none
Access Denied on SharePoint Root Site - even though access is given

    Question

  • Dear,

    I have the following Scenario:

    -A SharePoint Farm consisting of 2 Application Servers, 2 index Servers and 2 WFEs (Load Balanced)

    -In Alternate Access Mapping Added 1 entry for my web application using the load balancer name

    -Modify My Host Files for the 2 following scenarios:

    1- Modify hosts file to point to wfe1 ip, and try to access the site using the Load Balancer Name, the user is provided with the normal sharepoint access denied page. but if the user types the full URL to the welcome page the user can access. i.e if I type https://loadbalancername/ user will get access denied, if i type https://loadbalancername/Pages/Default.aspx the user can access normaly.

    2- Modify hosts file to point to wfe2 ip, and try to access the site using the load balancer name, the user can access normaly. i.e if i type https://loadbalancername/ i will be redirected to the landing page of the site with no access denied issue.

    I have read a couple of blogs and most of them propose to enable anonymous access and then disable it but this did not work for me.

    I have also verified that all of the files on WFE1 and WFE2 in IIS are the same and the folders have the same permissions even the web.configs are identical.

    Appreciate your help guys.


    Regards Malek



    Sunday, May 31, 2015 4:58 AM

Answers

  • The issue has been fixed, the only way was to Turn off the Microsoft SharePoint Foundation Web Application feature from the WFE1 which removed all of the IIS sites and then turning it back on which created all of the sites with the default configurations.


    Regards Malek

    Sunday, June 07, 2015 8:34 AM

All replies

  • Hi Malek,

    As your description, my understanding is that you cannot open the site using https://loadbalancername however it worked well using https://loadbalancename/Pages/Default.aspx when you modified hosts file to point WFE1.

    This issue seems to be about IIS redirection. Please check the IIS maanger on the WFE1, and make sure click on the server node, click “ISAPI and CGI Restrictions”, verify that you have the following web service extensions allowed:

    If this issue still exists, please use Fiddler to track this issue.

    And there is a similar post for your reference:

    http://www.freakingsharepoint.com/2010/10/sharepoint-server-not-redirecting-to.html

    Thanks,

    Wendy


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, June 01, 2015 8:21 AM
    Moderator
  • Thanks Wendy for the reply.

    I went to the iis site and the options where already allowed, so i put them to deny then allow again, but this did not fix my issue still having error denied.

    As for Fiddler i get the following 2 items when i try to hit the site:

    1----

    <html><head><title>Object moved</title></head><body>
    <h2>Object moved to <a href="https://loadbalancername/_layouts/15/AccessDenied.aspx?Source=https%3A%2F%2Floadbalancername">here</a>.</h2>
    </body></html>


