office document (Word, Powerpoint, Excel) and choose to Open (instead of Save), a login box pops up underneath IE. Clicking Cancel on the box opens the file anyway. Having implemented the regkey in that KB article (and tested a variety of other posited solutions) the only option left at this point is to assume that, as detailed in the article, the Moodle server is using Basic or Digest authentication. I can’t find any settings anywhere in the Moodle settings. Is it available in the back end of the Apache server, and can steps be taken to try and resolve the issue please?
Their reply back:
Unfortunately we do not support Microsft products.
Although a quick fix is provided in the link you provided.
Looking at the Smoothwall logs Office 2010 is trying to download the documents as the computer and not the user. But when user hits cancel it then gets downloaded by IE as the user.
Using Kerberos authentication seems to let office 2010 authenticate with Smoothwall. But we canít use Kerberos authentication because of issues with Java on websites and the Citrix Receiver.
Iím now looking at scraping both NTLM and Kerberos auth to Smoothwall and trying out Ident authentication.
That's a different issue to us then; our VLE is listed as a proxy exception so it doesn't touch the Smoothwall. Going through the Smoothwall actually improved issues for us, IIRC, but at the expense of single sign-on, so I didn't go down that route.