Friday, August 23, 2013

How to enable or disable hyperlink warning messages in 2007 Office programs and in Office 2010 programs particularly for PDF do documents that open up in Internet Explorer.


I had an issue whereby, a hyperlink in excel, which points to a pdf document on our intranet/sharepoint site throws up a warning message which is because of HWLink.dll as per the articles below





http://support.microsoft.com/kb/829072
http://support.microsoft.com/kb/925757

I had tried the fix mentioned in the links above, all of them. However, the HWLINK.DLL warning seems to still come up.


This only happens when the pdf reader (i have tried Adobe and Nitro) have their web plugins for IE installed. As soon as i uninstall Adobe reader and its plugin, the warning message doesnt come up and the link opens up in the PDF reader, not in IE.

was there a way to allow the pdf hyperlink to open up in IE without excel throwing the Warning message ?

The message comes up only when going ot the intranet sites on sharepoint. If the link is pointing ot a pdf on a file server, it doesnt show a warning. Other file extensions like jPG open without any warnings in IE from Excel.

The site is in the intranet zone on IE as well.


Had tried the links above as a fix on office 2003, 2010 and 2007, but no joy.











Troubleshooting information gathering:

Logged a job with Microsoft. 

Was requested to follow the steps below to get more information:


A.      Please locate one testing client machine which could reproduce the specific “issue” behaviour there. (We’d better to focus on one version of Office product. For example, Office 2010). 

Please help to export the following registry keys (if you could find it) from this testing client machine to .reg files:

- HKEY_CLASSES_ROOT\Installer
- HKEY_CLASSES_ROOT\.PDF
- HKEY_CLASSES_ROOT\AcroExch.Document
- HKEY_CLASSES_ROOT\AcroExch.Document.7
- HKEY_CURRENT_USER\Software\Microsoft\Installer
- HKEY_CURRENT_USER\Software\Microsoft\Office   
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- HKEY_LOCAL_MACHINE\Software\Microsoft\Office 

If the specific problem machine is a 64-bit machine, please also export the following registry keys to .Reg files:

- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
-  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office 


Rename all exported .reg files to .txt files and then compress them into a .zip file. Send  the .zip file to me.

(Note:  Please must export the above registry keys to .reg files instead of .txt files directly.  Also please don’t forget to rename them to .txt files before compressing them into the .zip file. Otherwise, the mail scan software between us may be able to filter out those .reg files from the .zip file directly.)

B.      Please download and install/configure the Network Monitor utility and Process Monitor utility on this testing client machine:


Please open an Excel workbook including the link to .PDF file there. Please start capturing Process Monitor trace and Network Monitor trace, then click on the link to .PDF file to reproduce the specific warning message pop-up.  After the warning message pop-up, please stop the Process Monitor trace and Network Monitor trace capturing then save all captured Events/records to default format files


SOLUTION:

The below was the Final finding and step2 was the fix

1.       When reviewing/analyzing the captured dump file with the specific warning/error message pop-up when opening .PDF file through http URL link from Excel file, I could see the pop-up warning message box appearing when calling to the function “hlink!HrAllowUnsafeUrl”.  

For more relevant details on this, please refer to the following dump checking/analysis:

