This post was most recently updated on October 4th, 2022.3 min read.
This post describes a couple of ways to fix the issue “For security reasons DTD is prohibited in this XML document”. At least for me, it appeared when trying to access SharePoint Online using Powershell or a console program using OfficeDev.PnP (which in turn uses CSOM).
When running any piece of code, whether in PowerShell, .exe console, or anything else than the code behind relies on .NET Framework, you get an error like this:
For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method.
It could come from, for example, running Connect-SPOnline on PowerShell. Ours was first caused by the custom console app, but then also by running Powershell.
Reason for the problem
There are a number of issues that can cause this, and hence there are a few different solutions.
We got the error when we were supposed to provision certain artifacts on SharePoint online using PowerShell, based on an XML document describing the steps – think PnP provisioning templates. This led us to think it was somehow related to the XML file in question. This seemed logical.
However, the error itself just denies the processing of an XML document with DTD and doesn’t tell what this document actually is. Besides, why would a document with a DTD (Document Type Definition, typically used to describe the schema and structure of the document) suddenly become invalid, while it worked just the day before?
Well, of course, because it actually had nothing to do with our implementation!
This happened on multiple different machines, and multiple different network connections, with any XML input, but just against one tenant (others worked) – so we figured it has to be about some configuration on that particular tenant or data center. Furthermore, Connect-SPOService (to admin site) worked, but Connect-SPOnline to normal site failed.
That’s curious, right?
As per usual with issues in SharePoint Online, there are multiple different solutions.
The third option worked for us, but I’ve read online and our internal resources that the other solutions have helped other people (even though they didn’t help us), so I’m including them here.
- A conflict between cmdlets(?)
One colleague had fixed this by switching from Windows Powershell to SharePoint Online Management Shell. Didn’t help us.
- Is it a DNS issue? It’s always a DNS issue, isn’t it?
Connecting to Microsoft’s data centers might be trickier than you’d think. Interwebs is filled with stories about Microsoft just returning unresolvable DNS entries, which messes up the script, or your ISP might be trying to help and just makes the issue worse (by offering a “DNS help”-page which just omits the actual exception)
This might be fixed by changing to Google’s DNS (188.8.131.52), adding new entries to the host’s file, disabling ISP or router features, or just simply running the program/script somewhere else – try Azure virtual machine, for example.
- It’s not DNS messing up? Then maybe it’s IPv6!
This was weird, but disabling IPv6 finally solved our issues
Weird issue, but in the end, an easy solution.
Links and references
- More information about the DNS issues:
- https://blogs.technet.microsoft.com/marios_mo_betta_blog/2016/06/05/o365-powershell-error-dtd-is-prohibited-in-this-xml-document/ (this one is about Verizon)
- More info about the IPv6 issues:
Normally, I’d make those entries into links, but apparently, Gutenberg (WordPress’s new editor) crashes if I do that, so I’m just not gonna. Sorry!
- How to manually install Windows updates? - November 28, 2023
- How to restore an old version of a Trello card? - November 21, 2023
- How to fix winget when it’s throwing a “0x8a15000f : Data required by the source is missing”? - November 14, 2023