BClarkIndy
asked on
Random "Access Denied" Errors in SharePoint Even Though Users Have Access
Users of our SharePoint site have been experiencing random Access Denied messages, even though they have been given permission to access it (either expressly or as a member of an AD group). When the user clicks the "go back to site" link, or if they hit the back button and try to access again, they are able to access the site fine for a while.
Other Observations: This typically seems to happen the first time they access a site for the day or if they have not accessed the site for awhile (few hours?), and it does not seem to happen at the main site (typically only sub-sites). The problem only seems to occur when a particular user has read access; it does NOT seem to occur with users who have full control (e.g. my account has never had a problem, and I am in site owner group of all sites). Also, the problem does not seem to change whether authentication is set for Kerberos or NTLM.
My symptoms are similar to the question at https://www.experts-exchange.com/questions/23953683/Random-Error-Access-Denied-to-users-with-Access-to-the-site.html, however the solution does not seem applicable because I am in a single-server environment.
WSS 3.0
Single server
SQL Server back-end
Other Observations: This typically seems to happen the first time they access a site for the day or if they have not accessed the site for awhile (few hours?), and it does not seem to happen at the main site (typically only sub-sites). The problem only seems to occur when a particular user has read access; it does NOT seem to occur with users who have full control (e.g. my account has never had a problem, and I am in site owner group of all sites). Also, the problem does not seem to change whether authentication is set for Kerberos or NTLM.
My symptoms are similar to the question at https://www.experts-exchange.com/questions/23953683/Random-Error-Access-Denied-to-users-with-Access-to-the-site.html, however the solution does not seem applicable because I am in a single-server environment.
WSS 3.0
Single server
SQL Server back-end
Sorry meant CHECK on Advanced Tab> Do Not Save Encrypted Pages to Disk.
Not uncheck, since by default it's not enabled.
Not uncheck, since by default it's not enabled.
ASKER
I have tested the above solution and does not solve the problem. The referenced KB article seems to pertain to Basic Authentication and WEBDAV on the client when accessing WSS document libraries using explorer view. I believe my symptoms are different.
The weird part of my issue is that clients ARE able to connect, but only after they are first presented with an access denied error. If they immediately re-attempt access to the sub-site, they can see it just fine. It's almost as though there was some sort of authorization timeout, causing an access denied page to be presented to the user even though they are authorized.
The weird part of my issue is that clients ARE able to connect, but only after they are first presented with an access denied error. If they immediately re-attempt access to the sub-site, they can see it just fine. It's almost as though there was some sort of authorization timeout, causing an access denied page to be presented to the user even though they are authorized.
Try resetting the IE security setting to default, then test. You could have something set too high like the Intranet security. I know I have to personally touch every pc for my sharepoint users due to the our corp. default image IE security settings are not Sharepoint friendly.
http://www.fiddler2.com/fiddler2/version.asp?ver=2.1.2.0&IsBeta=False
Download that FIddler2 web debug tool, it can help you watch the initial timeout session. Might help point you in the right direction, as it will show you each session between the client and servers and allow you to review the HTML requests, acknowledgements, and failures under the Session Inspector tab in Headers, Textview, webforms, Hexview, Auth, RAW, and XML. Pretty handy tool. Helped me narrow down my issue with the UseBasicAuth issue.
Download that FIddler2 web debug tool, it can help you watch the initial timeout session. Might help point you in the right direction, as it will show you each session between the client and servers and allow you to review the HTML requests, acknowledgements, and failures under the Session Inspector tab in Headers, Textview, webforms, Hexview, Auth, RAW, and XML. Pretty handy tool. Helped me narrow down my issue with the UseBasicAuth issue.
Found this answer to a similiar problem: https://www.experts-exchange.com/questions/23953683/Random-Error-Access-Denied-to-users-with-Access-to-the-site.html
Quote:
adaco:Well I finally figured out what was causing our issues. We recently installed a sharepoint add on that modified the web.config file. The install failed so we had to uninstall. In the process the web.config file was different on both front end web servers. I restored the web.config file from back up and all is well.
EndQuote:
Hope this helps.
Quote:
adaco:Well I finally figured out what was causing our issues. We recently installed a sharepoint add on that modified the web.config file. The install failed so we had to uninstall. In the process the web.config file was different on both front end web servers. I restored the web.config file from back up and all is well.
EndQuote:
Hope this helps.
ASKER
Thanks for the comment Maverickpoet. As stated in my original question above, I also saw this same question you are suggesting. However, because the solution to that problem was to synch-up two different web.config files on two FE servers, I unfortunately do not see how that relates to the problem I am having since I only have one web server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To work around this behavior, enable Basic authentication on the client computer. To do this, add the UseBasicAuth registry entry to the following registry subkey, and then set the entry to a non-zero value:
HKEY_LOCAL_MACHINE\SYSTEM\
To enable Basic authentication on the client computer, follow these steps:
Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\
On the Edit menu, point to New, and then click DWORD Value.
Type UseBasicAuth, and then press ENTER.
On the Edit menu, click Modify.
In the Value data box, type 1, and then click OK.
Note Basic authentication is enabled if the UseBasicAuth registry entry is set to a non-zero value. Basic authentication is disabled if the UseBasicAuth registry entry is not present or if the UseBasicAuth registry entry is set to 0 (zero).
Exit Registry Editor, and then restart the computer.
In Internet Explorer>Tools>Options> Please configure the following as well.
Security tab>Trusted> added Sharepoint server name
Content Tab>Autocomplete>Settings>
Advanced Tab> Uncheck Do Not Save Encrypted Pages to Disk.
Make sure to flush their IE cache for any saved pw's and files/forms.
This should resolve your password issue.