Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 952
  • Last Modified:

sharepoint error access denied

I just installed exchange 2007 and somehow the user I added to exchange mb was deleted from AD and I had to recreate the user no I can not access sharepoint

ERROR Access Denied

I have deleted the user from sharepoint then re added I got the email from sharepoint

do not know what I am missing here
  • 15
  • 10
10 Solutions
Are there any web parts on the page the user has no access to? Or has the user special access to one of those web parts (e.g. modified access to a certain list, so it does not inherit the site credentials)?
InserachofAuthor Commented:
no the user has full site control

have you deleted the user from the entire site collection or just from the site permissions page?
Try deleting from site collection and then adding back to the site with the desired permissions.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

InserachofAuthor Commented:
I went to central administration
site actions
site settings
user permissions
people and groups
the all people
deleted and added from there

that is the only place I know of where the users are defined

How do I get to the site collections people list?
Was this an ordinary site user or the user used to install sharepoint?
InserachofAuthor Commented:
This is a general user with full site permissions

The server administrator installed sharepoint
Ok, I was confused by the fact that you said "i went to central administration". My bad.

Indeed I was referring to the page "All people" page. Just to make sure I am providing below the steps to delete a user from the site collection.
If you did these steps, then you removed the user from site collection and the problem may be like rseabird suggested: user doesn't have permissions on some list or library (even though he has full control on the site).

1. On the site collection home page, click the Site Actions menu, point to Site Settings, and then click People and Groups.
2. On the People and Groups page, in the Quick Launch, click All People.
3. On the People and Groups: All People page, select the check box next to the user who you want to delete.
4. On the Actions menu, click Delete Users from Site Collection, and then click OK.
InserachofAuthor Commented:
Thats how I deleted them it is the only way I know so I was in the right place

Are there any web parts on the page the user has no access to? Or has the user special access to one of those web parts (e.g. modified access to a certain list, so it does not inherit the site credentials)?

where do I look for this ?
You would need to check the permissions on each library and list that is displayed on the page where the user receives Access Denied.
For example if an Announcements web part is displayed on the page, go to Announcements lists, click on Settings->List settings. Click on Permissions for this list and check if the permissions are inherited from the site or are unique. If they are unique (you will see a checkbox next to each user if the permissions are unique), then check if the user is listed here.
And check the same thing for all the other lists/libraries.
InserachofAuthor Commented:
I went to site actions  site settings under site administration site libraries and lists

a customize list appears i select announcements

The list inherits permissions from its parent web site

the user is listed here

now what do I do next?
InserachofAuthor Commented:
i found this in a google search

No, no, no, no no. Thomas... do not add users via web application policies.
From your previous post, what you are doing is adding users in Central
Administration. CA is it's own site collection with its own rules. This is
not the place for users. When you create a site collection you need to add
your users in that site collection in order to grant them access. Using Web
application policies gives a user over-riding permissions to all collections
in that web application. I seriously doubt this is what you are trying to

My question is how to I do this?

Only place I add users is in central admin

It is not a machne issue I can not get on with any account on any machine now
There is definetelly a confusion here; probably mine, so let's see if we can clarify.

Please provide some details: what is the link to the site where you want to give user access? what is the link user tries to open and is unsuccessful?

Central Administration has a link similar to http://servername:PORT/default.aspx
This is not the place where is recommended to add users, unless you want to give or restrict access to the entire web application (all site collections in the web application).
To give access to only a site, you need to navigate to that site (for example http://SITE), then go to site settings->Site actions, etc. like you did before.
InserachofAuthor Commented:
thats the problem I can not access the site from any machine on the network now

I use http://sharepointtgcs.com:81   for my site

i use http://tgcs001:4278   for central administration (this I can access from any machine)

even on the server that hosts sharepoint I get acess denied even with the administrator which is the account that I installed sharepoint with?  

Very strange

IE settings on the server maybe?  they are locked down by default

I added http://*sharepointtgcs.com  to my local security settings in IE

Not sure what to do here
Could be that you changed web application policy to lock everyone out?
Navigate to Central Administration-> Application Management ->Policy for web application (in Application Security area). Select your web application - should be the  http://sharepointtgcs.com:81 one.
Check if there are any users/groups with Deny all access.
InserachofAuthor Commented:
only entry is

Zone                display name                                    user name                                     Permissions
all zones      NT authority/local service            nt authority/local service                  full read
Ok, what happens when you try to access: http://tgcs001:81?
I am thinking that maybe there is an issue with the configuration of the "Alternate access mappings". Take a look in Central Admins->Operations->Alternate access mappings (in Global Configuration area).
See what is listed there.
InserachofAuthor Commented:
I get this

  The webpage cannot be found
 HTTP 400  
   Most likely causes:
•There might be a typing error in the address.
•If you clicked on a link, it may be out of date.
   What you can try:
     Retype the address.  

     Go back to the previous page.
     Go to  and look for the information you want.  

In CA I show this

Internal URL Zone                                                                         Public URL for Zone
http://sharepointtgcs.com:81  Default                                                  http://sharepointtgcs.com:81
http://tgcs001:4278                 Default                                                  http://tgcs001:4278

Any logs I can look at to see if we can find out what is going on here?

Any diag tool or something we can run to check the site config or settings?


Try looking in the Event Viewer logs on the server; and in sharepoint logs in
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS

But I think we started from one thing and got into a completelly different one; is the farm administrator able to access the sites?
InserachofAuthor Commented:
I review the logs an found no indication of any problem

The farm administrator (domain admin) cannot access the site either

no one can at this point
Is this a prod. environment? can you try to do an iisreset to see if anything changes?

Farm admin should be able to access the site; was there any change done to the configuration from the moment when you were able to access the site and until now? Any access policies defined?

Do you have more site collections? All behave the same? When you get the access denied error, what message is in Event Viewer - Security events? (should be something like Failure Audit)
InserachofAuthor Commented:
yes this is production but the server was restarted last night due to microsoft updates that came out so that should have been the same as doing an iisreset right?

No access policies created here every thing very straight forward

checked the event logs security and no access errors no errors listed at all

Only have one site defined

No events any where except on the web site

This is very strange

is it looking like it time to create another site to see if that works?

or delete this site and start over?
Yes, a restart would also mean a reset; are updates automatically installed? Were there any related to SharePoint on .NET? (this is to check that no additional changes were done)

You could create a new site collection, yes.
I would not delete the existing one (especially if you say it is production; aren't there data?)
InserachofAuthor Commented:
no updates to share point mostly security updates from MS

Yes a lot of data calendars documents tasks etc.

Over the weekend I will create a test collection site

Will post resutls
InserachofAuthor Commented:
new site created still same results

What is up with sharepoint 3.0

Need help on this please
InserachofAuthor Commented:

I mad a mistake on last commnet

I did create a new site http://sharepointtgcs.com:81/sites/test

I am able to access this site using site admin and a user with no problem

Here is what I think happened to my original site

the two users that wasgetting access denied were deleted from AD during my exchange 2007 server setup

I think the credientials are messed up

Also administrator can not logon I am not sure who the site admin is on the original site

I need to get to that level to be able to add users not at the site level

Any ideas



Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 15
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now