Fixing the “For security reasons DTD is prohibited in this XML document.” issue

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

This post describes a couple of ways to fix the issue “For security reasons DTD is prohibited in this XML document”. At least for me, it appeared when trying to access SharePoint Online using Powershell or a console program using OfficeDev.PnP (which in turn uses CSOM).

Error

When running any piece of code, whether in PowerShell, .exe console or anything else than in the code behind relies on .NET Framework, you get an error like this:

It could come from, for example, running Connect-SPOnline on PowerShell. Ours was first caused by custom console app, but then also from running Powershell.

Problem

There are a number of issues that can cause this, and hence there are a few different solutions. We got the error when we were supposed to run Valo Intranet upgrade run, using a certain xml document, against SharePoint Online, so at first we thought it was somehow related to the XML. However, the error itself just denies the processing of an XML document with DTD, and doesn’t tell what this document actually is. For us, it actually had nothing to do with our implementation!

This happened on multiple different machines, and multiple different network connections, with any XML input, but just against one tenant (others worked) – so we figured it has to be about some configuration on that particular tenant or datacenter. Furthermore, Connect-SPOService (to admin site) worked, but Connect-SPOnline to normal site failed.

Solution

The third option worked for us, but I’ve read online and our internal resources that the other solutions have helped other people, so I’m including them here.

  1. A conflict between cmdlets(?)
    1. One colleague had fixed this by switching from Windows Powershell to SharePoint Online Management Shell. Didn’t help us.
  2. DNS issue
    1. Connecting to Microsoft’s datacenters might be trickier than you’d think. Interwebs is filled with stories about Microsoft just returning unresolvable DNS entries, which messes up the script, or your ISP might be trying to help and just makes the issue worse (by offering a “DNS help”-page which just omits the actual exception)
    2. This might be fixed with changing to Google’s DNS (8.8.8.8), adding new entries to hosts file, disabling ISP or router features or just simply running the program/script somewhere else – try Azure virtual machine, for example.
    3. Examples and references:
      1. http://asp.net-hacker.rocks/2016/01/15/XML-parsing-problem-because-of-your-ISP.html
      2. https://stackoverflow.com/questions/13854068/dtd-prohibited-in-xml-document-exception
      3. https://blogs.technet.microsoft.com/marios_mo_betta_blog/2016/06/05/o365-powershell-error-dtd-is-prohibited-in-this-xml-document/ (that one’s about Verizon)
  3. Add IPv6 on top of DNS issues
    1. This was weird, but disabling IPv6 finally solved our issues
    2. https://melcher.it/2016/02/for-security-reasons-dtd-is-prohibited-in-this-xml-document/

Weird issue, but in the end, an easy solution.

 

Unorthodox configuration: How to use VLK and Click-to-run Office Apps side-by-side (Visio and Office 2016 as an example)

Ever had issues with different versions of Office programs not living in harmony together? Me too! This post describes how I was able to fix the issue.

Preface

This blog post was inspired by my need to have Office 365 ProPlus (2016 versions) and Visio running side-by-side on my laptop. That turned out to be a lot more complicated than it arguably should be, so I documented the steps for further use. These instructions are written for that particular scenario (installing MS Visio on a machine with pre-existing Office 2016/365 ProPlus installation). My laptop is running Windows 10 Enterprise, which probably caused one of the issues I ran into.

Let’s get started!

Steps

You can get a rough outline of the steps here. Being Microsoft’s documentation, it doesn’t really tell you what to do, though.

1. Office Deployment Tool

First of all, download Office Deployment Tool, which then enables you to download and package a Click-to-run version of Visio installer. If you have Office 2016 installed already, you’ll need to use the 2013 installer for Visio. You can download the 2016 version of the Office Deployment Tool here, or the 2013 version here. Unpack it to a safe directory somewhere.

2. Using the tool to create an App-V -package

Next you’ll need to exit the configuration file (configuration.xml). Open it, and make it look something like this:

Save and close it. (You can find more of the Product ID:s here.)

Next you’ll need to run the tool. Open a command line, cd to the directory where you have setup.exe, and run it. You’ll get the help for the tool:

Run the following commands (change <yourpath> to be the path you downloaded the tool to):

As a result, after a packaging process that seems to take forever, you’ll get a AppV -package for MS Visio. It’s located in <yourpath>/output/AppVPackages -folder, which also has UserConfig.xml and DeploymentConfig.xml -files for your chosen build.

3. Deploying the App-V -package

“The heck am I going to do with this steamy bile of nonsense?”, you might ask. So did I, as double-clicking that bugger doesn’t do you any good. However, quick googling took me to an instructions document, that told me to run some PowerShell-magic to get the package installing.

That’s all swell, except even the first cmdlet refused to work for me. I got the following error:

Oh! Well, that must be an easy fix. There’s a service with roughly that name, and it’s disabled. Just start the service, right?

AppV Service Shenanigans

AppV Service Shenanigans

Well, except when trying to Start the service, you get an error. This one or similar.

AppV Service Start error

AppV Service Start error

To get around this, you actually don’t need to touch the service at all. Actually, screw the service. Pop the PowerShell open again and run these:

This should enable App-V client for you. Now you can actually try installing and publishing the App-V -package.

This might fail with an error like this:

If it does, you’ll need to make a small registry change. Run regedit and navigate to this:

And enable (set value to 1) for EnablePackageScripts.

Regedit to enable appv scripts

Regedit to enable appv scripts

Now, this should work:

After a while you should have Visio installed. Easy as pie!

References

Preventing Outlook (and other programs) from stealing focus

This post describes how to stop Windows applications from stealing focus from each other. In a practical sense, no piece of software should be able to “jump” to the top and activate your cursor in it, after the steps in this blog post have been applied.

Description

After some recent batch of Windows updates my Outlook desktop client started stealing focus whenever there was a new email coming in. Like most people, I get a lot of email, and after a while my humor completely ran out with Outlook jumping in, stealing my keystrokes and doing whatever those keystrokes were bound to in Outlook. Continue reading

USA 5: Working for Valo Intranet – and what’ve I been up to last few months

Valo Intranet team jump

I haven’t actually written that much about my daily work on this blog. I’m currently mostly involved with the Blue Meteorite’s North America team, and specialized in partner acquisition and support. Most of my time is spent either onboarding new partners, or supporting the old ones in their Valo Intranet deployments. And boy, is that not a lot of fun to do! Never before have I been able to work with so many talented people from so many different organizations, and that’s been both challenging and rewarding.

I actually wrote a few words about it on Valo Intranet’s wwebsite.. And thought I’d republish the post on this blog, as it’s related to a lot of posts here, too. Continue reading

Using SharePoint Search Query Tool to investigate search index issues in SharePoint Online

SharePoint Search Query Tool

If you’re working on SharePoint deployments, and aren’t familiar with SharePoint Search Query Tool (or SPQT for short), you’re probably doing something wrong. Or you’ve gotten a really troublefree tenant and simple requirements.. 🙂 At least for technical issues, it’s the #1 tool for debugging what’s in the index and what isn’t. This blog post describes how to use it to investigate SharePoint Online Search index issues.

First of all, you can get the tool from here: https://sp2013searchtool.codeplex.com/.

Continue reading