Sharepoint 2003 - Error in "manage security" on specific subsite. RRS feed

  • Question

  • Hello,

    We have a problem with a Sharepoint 2003 site.
    When choosing the "manage security" option on that specific subsite, you get a page saying "an unexpected error has occured". The problem is only with this specific subsite. Any other site works fine.
    Because of this no one except administrators can upload documents to the document library on that site.
    Any other user gets a prompt to log in and after 3 tries gets told they don't have permission for that site (even if they had permission for this site since before the problem started).

    The problem started after a user with "set permission" rights on that site gave another user access. That user left the company right after so I don't know what he did or if it is the reason for the issue we're having.

    I've tried getting more information about the error by setting CallStack=true in the top site web.config.
    This got me the standard Microsoft yellow message saying I need to set customErrors=Off.
    I set customErrors off and it proceded to tell me to set it to RemoteOnly for local and otherwise off.
    This message continues to display even if I set customErrors to Off or RemoteOnly.
    I've tried accessing the page both locally and from another server with the same result.

    There is no log folder in "C:\Program Files\Common Files\Microsoft Shared\web server extensions\60".
    I checked in "Central Administration -> Configure usage analysis processing" and the logfile it pointed to only contained calls made which doesn't help isolating the problem.
    The Windows EventViewer does not log any errors either.

    I know the problem occurs when sharepoint tries calling spcatsec.aspx with the Id of the site I'm trying to administer, but I don't know why it fails.
    I've tried looking in the database to see if anything looks wrong, but I haven't found anything there (not that I really know what to look for).

    I'd be happy for any suggestions on what could be wrong or how to find more information about the problem.

    Thank you

    Friday, February 7, 2014 12:41 PM

All replies

  • I experienced something similar to this after a migration, this fixed it

    try changing the line one to use version  versus since you have 2003

    [System.Reflection.Assembly]::Load( 'Microsoft.SharePoint, Version="", culture=neutral, PublicKeyToken= 71e9bce111e9429c' )
    $renderXmlPatternAttribute = "RenderXMLUsingPattern"
    $siteCollUrl = "http://sharepoint.com"
    $spsite = New-Object Microsoft.SharePoint.SPSite( $siteCollUrl )
    $spweb = $spsite.OpenWeb()
    $field = $spweb.Fields["Effective Permissions Mask"]
    [xml] $xd = New-Object System.Xml.XmlDocument
    $xd.LoadXml( $field.schemaXml )
    $xe = $xd.get_DocumentElement()
    if ( $xe.$renderXmlPatternAttribute -eq $null ) {
          $attr = $xd.CreateAttribute( $renderXmlPatternAttribute )
          $attr.set_Value( "TRUE" )
          $field.schemaXml = $xe.get_OuterXml()
    foreach ( $spweb in $spsite.AllWebs) {
          for ($i = 0; $i -lt $spweb.Lists.Count; $i++) {
                $field = $spweb.Lists[$i].Fields["Effective Permissions Mask"]
                [xml] $xd = New-Object System.Xml.XmlDocument
                $xd.LoadXml( $field.schemaXml )
                $xe = $xd.get_DocumentElement()
                if ( $xe.$renderXmlPatternAttribute -eq $null ) {
                      "$spweb - $($spweb.Lists[$i])"
                      $attr = $xd.CreateAttribute( $renderXmlPatternAttribute )
                      $attr.set_Value( "TRUE" )
                      $field.schemaXml = $xe.get_OuterXml()



    To fix security of a recently migrated SharePoint site perform the following.

    1. Download PowerShell to the front-end server and install
    2. Save the code above into a file with a ps1 extension
    3. at the prompt of the directory where you saved the file make sure to set exectution policy to unrestricted.  NOTE:  change the site url from :"http://sharepoint.com" to your sites url
    4. Call the file with this command “.\filename.ps1”, just type everything between the quotes, filename is whatever you named the file in step two, above.
    5. Make sure to run all the above on a farm administrator account and to set-executionpolicy to unrestricted.
    6. In a nutshell this script removes the null permissions masks and gaps that sometimes get created during a migration from one sp farm to another.  Handy stuff here, just change the URL that the $siteCollURL variable points towards.

    If that doesn't work, you could export the site content out and import it into a temporary or new site, then if you need the URL, delete that bad site, recreate it and then import from the new\temporary site. 

    http://technet.microsoft.com/en-us/library/cc262759(v=office.12).aspx - Export with stsadm

    http://technet.microsoft.com/en-us/library/cc261866(v=office.12).aspx - Import with stsadm


    Stacy www.sharepointpapa.com

    Saturday, February 8, 2014 11:46 PM
  • Thank you for the input,

    I will look into your suggestion.

    From the code, it appears that you open an XML-schema containing the site hierarchy with node info.
    Then set an attribute on the node corresponding to the faulting site(s).

    Is that Schema openly readable?
    That is, if I can find the node myself in the tree, can I open the file in a text-editor and manually edit the node? (and so easily revert if something goes wrong).
    I'm a bit uncomfortable running a script on the production server and I'm afraid the client in question does not have a dev/test-server (and fixing that is out of scope of this issue).

    Kind Regards

    Monday, February 10, 2014 4:04 PM
  • you're welcome and no problem

    I would NOT recommend editing the schema directly as it would violate most support agreements,

    this link has examples of some of the types of changes that are not supported:  http://support.microsoft.com/kb/841057/en-us

    scroll down to the bulleted list under more options section

    copy to a new web application, then run the above against that web app (e.g. replace the sharepoint.com with the restored web app url, $siteCollUrl = "http://sharepoint.com") 

    Stacy www.sharepointpapa.com

    Sunday, March 23, 2014 1:12 PM