Authentication Issues in Forms Designer for SharePoint Online in Office 365

In this article, I would like to describe the most frequent authentication issues that users encounter while trying to connect to SharePoint Online with Forms Designer.

SharePoint Online credentials are not supported.

Sign in failed: Cannot contact web site or the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized’. The response headers are ‘X-SharePointHealthScore=1, X-MSDAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically.

Reason and Solution

SharePoint Online has a setting called “LegacyAuthProtocolsEnabled” that prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources.

By default, this option is enabled in all tenants. But as an administrator, you can tighten up the security and disallow clients to log in with SharePoit Online credentials.

To re-enable this setting, run the code snippet in Sharepoint Online Management Shell:

Set-SPOTenant -LegacyAuthProtocolsEnabled $True
Set-SPOTenant -RequireAcceptingAccountMatchInvitedAccount $False

An update of SharePoint tenant settings does not take an immediate effect. So, you will need to wait a while, from minutes to 24 hours, and then try to connect agian.

Note: Your company might have performed a security hardening and disabled this by purpose. If so, we would recommend to turn off the setting after configuring forms.


Multi-factor authentication is not supported.

Sign-in failed: The sign-in name or password does not match one in the Microsoft account system.

Sign-in failed: The partner returned a bad sign-in name or password error. For more information, see Federation Error-handling Scenarios.

Reason and Solution

The multifactor authentication is not supported by Forms Designer, so make sure that it is turned off for your account.


DTD is prohibited in this XML document.

Sign in failed: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

Reason and Solution

The issue is related to your ISP providing a “search assistance” page when a request returns an error due to no DNS entry matching that URL. Because this is not the expected XML that the SP Client Context library was looking for (i.e., it does not have the DTD that it validates), the exception is thrown.

A simple resolution is to change your network connection adapter settings to use a DNS server IP other than the one auto-retrieved from your ISP, such as Google’s:

  1. Go to your network adapter and edit your IPv4 properties.
  2. Add Google’s DNS server as your DNS instead of using your ISPs by entering and as your primary and secondary DNS.

Hope these tips will be helpful. Feel free to leave your comments.

Recommend this: