sharepoint error access denied

I just installed exchange 2007 and somehow the user I added to exchange mb was deleted from AD and I had to recreate the user no I can not access sharepoint

ERROR Access Denied

I have deleted the user from sharepoint then re added I got the email from sharepoint

do not know what I am missing here
Who is Participating?

Improve company productivity with a Business Account.Sign Up

irinucConnect With a Mentor Commented:
Yes, a restart would also mean a reset; are updates automatically installed? Were there any related to SharePoint on .NET? (this is to check that no additional changes were done)

You could create a new site collection, yes.
I would not delete the existing one (especially if you say it is production; aren't there data?)
rseabirdConnect With a Mentor Commented:
Are there any web parts on the page the user has no access to? Or has the user special access to one of those web parts (e.g. modified access to a certain list, so it does not inherit the site credentials)?
InserachofAuthor Commented:
no the user has full site control
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

irinucConnect With a Mentor Commented:

have you deleted the user from the entire site collection or just from the site permissions page?
Try deleting from site collection and then adding back to the site with the desired permissions.
InserachofAuthor Commented:
I went to central administration
site actions
site settings
user permissions
people and groups
the all people
deleted and added from there

that is the only place I know of where the users are defined

How do I get to the site collections people list?
Was this an ordinary site user or the user used to install sharepoint?
InserachofAuthor Commented:
This is a general user with full site permissions

The server administrator installed sharepoint
irinucConnect With a Mentor Commented:
Ok, I was confused by the fact that you said "i went to central administration". My bad.

Indeed I was referring to the page "All people" page. Just to make sure I am providing below the steps to delete a user from the site collection.
If you did these steps, then you removed the user from site collection and the problem may be like rseabird suggested: user doesn't have permissions on some list or library (even though he has full control on the site).

1. On the site collection home page, click the Site Actions menu, point to Site Settings, and then click People and Groups.
2. On the People and Groups page, in the Quick Launch, click All People.
3. On the People and Groups: All People page, select the check box next to the user who you want to delete.
4. On the Actions menu, click Delete Users from Site Collection, and then click OK.
InserachofAuthor Commented:
Thats how I deleted them it is the only way I know so I was in the right place

Are there any web parts on the page the user has no access to? Or has the user special access to one of those web parts (e.g. modified access to a certain list, so it does not inherit the site credentials)?

where do I look for this ?
irinucConnect With a Mentor Commented:
You would need to check the permissions on each library and list that is displayed on the page where the user receives Access Denied.
For example if an Announcements web part is displayed on the page, go to Announcements lists, click on Settings->List settings. Click on Permissions for this list and check if the permissions are inherited from the site or are unique. If they are unique (you will see a checkbox next to each user if the permissions are unique), then check if the user is listed here.
And check the same thing for all the other lists/libraries.
InserachofAuthor Commented:
I went to site actions  site settings under site administration site libraries and lists

a customize list appears i select announcements

The list inherits permissions from its parent web site

the user is listed here

now what do I do next?
InserachofAuthor Commented:
i found this in a google search

No, no, no, no no. Thomas... do not add users via web application policies.
From your previous post, what you are doing is adding users in Central
Administration. CA is it's own site collection with its own rules. This is
not the place for users. When you create a site collection you need to add
your users in that site collection in order to grant them access. Using Web
application policies gives a user over-riding permissions to all collections
in that web application. I seriously doubt this is what you are trying to

My question is how to I do this?

Only place I add users is in central admin

It is not a machne issue I can not get on with any account on any machine now
irinucConnect With a Mentor Commented:
There is definetelly a confusion here; probably mine, so let's see if we can clarify.

Please provide some details: what is the link to the site where you want to give user access? what is the link user tries to open and is unsuccessful?

Central Administration has a link similar to http://servername:PORT/default.aspx
This is not the place where is recommended to add users, unless you want to give or restrict access to the entire web application (all site collections in the web application).
To give access to only a site, you need to navigate to that site (for example http://SITE), then go to site settings->Site actions, etc. like you did before.
InserachofAuthor Commented:
thats the problem I can not access the site from any machine on the network now

I use   for my site

i use http://tgcs001:4278   for central administration (this I can access from any machine)

even on the server that hosts sharepoint I get acess denied even with the administrator which is the account that I installed sharepoint with?  

Very strange

IE settings on the server maybe?  they are locked down by default

I added http://*  to my local security settings in IE

Not sure what to do here
irinucConnect With a Mentor Commented:
Could be that you changed web application policy to lock everyone out?
Navigate to Central Administration-> Application Management ->Policy for web application (in Application Security area). Select your web application - should be the one.
Check if there are any users/groups with Deny all access.
InserachofAuthor Commented:
only entry is

Zone                display name                                    user name                                     Permissions
all zones      NT authority/local service            nt authority/local service                  full read
irinucConnect With a Mentor Commented:
Ok, what happens when you try to access: http://tgcs001:81?
I am thinking that maybe there is an issue with the configuration of the "Alternate access mappings". Take a look in Central Admins->Operations->Alternate access mappings (in Global Configuration area).
See what is listed there.
InserachofAuthor Commented:
I get this

  The webpage cannot be found
 HTTP 400  
   Most likely causes:
•There might be a typing error in the address.
•If you clicked on a link, it may be out of date.
   What you can try:
     Retype the address.  

     Go back to the previous page.
     Go to  and look for the information you want.  

In CA I show this

Internal URL Zone                                                                         Public URL for Zone  Default                                        
http://tgcs001:4278                 Default                                                  http://tgcs001:4278

Any logs I can look at to see if we can find out what is going on here?

Any diag tool or something we can run to check the site config or settings?


irinucConnect With a Mentor Commented:
Try looking in the Event Viewer logs on the server; and in sharepoint logs in
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS

But I think we started from one thing and got into a completelly different one; is the farm administrator able to access the sites?
InserachofAuthor Commented:
I review the logs an found no indication of any problem

The farm administrator (domain admin) cannot access the site either

no one can at this point
irinucConnect With a Mentor Commented:
Is this a prod. environment? can you try to do an iisreset to see if anything changes?

Farm admin should be able to access the site; was there any change done to the configuration from the moment when you were able to access the site and until now? Any access policies defined?

Do you have more site collections? All behave the same? When you get the access denied error, what message is in Event Viewer - Security events? (should be something like Failure Audit)
InserachofAuthor Commented:
yes this is production but the server was restarted last night due to microsoft updates that came out so that should have been the same as doing an iisreset right?

No access policies created here every thing very straight forward

checked the event logs security and no access errors no errors listed at all

Only have one site defined

No events any where except on the web site

This is very strange

is it looking like it time to create another site to see if that works?

or delete this site and start over?
InserachofAuthor Commented:
no updates to share point mostly security updates from MS

Yes a lot of data calendars documents tasks etc.

Over the weekend I will create a test collection site

Will post resutls
InserachofAuthor Commented:
new site created still same results

What is up with sharepoint 3.0

Need help on this please
InserachofAuthor Commented:

I mad a mistake on last commnet

I did create a new site

I am able to access this site using site admin and a user with no problem

Here is what I think happened to my original site

the two users that wasgetting access denied were deleted from AD during my exchange 2007 server setup

I think the credientials are messed up

Also administrator can not logon I am not sure who the site admin is on the original site

I need to get to that level to be able to add users not at the site level

Any ideas


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.