Cannot create sub site even with full permission

Sign in to vote

1. Check if you see something in the ULS logs

2. Check Users permission in Site settings > permissions

3. Create a new Permission level and add Create subsite option. Add user to this permission and check if you face same issue

http://office.microsoft.com/en-in/sharepoint-server-help/edit-create-and-delete-permission-levels-HA101805381.aspx

Wednesday, April 23, 2014 11:41 AM

0

Sign in to vote

I tried all that and even tried with full permission but no use. Is there anything else to check

Wednesday, April 23, 2014 11:56 AM

0

Sign in to vote

What my understanding here is, Users permission to the site has been broken, may be while creating your blog site.

In normal behavior of SharePoint it should not happen. But some time its behavior will put you in puzzle.

Anyhow, what you can do here is, just delete the user from the site and add them again with same permission.

One time it happened with me also. So, readding the user solved my problem.

Thanks,

Rakesh

Wednesday, April 23, 2014 12:07 PM

0

Sign in to vote

Check Central Administration->Application Management->Manage web application->User policy for your web application to see the list of users/groups who have user policy set for a hole WA. If user can belong to any of group in that list - check permission level.

Also check User Permission in the same place - whether checkbox "Create subsites" is checked.

Wednesday, April 23, 2014 12:17 PM

0

Sign in to vote

All permissions are checked. Here is the user policy screen. Appreciate ur quick response

Wednesday, April 23, 2014 12:34 PM

0

Sign in to vote

I dont think that central admin steps is the problem, from the above statement earlier user was able to create sub-site(This rubeesh can confirm).

Just try my step and check.

Thanks,

Rakesh

Wednesday, April 23, 2014 12:59 PM

0

Sign in to vote

The problem is not with just one user. Its for all users except site collection admins.

This is the first time any user tried to create a sub site after UPGRADE from SP 2010, last month.

Everything works fine in the test environment, which was also upgraded from 2010 using the same database.

note: Both production and test environment are having the same configuration. The only difference is that in the production i configured my site in the same site collection and in test its not configured

Wednesday, April 23, 2014 1:32 PM

0

Sign in to vote

Let's look into deeper details:

When you try to create site, the page /_layouts/15/newsbweb.aspx is opening. I guess you can open it but there is an error on submitting. What occurs on the error in ULS log?

Wednesday, April 23, 2014 2:05 PM

0

Sign in to vote

Yes the page /_layouts/15/newsbweb.aspx is opening. The issue is on submitting

From the Log i couldn't figure out much. It only says Could not retrieve a valid windows identity for username(This is same for all the users). But everything works fine if the user is a part of site collection administrator.

A section of the log:

