none
access denied to one SharePoint web application RRS feed

  • Question

  • I published 3 sharepoint web applications on 443; web1.company.com, web2.company.com and web3.company.com. (UAG with SP1)

    web1 and web2 can be accessed fine, but when i try accessing web3 i get "You do not have permission to view this folder or page" and URL string is .../internalerror.asp?site_name=sharepointtrunk&secure=1&error_code=13

    i can't find error details anywhere in the logs.... when i access SharePoint directly i can access all 3 web applications

    on UAG under authentication i selected Use SSO --> Use Kerberos constrained delegation for single sign-on. when accessing web1 and web2 through UAG, SSO is working fine

    thanks

    Friday, July 29, 2011 3:08 AM

Answers

  • they were published with IP address. i changed it to web address and it turned ok
    • Marked as answer by damirsmc Friday, August 12, 2011 12:11 AM
    Friday, August 12, 2011 12:11 AM

All replies

  • The access denied message may come from improper Kerberos or Kerberos Delegation settings...

     

    1.) Does UAG Web Monitor contains further information why the request to web3 is getting denied?

    2.) Did you check your AD infrastructure if there are any differences in the Kerberos Delagtions settings of web1, web2 and web3?

    3.) Did you check your internal websites, if all of them are Kerberos enabled and have proper SPNs set?

    4.) When you access the SharePoint Site directly, can you confirm its really using Kerberos instead of NTLM? (Fiddler2 will tell you which Protocol is used)

     

    -Kai Wilke

     

    Friday, July 29, 2011 10:48 AM
  • Hi

    1) There is nothing in the web monitor which would indicate why the request is getting denied
    2) These settings are ok
    3) I checked and all of them have Kerberos working and proper SPN.
    4) I tested Kerberos and it's working proprly on all 3 web apps. I am also able to access all 3 web apps from UAG server

    Monday, August 1, 2011 12:31 AM
  • Hi Damir,

    the absence of web monitor log information makes the troubleshooting difficult and reduces the quality of our help to "try and error" at best.

    1.) Did you alredy tried the "Debug Trunk" option to take the URL filtering out equation?

    2.) Did you already recreated the affected rule (copy the rule from the working ones and change the URLs)?

    3.) Did you already turned of "Kerberos" and switched to BASIC to see if the problem is related to authentication or reverse proxy in generall?

    4.) Did you already checked the PKI infrastructure in place (the hop between UAG and your web servers)?

    -Kai

     

    Monday, August 1, 2011 2:29 PM
  • CAn u share how u published the SharePoint sites. I believe that u didnt publish them corectly.

    What have u set for each of them In the Servers Tab?

    Tnx

    Thursday, August 11, 2011 10:27 AM
  • they were published with IP address. i changed it to web address and it turned ok
    • Marked as answer by damirsmc Friday, August 12, 2011 12:11 AM
    Friday, August 12, 2011 12:11 AM