    -------------------------

    2-----

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">
    <head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta http-equiv="X-UA-Compatible" content="IE=8"/><meta name="ROBOTS" content="NOHTMLINDEX" /><title>
    	 Access required 
    </title><link rel="stylesheet" type="text/css" href="/_layouts/15/1033/styles/corev15.css?rev=ox%2BqLd6WTqhn6d%2FMqf2BMw%3D%3D"/>
    <link rel="stylesheet" type="text/css" href="/_layouts/15/1033/styles/error.css?rev=nc1850SZNy60qTAeQIRxsA%3D%3D"/>
    <script type="text/javascript" src="/_layouts/15/init.js?rev=%2FWTxr8UesytJ8GB%2F5hOwZA%3D%3D"></script>
    <script type="text/javascript" src="/ScriptResource.axd?d=_FU8vNwxxYThFUsT1Z2NHgOvURnJwHfkBYLYOWEtI-ueOZL93z3mzS7sBCHc_mKVBBX52k4cPrTIHED7uKEi-zhI1I5jHDIaZlzv41IXYlUCO10SUPWBlsWBMWUAP9PY_PFBOqdo-fPxUi2fY6cmeXYP338G7ps6VUK1OqXvu-r961bVLfsRyIsvEIfo7OGW0&amp;t=ffffffff805766b3"></script>
    <script type="text/javascript" src="/_layouts/15/blank.js?rev=ZaOXZEobVwykPO9g8hq%2F8A%3D%3D"></script>
    <script type="text/javascript" src="/ScriptResource.axd?d=H6ge4sNIiVZJ6x_yobPBF_mXTS3KE9FGM5Mw5LiiGiLi3KgmGbz0p9i0BQQ86_seSRX0XkqS1bKZ4CR6UFH7rV-9ovLsSm7MhLA6QExzIPPmfWvY0THO3sg6UbXScKy1G3QNQQe_2dALSL46iLS_8SkXEX0lQrPBhdcupRuTWsA7Gtz4GEHNR8oqlq2EFUoW0&amp;t=ffffffff805766b3"></script>
    <script type="text/javascript">RegisterSod("initstrings.js", "\u002f_layouts\u002f15\u002f1033\u002finitstrings.js?rev=4Yrxyggg5knao3D48Ii\u00252FWA\u00253D\u00253D");</script>
    <script type="text/javascript">RegisterSod("strings.js", "\u002f_layouts\u002f15\u002f1033\u002fstrings.js?rev=u\u00252B0KcZWR52dtr8LTlqcZcw\u00253D\u00253D");RegisterSodDep("strings.js", "initstrings.js");</script>
    <script type="text/javascript">RegisterSod("sp.init.js", "\u002f_layouts\u002f15\u002fsp.init.js?rev=3nSw25FIGbfepznMSgi74A\u00253D\u00253D");</script>
    <script type="text/javascript">RegisterSod("sp.res.resx", "\u002f_layouts\u002f15\u002fScriptResx.ashx?culture=en\u00252Dus\u0026name=SP\u00252ERes\u0026rev=yNk\u00252FhRzgBn40LJVP\u00252BqfgdQ\u00253D\u00253D");</script>
    <script type="text/javascript">RegisterSod("sp.ui.dialog.js", "\u002f_layouts\u002f15\u002fsp.ui.dialog.js?rev=0xf6wCIW4E1pN83I9nSIJQ\u00253D\u00253D");RegisterSodDep("sp.ui.dialog.js", "sp.init.js");RegisterSodDep("sp.ui.dialog.js", "sp.res.resx");</script>
    <script type="text/javascript">RegisterSod("core.js", "\u002f_layouts\u002f15\u002fcore.js?rev=uA2xjCXmuYM5ARP8g3eTSA\u00253D\u00253D");RegisterSodDep("core.js", "strings.js");</script>
     <meta name="Robots" content="NOINDEX " /> <meta name="SharePointError" content="1" /> <link rel="shortcut icon" href="/_layouts/15/images/favicon.ico?rev=23" type="image/vnd.microsoft.icon" /></head>
    <body id="ms-error-body" onload="if (typeof(_spBodyOnLoadWrapper) != 'undefined') _spBodyOnLoadWrapper();">
    	<form method="post" action="AccessDenied.aspx?Source=https%3a%2f%2floadbalancername" id="aspnetForm" onsubmit="if (typeof(_spFormOnSubmitWrapper) != &#39;undefined&#39;) {return _spFormOnSubmitWrapper();} else {return true;}">
    <div class="aspNetHidden">
    <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
    <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
    <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTUyMTc2Nzg3MQ9kFgJmD2QWAgIBD2QWAgIDD2QWBAIDD2QWAgIBDxYCHgRUZXh0BS1Tb3JyeSwgdGhpcyBzaXRlIGhhc24ndCBiZWVuIHNoYXJlZCB3aXRoIHlvdS5kAgkPZBYCAgEPZBYEAgEPDxYCHgdWaXNpYmxlaGRkAgMPDxYCHwFoZGRkXeob1jBtqBELUDbf3BbuWMC8YRrqAGqUoiZ71Qm/PUo=" />
    </div>
    
    <script type="text/javascript">
    //<![CDATA[
    var theForm = document.forms['aspnetForm'];
    if (!theForm) {
        theForm = document.aspnetForm;
    }
    function __doPostBack(eventTarget, eventArgument) {
        if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
            theForm.__EVENTTARGET.value = eventTarget;
            theForm.__EVENTARGUMENT.value = eventArgument;
            theForm.submit();
        }
    }
    //]]>
    </script>
    
    
    <script src="/WebResource.axd?d=OCIjLqc_7vLY9_8-N7IxWzcVkLMYfahOvW61cGMiyuFNlWL8IsHgDR8AvB0p96T3Vn1cU-N5V1LOIcC2k-uTW329ekwEStRQBqg4hPtEITQ1&amp;t=635589579571259667" type="text/javascript"></script>
    
