Solved

SharePoint wss 3.0 renders blank page

Posted on 2011-03-06
11
1,214 Views
Last Modified: 2012-05-11
I have SharePoint wss 3.0 installed on two identical machines (one is development, the other is production).

On the development server, I have no problem.  I have implemented PKI with a CAC and it works perfectly.  Attached is a snippet of the web.config file (I changed only some of the literals).

On the production machine I have gone through the exact same steps to configure it but it is not working.  It prompts me for a certificate, prompts me for a CAC, prompts me for PIN number, and then after about 5 seconds of "thinking" I get a blank page.  It is truly a blank page (the HTML generated by IE for a blank page).

Does anyone have any clues?

I am physically in the office on a Sunday, so it's pretty important I get this working.

Thanks!
-Geoff
 
<system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="false" />
        <basicAuthentication enabled="true" />
        <digestAuthentication enabled="false" />
        <windowsAuthentication enabled="false" />
        <iisClientCertificateMappingAuthentication enabled="true" manyToOneCertificateMappingsEnabled="true">
          <manyToOneMappings>
            <add name="Administrator (harper)" enabled="true" permissionMode="Allow" userName="admin" password="[enc:AesProvider:pEdQMgQnLDDpF0EnJieHsdUfkMGi86amMq9T3GOdMgdEbkKh+dTZs99SYLG8o:enc]">
              <rules>
                <add certificateField="Subject" certificateSubField="CN" matchCriteria="HARPER.GEOFF" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="O" matchCriteria="Franklin Mint" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="OU" matchCriteria="Coins" compareCaseSensitive="true" />
              </rules>
            </add>
          </manyToOneMappings>
        </iisClientCertificateMappingAuthentication>
      </authentication>
      <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
    </security>
  </system.webServer>

Open in new window

0
Comment
Question by:GeoffHarper
  • 6
  • 4
11 Comments
 
LVL 6

Expert Comment

by:sabby447
Comment Utility
What it looks as is that you are trying to use the url on the same server where you have the site and please share if you are using a different host header name, If yes then you will have to add that host header in backward host header check or disable loopback check  in registry, Follow this article : http://support.microsoft.com/kb/896861

Other than that Please check site is in trusted sites and if there is any error in ULS logs or event logs
0
 
LVL 4

Author Comment

by:GeoffHarper
Comment Utility
@sabby447:

No, I actually haven't tried to load the URL on the same server the site is on.  This is definitely behavior from the client computer.  As I said, the same setup works on a development server but not the production.  The development hostname is setup in DNS the same way production is, but with the letters "test" added to the machine name part.

I did earlier today add the host in that backward host header check but have not tried the disable loopback.
0
 
LVL 12

Expert Comment

by:Hairbrush
Comment Utility
Hi

Do you have an Alternative Access Mapping for the host header?  If not, your request is probably not getting passed from IIS to SharePoint.
0
 
LVL 4

Author Comment

by:GeoffHarper
Comment Utility
@Hairbrush:

Thanks for the idea.  I was pretty sure I had configured (and I checked; I did) it but you're right, it is acting as if there was no Alternate Access Mappings.  I double-checked to make sure hoping it was blank, but, alas, I configured it.

Any other ideas are welcome, even if you think I must have already thought of them!
0
 
LVL 12

Accepted Solution

by:
Hairbrush earned 500 total points
Comment Utility
Geoff

How about trying this:

On your test/production server, fire up ULSViewer (http://www.harbar.net/archive/2010/10/06/ulsviewer-ndash-the-tool-that-no-sharepoint-practitioner-should-be.aspx) and then do an IISReset.  On your client, refresh your page.  Watch in ULSViewer to see what ULS log entries are written.  If nothing comes up, you know you've still got a config issue preventing your request getting to SharePoint.  If you do see entries, they might indicate the problem.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 4

Author Comment

by:GeoffHarper
Comment Utility
@Hairbrush:

Ok, I'll try it.  Unfortunately, I won't be able to try it until lunchtime or after work because people are using the site.  They are currently using user/password to get in and my instructed goal is to allow logons by CAC only.
0
 
LVL 4

Author Comment

by:GeoffHarper
Comment Utility
@Hairbrush:

Ok, this was good in that it narrows it down!  I saw nothing.  Later I did observe the kind of stuff showing a bit of what SharePoint is doing when running it, so it was interesting.

