Solved

SharePoint wss 3.0 renders blank page

Posted on 2011-03-06
11
1,224 Views
Last Modified: 2012-05-11
I have SharePoint wss 3.0 installed on two identical machines (one is development, the other is production).

On the development server, I have no problem.  I have implemented PKI with a CAC and it works perfectly.  Attached is a snippet of the web.config file (I changed only some of the literals).

On the production machine I have gone through the exact same steps to configure it but it is not working.  It prompts me for a certificate, prompts me for a CAC, prompts me for PIN number, and then after about 5 seconds of "thinking" I get a blank page.  It is truly a blank page (the HTML generated by IE for a blank page).

Does anyone have any clues?

I am physically in the office on a Sunday, so it's pretty important I get this working.

Thanks!
-Geoff
 
<system.webServer>
    <security>
      <authentication>
        <anonymousAuthentication enabled="false" />
        <basicAuthentication enabled="true" />
        <digestAuthentication enabled="false" />
        <windowsAuthentication enabled="false" />
        <iisClientCertificateMappingAuthentication enabled="true" manyToOneCertificateMappingsEnabled="true">
          <manyToOneMappings>
            <add name="Administrator (harper)" enabled="true" permissionMode="Allow" userName="admin" password="[enc:AesProvider:pEdQMgQnLDDpF0EnJieHsdUfkMGi86amMq9T3GOdMgdEbkKh+dTZs99SYLG8o:enc]">
              <rules>
                <add certificateField="Subject" certificateSubField="CN" matchCriteria="HARPER.GEOFF" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="O" matchCriteria="Franklin Mint" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="OU" matchCriteria="Coins" compareCaseSensitive="true" />
              </rules>
            </add>
          </manyToOneMappings>
        </iisClientCertificateMappingAuthentication>
      </authentication>
      <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
    </security>
  </system.webServer>

Open in new window

0
Comment
Question by:GeoffHarper
  • 6
  • 4
11 Comments
 
LVL 6

Expert Comment

by:sabby447
ID: 35052153
What it looks as is that you are trying to use the url on the same server where you have the site and please share if you are using a different host header name, If yes then you will have to add that host header in backward host header check or disable loopback check  in registry, Follow this article : http://support.microsoft.com/kb/896861 

Other than that Please check site is in trusted sites and if there is any error in ULS logs or event logs
0
 
LVL 4

Author Comment

by:GeoffHarper
ID: 35052940
@sabby447:

No, I actually haven't tried to load the URL on the same server the site is on.  This is definitely behavior from the client computer.  As I said, the same setup works on a development server but not the production.  The development hostname is setup in DNS the same way production is, but with the letters "test" added to the machine name part.

I did earlier today add the host in that backward host header check but have not tried the disable loopback.
0
 
LVL 12

Expert Comment

by:Hairbrush
ID: 35055256
Hi

Do you have an Alternative Access Mapping for the host header?  If not, your request is probably not getting passed from IIS to SharePoint.
0
 
LVL 4

Author Comment

by:GeoffHarper
ID: 35055984
@Hairbrush:

Thanks for the idea.  I was pretty sure I had configured (and I checked; I did) it but you're right, it is acting as if there was no Alternate Access Mappings.  I double-checked to make sure hoping it was blank, but, alas, I configured it.

Any other ideas are welcome, even if you think I must have already thought of them!
0
 
LVL 12

Accepted Solution

by:
Hairbrush earned 500 total points
ID: 35056390
Geoff

How about trying this:

On your test/production server, fire up ULSViewer (http://www.harbar.net/archive/2010/10/06/ulsviewer-ndash-the-tool-that-no-sharepoint-practitioner-should-be.aspx) and then do an IISReset.  On your client, refresh your page.  Watch in ULSViewer to see what ULS log entries are written.  If nothing comes up, you know you've still got a config issue preventing your request getting to SharePoint.  If you do see entries, they might indicate the problem.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 4

Author Comment

by:GeoffHarper
ID: 35056858
@Hairbrush:

Ok, I'll try it.  Unfortunately, I won't be able to try it until lunchtime or after work because people are using the site.  They are currently using user/password to get in and my instructed goal is to allow logons by CAC only.
0
 
LVL 4

Author Comment

by:GeoffHarper
ID: 35063039
@Hairbrush:

Ok, this was good in that it narrows it down!  I saw nothing.  Later I did observe the kind of stuff showing a bit of what SharePoint is doing when running it, so it was interesting.

