|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: RSA SecurID Authentication Agent for Web for IIS
RSA Version/Condition: 7.1.3  and later
|Issue||Microsoft Office 2010 documents and PDFs on SharePoint 2013 running on Microsoft Windows 2008 R2 Server cannot be managed. When connected to Microsoft SharePoint and trying to open Microsoft files (Word, Excel, etc.) or PDFs, one of the following error messages displays:|
- Sorry, there was a problem and we can't open this PDF. If this happens again, try opening the PDF in Microsoft Word.
- Sorry, Word Web App ran into a problem opening this PDF. To view this PDF please open it in Microsoft Word.
|Cause||These errors display for one of the following reasons:|
1. Microsoft documents, such as Word docs and Excel spreadsheets need an IIS agent fix from Jira bug AAIIS-1240
2. Non-Microsoft files like PDFs need to be removed from the SharePoint office web app list
|Resolution||To correct this issue, install RSA Authentication Agent 7.1 for Web for IIS 7.1.3 build 172 (or higher) or request the hot fix that includes the update identified in AAIIS-1240 that corrects the issue of opening Microsoft files and PDFs.|
Follow the detailed instructions in the ConfigurationInstructions.rtf, included below:
1. Unpackage and apply the RSA SecurID Authentication Agent 7.1 for Web for IIS version 7.1.3 build 168 or later setup.exe to the currently installed web agent
2. Configure the registry to prevent registration of RSAResponseInterceptorModule
- To apply, stop the IIS Manager console. For information on how to do this, please review the following Microsoft TechNet article.
- Double-click on the agent's setup.exe. Internally, the setup.exe will determine if it is upgrading a current web agent installation or installing as a fresh new install. If it runs as an upgrade, it will upgrade all binaries, but will preserve all configuration of the currently installed web agent. The server will need a reboot after the upgrade.
- From the IIS Manager, open the RSA SecurID configuration on the SharePoint - 80 Web Site.
- Uncheck the option to Enable RSA SecurID Web Access Authentication and click Apply.
- Open the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\RSAWebAgent.
- In that hive create the following value:
3. Further configuration: Edit C:\inetpub\wwwroot\web.config
- Add or replace a reference to the "RSAResponseInterceptorModule," according to template:
- Go back to the Web Agent Configuration Panel and re-enable the web agent.
4. Running iisreset
- After re-enabling the agent, reset the Application Pool on the WebID folder to RSA SecurID Pool.
5. Open SharePoint to open Shared Documents.
- After performing the above steps, open a command prompt.
- Run the command iisreset to ensure that all configuration is taken.
|Workaround||PDFs need to be removed from the SharePoint Microsoft Office Web App list.|
RSA Authentication Agent 7.1 for Web for IIS version 7.1.3  or later resolves the issue. This build is not yet available for download. Please contact RSA Customer Support to request a copy.
Other symptoms include a black screen, which happens if users try to access SharePoint after the cookie's expiration. The user will need to close the browser to get around this. It can be fixed with the PreventInterceptorModuleManagement registry setting, mentioned above.
The RSAResponseInterceptorModule is needed for Outlook Web Access (OWA), so do not use the PreventInterceptorModuleManagement setting on OWA web sites. This setting is not needed by SharePoint and can degrade SharePoint performance, so it is good to enable the PreventInterceptorModuleManagement option on SharePoint sites.