2014 17:49:14.49 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'AGFUND-NETWORK\Rubeesh' with UPN 'Rubeesh@agfund.net'. UPN is required when Kerberos constrained delegation is used. Exception: System.ComponentModel.Win32Exception (0x80004005): Access is denied Server stack trace: at System.ServiceModel.Channels.AppContainerInfo.RunningInAppContainer() at System.ServiceModel.Channels.AppContainerInfo.get_IsRunningInAppContainer() at System.ServiceModel.Channels.PipeSharedMemory.get_PipeName() at System.ServiceModel.Channels.PipeSharedMemory.GetPipeName(AppContainerInfo appInfo) at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings) at System.ServiceModel.Channels.NamedPipeCo... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...nnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via) at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout) at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan time... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...out) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String upn, Int32 pid) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...Func`2 contractOperation) at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity(). ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication g220 Unexpected No windows identity for agfund-network\rubeesh. ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'AGFUND-NETWORK\Rubeesh' with UPN 'Rubeesh@agfund.net'. UPN is required when Kerberos constrained delegation is used. Exception: System.ComponentModel.Win32Exception (0x80004005): Access is denied Server stack trace: at System.ServiceModel.Channels.AppContainerInfo.RunningInAppContainer() at System.ServiceModel.Channels.AppContainerInfo.get_IsRunningInAppContainer() at System.ServiceModel.Channels.PipeSharedMemory.get_PipeName() at System.ServiceModel.Channels.PipeSharedMemory.GetPipeName(AppContainerInfo appInfo) at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings) at System.ServiceModel.Channels.NamedPipeCo... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...nnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via) at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout) at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan time... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...out) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String upn, Int32 pid) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...Func`2 contractOperation) at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity(). ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.49 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication g220 Unexpected No windows identity for agfund-network\rubeesh. ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'AGFUND-NETWORK\Rubeesh' with UPN 'Rubeesh@agfund.net'. UPN is required when Kerberos constrained delegation is used. Exception: System.ComponentModel.Win32Exception (0x80004005): Access is denied Server stack trace: at System.ServiceModel.Channels.AppContainerInfo.RunningInAppContainer() at System.ServiceModel.Channels.AppContainerInfo.get_IsRunningInAppContainer() at System.ServiceModel.Channels.PipeSharedMemory.get_PipeName() at System.ServiceModel.Channels.PipeSharedMemory.GetPipeName(AppContainerInfo appInfo) at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings) at System.ServiceModel.Channels.NamedPipeCo... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...nnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via) at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout) at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan time... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...out) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String upn, Int32 pid) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...Func`2 contractOperation) at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity(). ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication g220 Unexpected No windows identity for agfund-network\rubeesh. ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'AGFUND-NETWORK\Rubeesh' with UPN 'Rubeesh@agfund.net'. UPN is required when Kerberos constrained delegation is used. Exception: System.ComponentModel.Win32Exception (0x80004005): Access is denied Server stack trace: at System.ServiceModel.Channels.AppContainerInfo.RunningInAppContainer() at System.ServiceModel.Channels.AppContainerInfo.get_IsRunningInAppContainer() at System.ServiceModel.Channels.PipeSharedMemory.get_PipeName() at System.ServiceModel.Channels.PipeSharedMemory.GetPipeName(AppContainerInfo appInfo) at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings) at System.ServiceModel.Channels.NamedPipeCo... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...nnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via) at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout) at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan time... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...out) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String upn, Int32 pid) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...Func`2 contractOperation) at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity(). ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication g220 Unexpected No windows identity for agfund-network\rubeesh. ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'AGFUND-NETWORK\Rubeesh' with UPN 'Rubeesh@agfund.net'. UPN is required when Kerberos constrained delegation is used. Exception: System.ComponentModel.Win32Exception (0x80004005): Access is denied Server stack trace: at System.ServiceModel.Channels.AppContainerInfo.RunningInAppContainer() at System.ServiceModel.Channels.AppContainerInfo.get_IsRunningInAppContainer() at System.ServiceModel.Channels.PipeSharedMemory.get_PipeName() at System.ServiceModel.Channels.PipeSharedMemory.GetPipeName(AppContainerInfo appInfo) at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings) at System.ServiceModel.Channels.NamedPipeCo... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...nnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via) at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout) at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan time... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...out) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String upn, Int32 pid) at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...Func`2 contractOperation) at Microsoft.SharePoint.SPSecurityContext.GetWindowsIdentity(). ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication g220 Unexpected No windows identity for agfund-network\rubeesh. ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51 w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium SPSecurityContext: Could not retrieve a valid windows identity for username 'AGFUND-NETWORK\Rubeesh' with UPN 'Rubeesh@agfund.net'. UPN is required when Kerberos constrained delegation is used. Exception: System.ComponentModel.Win32Exception (0x80004005): Access is denied Server stack trace: at System.ServiceModel.Channels.AppContainerInfo.RunningInAppContainer() at System.ServiceModel.Channels.AppContainerInfo.get_IsRunningInAppContainer() at System.ServiceModel.Channels.PipeSharedMemory.get_PipeName() at System.ServiceModel.Channels.PipeSharedMemory.GetPipeName(AppContainerInfo appInfo) at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings) at System.ServiceModel.Channels.NamedPipeCo... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...nnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via) at System.ServiceModel.Channels.ConnectionPoolHelper.TakeConnection(TimeSpan timeout) at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout) at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout) at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade) at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan time... ca138a9c-5e6c-1039-692e-76e5e7893877
04/23/2014 17:49:14.51* w3wp.exe (0x0718) 0x06FC SharePoint Foundation Claims Authentication bz7l Medium ...out) at