I did this again just to make sure, and NOTHING.

So, the problem lies somewhere before the URL gets passed off to SharePoint, right?

I don't have a clue right now.  Also, a reminder that this whole thing works on my development machine, just not the production.

I have just spent some time comparing applicationHost.config and web.config files and other than the expected differences (test url name, machine name, etc.) they are the same.

Any ideas?
0
 
LVL 12

Expert Comment

by:Hairbrush
ID: 35067939
To get the site onto the production machine, did you transfer it by backup and restore of the SQL database, and then you did you configure the different host header name in IIS?  If so, I think that is where the problem lies.  You should extend the site, following the procedure described in one or more of the pages below:


http://sharepoint.microsoft.com/blog/Pages/BlogPost.aspx?PageType=4&ListId={72C1C85B-1D2D-4A4A-90DE-CA74A7808184}&pID=804

http://lorsaintclair.wordpress.com/2010/01/06/url-mapping-for-an-existing-sharepoint-website-via-aam/

http://sharepoint.microsoft.com/Blogs/fromthefield/Lists/Posts/Post.aspx?ID=98

http://technet.microsoft.com/en-us/library/cc261814(office.12).aspx

Let me know how you get on.

Hairbrush
0
 
LVL 4

Assisted Solution

by:GeoffHarper
GeoffHarper earned 0 total points
ID: 35069284
@Hairbrush:

No, I didn't do a restore.  I actually only modified web.config and applicationHost.config on the development side to get this working, so I manually merged my changes into the same files on production.

However, that is now a moot point.  I have solved the issue.

The ULSViewer pointer really helped a lot because prior to running it, I was convinced that SharePoint was the culprit.

As I began to search for "IIS blank page" and the like, I found this link http://blogs.msdn.com/b/allenwang/archive/2009/05/15/blank-ie-page-after-3-failed-authentication-attempts-iis-7-0-passthrough.aspx
which allowed me to see that there actually was an error 403 occurring!  I turned on the "detail" for "Error Pages" under the site's config GUI (BTW, "Failed Request Tracing" doesn't work on this machine; I get an error when I try to configure it or turn it on) and It said that the client's certificate was invalid, expired, revoked, or server couldn't verify it.

This clued me in to something I disabled about a year ago: The CRL (Certificate Revocation List) check.  We have a machine which is not on the Internet; it is only on a secured Intranet and there are no CRLs available so our only choice is to leave it disabled.  So, I thought that somehow it must have been turned back on so I ran my .BAT file which sets the registry entry (see 2nd comment: http://forums.iis.net/t/1100044.aspx). Then I rebooted (you have to for it to take effect).

I still had the same problem!  So, I went into the registry to actually look at the value under the "0.0.0.0:443" key and it was "1" (which is disabled; correct)!  What I saw though, and had no idea existed, were parallel keys with the specific IP address spelled out.  That's the key IIS was looking at.  The value under that key needed to be set.  Once I changed that and rebooted, it all works perfectly!

Now, I am still new to this experts-exchange process of "Accept Solution" and "Accept and award points" so do you get the points because you helped me arrive at my answer, or don't get points because you didn't give the solution?

-Geoff
0
 
LVL 12

Expert Comment

by:Hairbrush
ID: 35069468
Hi Geoff

Really glad you reached a solution.

There is a useful guide on how best to close a question here: http://www.experts-exchange.com/help.jsp#hs=26&hi=366

In this instance you could either:

Accept an Expert's Comment as the Solution on the basis that a particular comment "led you to the solution"

or

accept your own comment as the solution but click "Accept and Award Points" to award points for a comment that helped you

You are also asked to grade the solution.  An answer is worth an A, unless it doesn't resolve your issue. If it requires you to do a little more research, then it's worth a B.

Hope this helps!
0
 
LVL 4

Author Closing Comment

by:GeoffHarper
ID: 35120593
Expert really helped the process along by suggesting ULSViewer - this led to the solution.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync meeting or Lync conferencing is what many organizations would like to deploy to allow them save money. But companies are now giving up for various reasons, one of which is that they cannot join external meetings (non-federated company meetings)…
The new Microsoft OS looks great, is easier than ever to upgrade to, it is even free.  So what's the catch?  If you don't change the privacy settings, Microsoft will, in accordance with the (EULA) you clicked okay to without reading, collect all the…
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now