0:000> knL
# ChildEBP RetAddr 
00 0013f424 7e419418 ntdll!KiFastSystemCallRet
01 0013f45c 7e4249c4 user32!NtUserWaitMessage+0xc
02 0013f484 7e43a956 user32!InternalDialogBox+0xd0
03 0013f744 7e43a2bc user32!SoftModalMessageBox+0x938
04 0013f894 7e4663fd user32!MessageBoxWorker+0x2ba
05 0013f8ec 7e4664a2 user32!MessageBoxTimeoutW+0x7a
06 0013f920 7e450877 user32!MessageBoxTimeoutA+0x9c
07 0013f940 7e45082f user32!MessageBoxExA+0x1b
08 0013f95c 76828406 user32!MessageBoxA+0x45
09 0013fa98 76824e00 hlink!HrAllowUnsafeUrl+0x101
0a 0013fab0 781362f7 hlink!HLNK_Bsc::OnProgress+0xc6
0b 0013fad0 78136247 urlmon!CBSCHolder::OnProgress+0x3c
0c 0013faec 7816180b urlmon!CBinding::CallOnProgress+0x30
0d 0013fb58 78164128 urlmon!CBinding::InstantiateObject+0xb7
0e 0013fbb4 78164019 urlmon!CBinding::OnObjectAvailable+0x15d
0f 0013fbe0 781382ee urlmon!CBinding::OnTransNotification+0x173
10 0013fc10 78137c84 urlmon!CBinding::ReportData+0x77
11 0013fc30 7813638f urlmon!COInetProt::ReportData+0x6e
12 0013fc58 78136205 urlmon!CTransaction::DispatchReport+0x37e
13 0013fc84 78136424 urlmon!CTransaction::DispatchPacket+0x31
14 0013fca4 781423a7 urlmon!CTransaction::OnINetCallback+0x92
15 0013fcbc 7e418734 urlmon!TransactionWndProc+0x28
16 0013fce8 7e418816 user32!InternalCallWinProc+0x28
17 0013fd50 7e4189cd user32!UserCallWinProcCheckWow+0x150
18 0013fdb0 7e418a10 user32!DispatchMessageWorker+0x306
19 0013fdc0 30024572 user32!DispatchMessageW+0xf
1a 0013fdcc 30024534 EXCEL!DispatchMessageU+0x2d
1b 0013fde4 30024441 EXCEL!DispatchEvtNaked+0xb2
1c 0013feb0 3000424b EXCEL!MainLoop+0x7b3
1d 0013ff30 30003f0a EXCEL!WinMain+0x391
1e 0013ffc0 7c817077 EXCEL!__tmainCRTStartup+0x140
1f 0013fff0 00000000 kernel32!BaseProcessStart+0x23

0:000> lmvm hlink
start    end        module name
76820000 76835000   hlink      (private pdb symbols) 
    Loaded symbol image file: hlink.dll
    Image path: C:\WINDOWS\system32\hlink.dll
    Image name: hlink.dll
    Timestamp:        Mon Apr 14 08:09:44 2008 (4802A0C8)
    CheckSum:         00018C11
    ImageSize:        00015000
    File version:     5.2.3790.2748
    Product version:  5.2.3790.2748
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     hlink.dll
    OriginalFilename: hlink.dll
    ProductVersion:   5.2.3790.2748
    FileVersion:      5.2.3790.2748 (srv03_sp1_qfe.060717-0810)
    FileDescription:  Microsoft Office 2000 component
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

0:000> .frame08
08 0013f95c 76828406 user32!MessageBoxA+0x45
0:000> dv
      hwndOwner = 0x00f20946
       lpszText = 0x0b528060 "Opening http://www.vmware.com/pdf/ha_datasheet.pdf..Some files can contain viruses or otherwise be harmful to your computer..It is important to be certain that this file is from a trustworthy source...Would you like to open this file?.."
    lpszCaption = 0x0013f990 "Microsoft Office"
         wStyle = 0x121

0:000> .frame09
09 0013fa98 76824e00 hlink!HrAllowUnsafeUrl+0x101
0:000> dv
         pwzUrl = 0x0025f320
             hr = 0x80004004
         pszUrl = 0x00212050 "http://www.vmware.com/pdf/ha_datasheet.pdf"
      szCaption = char [258] "Microsoft Office"
         pszBuf = 0x0b528060 "Opening http://www.vmware.com/pdf/ha_datasheet.pdf..Some files can contain viruses or otherwise be harmful to your computer..It is important to be certain that this file is from a trustworthy source...Would you like to open this file?.."
         pszMsg = 0x0023fae8 "Opening %s..Some files can contain viruses or otherwise be harmful to your computer..It is important to be certain that this file is from a trustworthy source...Would you like to open this file?.."


