"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

Fixing the “For security reasons DTD is prohibited in this XML document.” issue

This post describes a couple of ways to fix the issue “For security reasons DTD is prohibited in this XML document”. At least for me, it appeared when trying to access SharePoint Online using Powershell or a console program using OfficeDev.PnP (which in turn uses CSOM).


When running any piece of code, whether in PowerShell, .exe console or anything else than in the code behind relies on .NET Framework, you get an error like this:

For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method.

It could come from, for example, running Connect-SPOnline on PowerShell. Ours was first caused by custom console app, but then also from running Powershell.

Reason for the problem

There are a number of issues that can cause this, and hence there are a few different solutions. We got the error when we were supposed to run Valo Intranet upgrade run, using a certain xml document, against SharePoint Online, so at first we thought it was somehow related to the XML. However, the error itself just denies the processing of an XML document with DTD, and doesn’t tell what this document actually is. For us, it actually had nothing to do with our implementation!

This happened on multiple different machines, and multiple different network connections, with any XML input, but just against one tenant (others worked) – so we figured it has to be about some configuration on that particular tenant or datacenter. Furthermore, Connect-SPOService (to admin site) worked, but Connect-SPOnline to normal site failed.


The third option worked for us, but I’ve read online and our internal resources that the other solutions have helped other people, so I’m including them here.

  1. A conflict between cmdlets(?)
    1. One colleague had fixed this by switching from Windows Powershell to SharePoint Online Management Shell. Didn’t help us.
  2. DNS issue
    1. Connecting to Microsoft’s datacenters might be trickier than you’d think. Interwebs is filled with stories about Microsoft just returning unresolvable DNS entries, which messes up the script, or your ISP might be trying to help and just makes the issue worse (by offering a “DNS help”-page which just omits the actual exception)
    2. This might be fixed with changing to Google’s DNS (, adding new entries to hosts file, disabling ISP or router features or just simply running the program/script somewhere else – try Azure virtual machine, for example.
    3. Examples and references:
      1. http://asp.net-hacker.rocks/2016/01/15/XML-parsing-problem-because-of-your-ISP.html
      2. https://stackoverflow.com/questions/13854068/dtd-prohibited-in-xml-document-exception
      3. https://blogs.technet.microsoft.com/marios_mo_betta_blog/2016/06/05/o365-powershell-error-dtd-is-prohibited-in-this-xml-document/ (that one’s about Verizon)
  3. Add IPv6 on top of DNS issues
    1. This was weird, but disabling IPv6 finally solved our issues
    2. https://melcher.it/2016/02/for-security-reasons-dtd-is-prohibited-in-this-xml-document/

Weird issue, but in the end, an easy solution.


The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Let me know your thoughts!