I did this again just to make sure, and NOTHING.

So, the problem lies somewhere before the URL gets passed off to SharePoint, right?

I don't have a clue right now.  Also, a reminder that this whole thing works on my development machine, just not the production.

I have just spent some time comparing applicationHost.config and web.config files and other than the expected differences (test url name, machine name, etc.) they are the same.

Any ideas?
0
 
LVL 12

Expert Comment

by:Hairbrush
Comment Utility
To get the site onto the production machine, did you transfer it by backup and restore of the SQL database, and then you did you configure the different host header name in IIS?  If so, I think that is where the problem lies.  You should extend the site, following the procedure described in one or more of the pages below:


http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?PageType=4&ListId={72C1C85B-1D2D-4A4A-90DE-CA74A7808184}&pID=804

http://lorsaintclair.wordpress.com/2010/01/06/url-mapping-for-an-existing-sharepoint-website-via-aam/

http://sharepoint.microsoft.com/Blogs/fromthefield/Lists/Posts/Post.aspx?ID=98

http://technet.microsoft.com/en-us/library/cc261814(office.12).aspx

Let me know how you get on.

Hairbrush
0
 
LVL 4

Assisted Solution

by:GeoffHarper
GeoffHarper earned 0 total points
Comment Utility
@Hairbrush:

No, I didn't do a restore.  I actually only modified web.config and applicationHost.config on the development side to get this working, so I manually merged my changes into the same files on production.

However, that is now a moot point.  I have solved the issue.

The ULSViewer pointer really helped a lot because prior to running it, I was convinced that SharePoint was the culprit.

As I began to search for "IIS blank page" and the like, I found this link http://blogs.msdn.com/b/allenwang/archive/2009/05/15/blank-ie-page-after-3-failed-authentication-attempts-iis-7-0-passthrough.aspx
which allowed me to see that there actually was an error 403 occurring!  I turned on the "detail" for "Error Pages" under the site's config GUI (BTW, "Failed Request Tracing" doesn't work on this machine; I get an error when I try to configure it or turn it on) and It said that the client's certificate was invalid, expired, revoked, or server couldn't verify it.

This clued me in to something I disabled about a year ago: The CRL (Certificate Revocation List) check.  We have a machine which is not on the Internet; it is only on a secured Intranet and there are no CRLs available so our only choice is to leave it disabled.  So, I thought that somehow it must have been turned back on so I ran my .BAT file which sets the registry entry (see 2nd comment: http://forums.iis.net/t/1100044.aspx). Then I rebooted (you have to for it to take effect).

I still had the same problem!  So, I went into the registry to actually look at the value under the "0.0.0.0:443" key and it was "1" (which is disabled; correct)!  What I saw though, and had no idea existed, were parallel keys with the specific IP address spelled out.  That's the key IIS was looking at.  The value under that key needed to be set.  Once I changed that and rebooted, it all works perfectly!

Now, I am still new to this experts-exchange process of "Accept Solution" and "Accept and award points" so do you get the points because you helped me arrive at my answer, or don't get points because you didn't give the solution?

-Geoff
0
 
LVL 12

Expert Comment

by:Hairbrush
Comment Utility
Hi Geoff

Really glad you reached a solution.

There is a useful guide on how best to close a question here: http://www.experts-exchange.com/help.jsp#hs=26&hi=366

In this instance you could either:

Accept an Expert's Comment as the Solution on the basis that a particular comment "led you to the solution"

or

accept your own comment as the solution but click "Accept and Award Points" to award points for a comment that helped you

You are also asked to grade the solution.  An answer is worth an A, unless it doesn't resolve your issue. If it requires you to do a little more research, then it's worth a B.

Hope this helps!
0
 
LVL 4

Author Closing Comment

by:GeoffHarper
Comment Utility
Expert really helped the process along by suggesting ULSViewer - this led to the solution.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now