2.       Based on the above output from dump checking/analysis, I further reviewed and compared the captured Process Monitor trace in problem scenario and normal scenario.  I found the key point is the following record “Excel.exe process tried to query one registry key value ‘EditFlags’ under the key ‘HKCR\htmlfile_FullWindowEmbed\’ instead of the PDF file extension related registry key location. But could not find it there.”:

11:02:57.1658855 AM             0.0000039            EXCEL.EXE           5208       RegQueryValue        HKCR\htmlfile_FullWindowEmbed\EditFlags   NAME NOT FOUND         Length: 144

So the current suggestion to resolve the specific issue and suppress the warning message box pop-up when trying to open .PDF file through the http URL link is:

Please try to create/add the REG_DWORD type registry value “EditFlags” (with the value data "EditFlags"=dword:00010000) under the registry key location “HKCR\htmlfile_FullWindowEmbed\” on the same problem client machine.  After that, please restart the client machine and then try to open the PDF file through the http URL link from the Excel file again.

9 comments:

  1. Thanks Rahul,

    That removed the warning. Following your process, what I did was:

    1. Run Procmon.exe
    2. Turn capture off, then clear. Turn capture on.
    3. Click hyperlink in Excel.
    4. Turn capture off. Filter by Process=Excel.exe, Operation=RegQueryValue, Result=NAME NOT FOUND
    5. Find first entry with EditFlags in Path.
    6. Open Regedit, navigate to the Path. Add new DWORD type called “EditFlags” with the Hexadecimal value 10000.

    Hyperlink no longer displays a dialog saying "Some files can contain viruses or otherwise be harmful to your computer".

    ReplyDelete
  2. Paul and Rahul --

    You are the BEST. I've searched for almost 2 hours now to find how to whitelist filetypes like this and this is the only method that's worked for me.

    Appreciate it immensely!

    ReplyDelete
  3. This is a great technique as it can be adapted to various versions of Excel and Windows. In my case, it provided a solution for two different versions of Excel running under Windows 10. Many thanks to Rahul for the basic method, and to Paul Harris for the succinct set of step-by-step instructions.

    Now my problem is finding which of 317 RegQueryValue = NAME NOT FOUND is responsible for another (non-PDF) file type not opening correctly in the browser (if indeed RegQueryValue is the appropriate marker in this instance)!

    ReplyDelete
  4. AS I just independently (without peeking here first, honest!) used Procmon to confirm what was giving me grief with hyperlinks in Excel 2010, I have to ask: how on earth did you decide what value for EditFlags was required? I found the value on another site, but once again with no explanation of why it works.

    ReplyDelete
  5. Hello,

    I have the same error but wasn't able to find the EditFlags portion in procmon. I added the registry portion with the same warning. Could you explain why you came to realize this was the issue? I have identical machines, one with FoxIt and another with Acrobat and only the Acrobat machine is giving me this error.

    ReplyDelete
  6. In case anyone else stumbles here with office 16, I had to manually input 16.0 like microsoft KB said by manually inserting the folders in the regedit. Then ran and found edit flags here: HKCU\Software\Classes\AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723\EditFlags

    This registry key seems to be Edge browser related.

    What I would do if it doesn't show up is set your filters first then open excel, clear, open hyperlinks then stop capture. you should have maybe 30 entries and you can manually go through them.

    Thanks for the help

    ReplyDelete
  7. If you don't see editflags like I didn't go through the first couple of registry edits and work your way down creating entries until it gives you one.

    ReplyDelete
  8. I was trying to open .lnk shortcut files with excel and this error was bugging me a lot. Tried almost every tip and trick but couldn't get excel not to show this warning. Paul and Rahul, you both are genius guys, your trick helped me avoid tons of extra clicks.

    ReplyDelete
  9. This saved me after 2 hours of looking everywhere.
    THANK YOU!!!

    ReplyDelete