Wednesday, April 23, 2014 3:35 PM

0

Sign in to vote

Interesting. At first, check whether Claims to Windows Token service is running.

And there is the similiar problem:

http://social.technet.microsoft.com/Forums/sharepoint/en-US/216c246e-9d45-425a-89f1-48efe7a5ed74/error-could-not-retrieve-a-valid-windows-identity?forum=sharepointadmin

Wednesday, April 23, 2014 4:23 PM

0

Sign in to vote

Claims to Windows Token service is stopped in the front end and app servers.

Even in test server this service is stopped and there i dont have any problem in creating sub site.

I have configured my site in the same web application of the site, cud this be a problem

Wednesday, April 23, 2014 4:44 PM

0

Sign in to vote

I read through your case again. I have noticed you are upgraded from SP2010. I guess, you had classic auth in SP2010 and now you have claims auth.

1. Please try to run Claims to Windows Token service (on both front end/app servers). It costs nothing to you.

2. Have you performed a user migration using standard PowerShell script?

$wapp = Get-SPWebApplication http://<your root site here>
$wapp.MigrateUsers($true)

Wednesday, April 23, 2014 7:31 PM

0

Sign in to vote

I had tried all these but no change.

Wednesday, April 23, 2014 8:19 PM

0

Sign in to vote

Make sure Style Resource reader group have all auth user with read access.

Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Wednesday, April 23, 2014 8:21 PM

0

Sign in to vote

I didnt get you. This group already has all auth users. I didnt understand what u mean by giving read permission inside the grp

Wednesday, April 23, 2014 8:39 PM

0

Sign in to vote

are you using the Publishing template? then Style Resources Readers & Restricted Reader group will be there.

Make Sure both Groups have the permission with limited access and restricted read on Pages Library and Style Library.

Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Wednesday, April 23, 2014 8:53 PM

0

Sign in to vote

The problem is when creating a collatbration sites like team site, project site or community site.

There is no issue when creaing publishing site, blog,document center,search center etc

Regarding ur replay "Make Sure both Groups have the permission with limited access and restricted read on Pages Library and Style Library". I have tried this and even tried with full access, but no positive result

I have created a new site collection and the issue remains same. Only the user who has full control at web application user control can create the team site

Edited by rubeesh Thursday, April 24, 2014 10:17 AM

Thursday, April 24, 2014 7:25 AM

0

Sign in to vote

I think the issue is related to seattle master file page.

now i cannot access the root site as http://intranet/ (gives me acces denied error)instead i have to type the complete url of home page http://intranet/SitePages/Home.aspx

Default master page is seatle.master

Thursday, April 24, 2014 1:54 PM

0

Sign in to vote

Can you check permissions on seattle master page? May be this is a key to the problem.

Thursday, April 24, 2014 3:57 PM

0

Sign in to vote

seattle master page inherits from master page library. I have even tried giving full access, but didn't work.

The access denied error on accessing the root site was solved by setting the key in web config file aspnet:AllowAnonymousImpersonation to false

But still the error on creating team site or project site remains same.

Thursday, April 24, 2014 4:37 PM

0

Sign in to vote

couple of things to test.

1) do you have a saperate web application, try to create a team site collection then try to create subsite

2) what is your main template for the root Site collection? if it is publishing, try to create a new site collection with Team Site template then test it.

Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Thursday, April 24, 2014 5:00 PM

0

Sign in to vote

Same error even in the new web application

Thursday, April 24, 2014 5:27 PM

0

Sign in to vote

then its more about the Web App level or even farm level.

try to reset the Object Cache. if it fixed fine otherwise.go for sp1 upgrade.

As you mentioned in the initial post that you are sp2013 with SP1, 1st release of SP1 having alot of issues, so i would recommend , go ahead and install the re-release version of SP1 from here.

http://blogs.technet.com/b/stefan_gossner/archive/2014/04/22/sp1-for-sharepoint-2013-has-been-rereleased.aspx

Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Thursday, April 24, 2014 5:34 PM

0

Sign in to vote

Ooook i wil try this. The strange thing is that our test server works fine, but its single server installation.

Thankz man.

Edited by rubeesh Thursday, April 24, 2014 8:32 PM

Thursday, April 24, 2014 5:50 PM

4

Sign in to vote

Hi Rubeesh,

Try permissioning 'everyone' read access and your timer service account 'full control' to the following list. I ran across this issue in the past and that resolved the issue.

http://{Your root site URL}/lists/taxonomyhiddenlist/AllItems.aspx

Hope this helps! Could you find an article on this but check this thread out.

thanks!

BlueSky2010
Please help and appreciate others by using forum features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"

Proposed as answer by S_Geo Wednesday, July 22, 2015 7:05 PM

Friday, April 25, 2014 2:03 PM

0

Sign in to vote

the list already has the said permission

Saturday, April 26, 2014 12:55 PM

0

Sign in to vote

Even the installtion of sp1 re-release couldnt solve the issue

Thursday, May 15, 2014 1:59 PM

0

Sign in to vote

You said, "users with full control to web app can create subsite"

So it is access problem, obviously. Try again to create a subsite (from non-full control user) and watch ULS for any "Access denied" type of errors. Maybe we miss something.

Friday, May 16, 2014 5:53 AM

0

Sign in to vote

Hi rubeesh,

I'm having exactly the same issue where you able to find a resolution?

Friday, June 27, 2014 5:20 AM

0

Sign in to vote

No. Planning a fresh farm installation and restore the content db

Friday, June 27, 2014 6:27 AM

0

Sign in to vote

I read through the proposed answers, and I once had something similar.

Let me suggest something totally different: Check "Self Service Site Creation". If it is OFF, it explains your phenomena. Users cannot create sites when it is OFF, but Admins can. Many companies set this OFF, so users don't go crazy creating a sprawl of sub-sub-sub-sites. What you need is to turn it ON.

-mrkcc

Friday, June 27, 2014 12:32 PM

0

Sign in to vote

It's already on, as I had configured mysite on the same web application

Friday, June 27, 2014 2:28 PM

0

Sign in to vote

And it is only visible in the users's sites page, as shown here, No?: http://blogs.technet.com/b/speschka/archive/2012/07/27/configuring-self-service-site-creation-in-sharepoint-2013.aspx

Friday, June 27, 2014 3:11 PM

0

Sign in to vote

I think this may be the root cause of the problem.

I also configured mysites on the same web application but moved to its own later, seemed this issue started around this time.

Sunday, June 29, 2014 10:06 PM

0

Sign in to vote

Tested with it on and off on mine with no success.

It only effects some site templates too not all.

Sunday, June 29, 2014 10:11 PM

0

Sign in to vote

Did u make any update in the master page

Sunday, June 29, 2014 10:31 PM

0

Sign in to vote

No it is a OTB master page.

I believe I've now resolved the problem in my case.

I deleted my current mysites host and also UPS (including corresponding databases) recreated both (make sure mysites is on its own webapp). I then performed a restarted of all WFE and App servers in farm then performed a Full Profile Synchronization and finished setting up mysites in UPS.

Now a site owners can create subsites (from their subsite of the root site) with just site owner permission of that site.

No special permissions are being applied from the top level site and Self Service site creation is off.

Marked as answer by rubeesh Monday, June 30, 2014 10:03 AM

Sunday, June 29, 2014 10:58 PM

0

Sign in to vote

Great ... This fixed my issue also.

