Our use of cookies

We use cookies to tailor your experience, gather analytics, and provide you with live assitance. By clicking "Accept" or continuing to browse our site you agree to the use of cookies. For more details please read our Cookie Policy.

Error; "For security reasons DTD is prohibited in this XML document"

When you try to connect to a SharePoint site, you may get this error:

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader"

The most common reason for this error is you ISP intercepting the request and not handling it correctly.

Unfortunately there is nothing SQList can do to avoid this error, however there are several article on this subject with possible resolutions; here are a few:

http://spinhe.blogspot.co.uk/2014/06/sharepoint-online-error-connect.html

https://social.msdn.microsoft.com/Forums/windows/en-US/98208aa6-c70e-40ed-851a-9c65737970a1/dtdisprohibitederrorwhenaccessingsharepoint2013office365listbutnot?forum=sharepointdevelopment


This is an extract form the first link:

"Both of these point to the person's local ISP being "helpful" by automatically intercepting unresolved URLs and suggesting alternatives."



Another reason you could get this error, if you attempt to authenticate SQList with SharePoint Online in Office365, could be the that some DNS settings are missing:

Check your Office365 domain has the following CNAME DNS entry:

Type: CNAME
Alias: MSOID
Target: clientconfig.microsoftonline-p.net

Here is Microsoft’s official explanation on the DNS record:

What’s the purpose of the additional Office 365 CNAME record?

When you run a client application that works with Office 365 such as Lync, Outlook, Windows PowerShell or Microsoft Azure Active Directory Sync tool, your credentials must be authenticated. Office 365 uses a CNAME record to point to the correct authentication endpoint for your location, which ensures rapid authentication response times.If this CNAME record is missing for your domain, these applications will use a default authentication endpoint in the United States, which means authentication might be slower. If this CNAME record isn’t configured properly, for example, if you have a typo in the Points to address, these applications won’t be able to authenticate.

If Office 365 manages your domain’s DNS records,, Office 365 sets up this CNAME record for you.

If you are managing DNS records for your domain at your DNS host, to create this record, you create this record yourself by following the instructions for your DNS host.