The Duet Deployment Guide states that for BCS offline scenarios to work, you must first install the required WCF hotfix, but it doesn’t tell you what will happen if you don’t so here are some symptoms to help you figure this out more quickly if you forgot to install the hotfix.

If you do not install the hotfix, you will likely see the following errors on the client machine when trying to access an offline list:

In the Synchronization Status dialog for the offline list you may see an error like:

SOAP security negotiation with 'http://sharepointserver:1234/_vti_bin/sts/spsecuritytokenservice.svc/windows'

for target 'http://sharepointserver:1234/_vti_bin/sts/spsecuritytokenservice.svc/windows' failed.

See inner exception for more details.

To see the inner exception you need to get a BCS Trace on the client. Once collected, open it in Event Viewer and look for a Critical entry in the trace. Right below it you should have an information entry with details similar to this:

System.InvalidOperationException: The signing token System.IdentityModel.Tokens.RsaSecurityToken has no key that supports the algorithm suite Basic256Sha256.

Server stack trace:

  at System.ServiceModel.SecurityAlgorithmSuite.GetSignatureAlgorithmAndKey(SecurityToken token, etc…

Resolution

To resolve this issue install the required WCF hotfix on the client systems.  Here is the section of the Duet Enterprise documentation from the Deployment Guide related to this:

Client computer prerequisite for offline scenarios

End-users can use Microsoft Office Premium applications to take Duet Enterprise for Microsoft SharePoint and SAP content offline. However, to support this offline scenario, a hotfix must first be installed on each client computer in which Duet Enterprise for Microsoft SharePoint and SAP content will be taken offline. This hotfix applies to computers that are running Windows Vista and Windows 7.

For information about the hotfix for Windows Vista, see Knowledge Base Article 973975

For information about the hotfix for Windows 7, see Knowledge Base Article 976462