Fix to “For security reasons DTD is prohibited in this document….”

February 20, 2019
< Back
You are here:

You were trying to connect AssistMyTeam Apps with your Office 365 SharePoint site, and got the following error:

For security reasons DTD is prohibited in this document. To enable DTD processing set DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

This error happens possibly because there is a missing DNS record in your Office 365 tenant. This is particularly true if your account with Office 365 was upgraded/ported from previous Microsoft Business productivity Online Suite (BPOS). The fix is to check for the DNS for the following record:

Type: CNAME
Alias: MSOID
Target: clientconfig.microsoftonline-p.net
Info: Used by Office 365 to direct authentication to the correct identity platform (More Information…)

If the above information is missing in your DNS records of your tenant, you would need to add the CNAME entry in DNS of your SharePoint site and AssistMyTeam Apps should works just fine with your Office 365 SharePoint site. This document from Microsoft office explains how to create the entry:

https://support.office.com/en-us/article/Add-or-edit-custom-DNS-records-in-Office-365-af00a516-dd39-4eda-af3e-1eaf686c8dc9?ui=en-US&rs=en-US&ad=US

Microsoft’s official explaination on the DNS record:
What’s the purpose of the additional Office 365 CNAME record? When you run a client application that works with Office 365 such as Lync, Outlook, Windows PowerShell or Microsoft Azure Active Directory Sync tool, your credentials must be authenticated. Office 365 uses a CNAME record to point to the correct authentication endpoint for your location, which ensures rapid authentication response times.If this CNAME record is missing for your domain, these applications will use a default authentication endpoint in the United States, which means authentication might be slower. If this CNAME record isn’t configured properly, for example, if you have a typo in the Points to address, these applications won’t be able to authenticate.If Office 365 manages your domain’s DNS records,, Office 365 sets up this CNAME record for you.

If you are managing DNS records for your domain at your DNS host, to create this record, you create this record yourself by following the instructions for your DNS host.

Previous Cannot contact web site ‘https://xxxx.sharepoint.com/’ or the web site does not support SharePoint Online credentials
Next We purchased multiple seats but received only one license key.