    
    <script type="text/javascript">
    //<![CDATA[
    var g_presenceEnabled = true;
    var g_wsaEnabled = false;
    var g_wsaQoSEnabled = false;
    var g_wsaQoSDataPoints = [];
    var g_wsaLCID = 1033;
    var g_wsaListTemplateId = null;
    var g_wsaSiteTemplateId = 'BLANKINTERNET#0';
    var _fV4UI=true;var _spPageContextInfo = {webServerRelativeUrl: "\u002f", webAbsoluteUrl: "https:\u002f\u002floadbalancername", siteAbsoluteUrl: "https:\u002f\u002floadbalancername", serverRequestPath: "\u002f_layouts\u002f15\u002fAccessDenied.aspx", layoutsUrl: "_layouts\u002f15", webTitle: "Home", webTemplate: "53", tenantAppVersion: "4226893589", webLogoUrl: "\u002fStyle Library\u002fFolderName\u002fIMG\u002fLogo.png", webLanguage: 1033, currentLanguage: 1033, currentUICultureName: "en-US", currentCultureName: "en-US", clientServerTimeDelta: new Date("2015-06-04T08:14:23.5833329Z") - new Date(), siteClientTag: "857$$15.0.4569.1000", crossDomainPhotosEnabled:false, webUIVersion:15, webPermMasks:{High:2147483647,Low:4294967295}, pagePersonalizationScope:1,userId:275, systemUserKey:"i:0\u0029.w|s-1-5-21-727562058-488711462-3053795855-48325", alertsEnabled:true, siteServerRelativeUrl: "\u002f", allowSilverlightPrompt:'True',"themedCssFolderUrl" : "/_catalogs/theme/Themed/7BA5726B","themedImageFileNames" : {"spcommon.png" : "spcommon-B35BB0A9.themedpng?ctag=92","ellipsis.11x11x32.png" : "ellipsis.11x11x32-2F01F47D.themedpng?ctag=92","O365BrandSuite.95x30x32.png" : "O365BrandSuite.95x30x32-C212E2FD.themedpng?ctag=92","socialcommon.png" : "socialcommon-6F3394A9.themedpng?ctag=92","spnav.png" : "spnav-230C537D.themedpng?ctag=92"}};var MSOWebPartPageFormName = 'aspnetForm';//]]>
    </script>
    
    <script src="/_layouts/15/blank.js?rev=ZaOXZEobVwykPO9g8hq%2F8A%3D%3D" type="text/javascript"></script>
    <script type="text/javascript">
    //<![CDATA[
    if (typeof(DeferWebFormInitCallback) == 'function') DeferWebFormInitCallback();//]]>
    </script>
    
    <div class="aspNetHidden">
    
    	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="5CC0CAE7" />
    </div>
    	<script type="text/javascript">
    //<![CDATA[
    Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager', 'aspnetForm', [], [], [], 90, 'ctl00');
    //]]>
    </script>
    
    	<div id="ms-error-header" class="ms-pr">
    		<h1 class="ms-core-pageTitle">
    			 Sorry, this site hasn't been shared with you. 
    		</h1>
    		<div>
    			
    		</div>
    	</div>
    	<div id="ms-error">
    		<div id="ms-error-top">
    			
    		</div>
    		<div id="ms-error-content">
    			<div id="ms-error-error-content">
    				<div id="DeltaPlaceHolderMain">
    	
    					  <div id="ms-accessDenied-reqDialog">  </div> <div id="ctl00_PlaceHolderMain_AccessDeniedAdditionalDetails"></div> 
    				
    </div>
    			</div>
    			 
    		</div>
    	</div>
    
    
    <script type="text/javascript">
    //<![CDATA[
    var _fV4UI = true;//]]>
    </script>
    </form>
    </body>
    </html>
    

    Any Idea?


    Regards Malek

    Thursday, June 04, 2015 8:22 AM
  • In addition only the root site collection is doing this issue, all other site collections in the same web application are working fine!

    i think this rules out any IIS config issues


    Regards Malek


    Thursday, June 04, 2015 9:47 AM
  • Hi Malek,

    For the Fiddler tracking message, it is so general, we cannot find any useful information.

    Could you check the ULS log to check if there is anything about this issue? The path of the log file is: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS.

    Thanks,

    Wendy


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, June 05, 2015 9:27 AM
    Moderator
  • The issue has been fixed, the only way was to Turn off the Microsoft SharePoint Foundation Web Application feature from the WFE1 which removed all of the IIS sites and then turning it back on which created all of the sites with the default configurations.


    Regards Malek

    Sunday, June 07, 2015 8:34 AM
  • Thank you That worked well although it works better with a script 

    Thanks again

    Thursday, July 14, 2016 9:39 AM