Worked even without recreating UPS. just changed the my site config in the UPS to the new my site host

Monday, June 30, 2014 10:03 AM

0

Sign in to vote

Yes, check the 2013 links in the vertical menu on the left, click Site Contents, scroll all the way down, and find there "+ New Subsite". You can have "Self Service Site Creation" set ON for some Site Collections and OFF for others. IE: Make sure it is ON for all Site Collections, not just one.

Monday, June 30, 2014 1:22 PM

0

Sign in to vote

I have the same problem. I am troubleshooting and have some findings that may help others. To recap the problem, I have one specific site collection in which the site collection administrators can create sub sites using the "Team" site collection (Template STS#0) but other users who are members of the Owners group (and therefore have "Full Permission" cannot create sub-sites using the Team site template with a result "Sorry this site hasn't been shared with you" and the subsite does not exist.

Note that the ULS logs clearly show SharePoint successfully created the subsite and encounters an error later after applying the STS#0 template. The ULS message " Successfully applied template "STS#0" to web" clearly indicates the site was created ok and the template applied. We can therefore rule out the theory that users in the Owners group do not have enough permission ("Check User permissions...etc.") to create subsites, both because users can get to the Create Site page ok and because they can create subsites that use a different templates ok.

We can also rule out the theory that you should have Claims to Windows Token service running. This cannot be the issue -- at least in my case -- because I have two other site collections in the same farm in the same Web Application where the problem does not occur. Users who are members of the Owners group can create Team sub-sites just fine in those other site collections (and I don't have Claims to Windows Token service running).

Like you, I became suspicious of Claims Authentication because of the entry in the ULS log that rubeesh also had that says, "Claims Authentication SPSecurityContext: Could not retrieve a valid windows identity for username <then my user name appears here>".

However, that Claims Authentication ULS log entry comes only *after* the killer "Unexpected Exception attempting to ApplyWebTemplate to SPWeb"

Going back in the ULS log, it seems the first sign of trouble is the entry that says, "SharePoint Portal Server Content Following Unexpected Could not follow the url <the url of my failed subsite appears here>"

Finally, I decided there must be something wrong with my site collection. (I know, duh.) I created a new site
collection in the same farm in the same web app using the same template and the same content db as the broken site collection. I created the standard permission groups (Owners, etc.) just like the broken one, and added users including myself to that new site collection owners group. Using this new site collection, I successfully created a subsite using my credentials and specifying the Team site template. NOTE: I did not have to delete the MySite Host or re-create my User Profile Synch. Now I am using Metalogix Content Matrix to copy all the subsites from the broken Site Collection to the fixed site collection and will have to deal with the changed URL somehow. Hope this helps.

M. Cox

Saturday, March 21, 2015 10:32 PM

0

Sign in to vote

Worked for me, thanks

Wednesday, July 22, 2015 7:05 PM

5

Sign in to vote

I faced the same issue yesterday and the below solution worked for me

Gave read access for SharePoint Taxonomy Hidden List for all authenticated users operating within the site collection.

you can find that list by browsing directly to - /Lists/TaxonomyHiddenList.

The post is old but just posting so that it helps others.

Proposed as answer by Steven Hahn Thursday, October 8, 2015 8:06 PM

Tuesday, September 8, 2015 5:41 AM

0

Sign in to vote

M.Ahuja's workaround seems to work.

From research on the /lists/TaxonomyHiddenList - the permissions should look like this:

(Read isn't an option in 2013 for some reason).

On the problem site, System account was present, but not "Authenticated Users".

Steve Hahn

Edited by Steven Hahn Thursday, October 8, 2015 8:39 PM Found more information

Thursday, October 8, 2015 8:12 PM

0

Sign in to vote

This was the fix for me!

UCHKEV

Wednesday, December 6, 2017 4:49 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Cannot create sub site even with full permission

Question

Answers

All replies