locked
Taxonomy post from personal newsfeed to site newsfeed - access denied RRS feed

  • Question

  • We got a problem when posting newsfeed posts from personal feed to a site feed using a hashtag, posting posts without hashtag works fine. If you do so you will get this error: 

    "Something went wrong

    You don't have access to the newsfeed on the site. Request access to participate in the conversation."

    When you post to "share with everyone" on your personal site, you can use tags without any problems. 
    When being on a site and using hashtags in the site feed you will not have any problems. 
    The problem only occures when using hashtags on your personal newsfeed posting to a site in another web application.

    The surroundings:

    The personal sites are running on web application "my". Other web applications are "teams", "sharepoint", "portal",... 

    Each web application has a single database. SharePoint is running on CU August 2016. We have this problem since we run SharePoint 2013 (non migrated system - all new installed in 2014). Each web application has a single user account to run (my -> pSPmysiteapp, teams -> pSPteamsiteapp, portal -> pSPportalapp,...). In addition there is a pSPserviceapp account running all service applications and a pSPfarm account. 

    For testing I decided to try to post from personal feed (web application my) to one of the team sites (web application teams).

    First I was looking for ULS logs. But the error you get has no correlation id and seems not to impact in the sharepoint log files although logging is set to verbose. So no way here to find the sollution.

    Then I checked the SQL Server security settings for the content databases.  I set the users pSPteamsiteapp, pSPmysiteapp and pSPserviceapp to "sysadmin" to exclude a sql permission problem - without success. The error persists. 

    Then I went to the central administration and had a look on the web application user policy. This is what is set there (on teams web application as an example):

    (all zones) NT AUTHORITY\LOCAL SERVICE - full read
    (all zones) pSPserviceapp - full access
    (all zones) pSPcrawler - full read
    (all zones) pSPsetup - full access
    (all zones) pSPmysiteapp - full access

    The "pSPmysiteapp" account has been added by me trying to solve the issue. But the issue persists... 

    Then as a last try I went to a team site on teams web application and opened the hidden list {sitecollection}/Lists/TaxonomyHiddenList/ and checked the permissions. It had its own permissions set to everyone read. I added full access for everyone and tested to post from my personal site to the feed on that site. Still having the issue. 

    So now I am running out of ideas. Maybe someone has an idea where to look or what to check. 

    Thanks in advice!

    Phil


    • Edited by Phil Hammer Tuesday, February 14, 2017 8:57 AM added info in first sentence
    Tuesday, February 14, 2017 8:54 AM

Answers

  • Hi Phil,

    It seam the cause is that the My Site web application and other web applications use the different application pool accounts.

    Try running the following command to grant access to other web application.

    $WebApp = Get-SPWebApplication “http://<web application>”
    
    $WebApp.GrantAccessToProcessIdentity(“<mysite application pool account>”)


    A similar issue for your reference:

    https://spvee.wordpress.com/2014/09/16/sharepoint-2013-newsfeed-outside-my-sites-hashtags-and-pictures/

    Best regards,

    Linda Zhang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Phil Hammer Wednesday, February 15, 2017 9:33 AM
    Wednesday, February 15, 2017 8:45 AM

All replies

  • Hi Phil,

    It seam the cause is that the My Site web application and other web applications use the different application pool accounts.

    Try running the following command to grant access to other web application.

    $WebApp = Get-SPWebApplication “http://<web application>”
    
    $WebApp.GrantAccessToProcessIdentity(“<mysite application pool account>”)


    A similar issue for your reference:

    https://spvee.wordpress.com/2014/09/16/sharepoint-2013-newsfeed-outside-my-sites-hashtags-and-pictures/

    Best regards,

    Linda Zhang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Phil Hammer Wednesday, February 15, 2017 9:33 AM
    Wednesday, February 15, 2017 8:45 AM
  • Thank you so much for your solution! That did the trick. My users are excited! *Thumbs up* 
    Wednesday, February 15, 2017 9:34 AM