Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


SharePoint wss 3.0 renders blank page

Posted on 2011-03-06
Medium Priority
Last Modified: 2012-05-11
I have SharePoint wss 3.0 installed on two identical machines (one is development, the other is production).

On the development server, I have no problem.  I have implemented PKI with a CAC and it works perfectly.  Attached is a snippet of the web.config file (I changed only some of the literals).

On the production machine I have gone through the exact same steps to configure it but it is not working.  It prompts me for a certificate, prompts me for a CAC, prompts me for PIN number, and then after about 5 seconds of "thinking" I get a blank page.  It is truly a blank page (the HTML generated by IE for a blank page).

Does anyone have any clues?

I am physically in the office on a Sunday, so it's pretty important I get this working.

        <anonymousAuthentication enabled="false" />
        <basicAuthentication enabled="true" />
        <digestAuthentication enabled="false" />
        <windowsAuthentication enabled="false" />
        <iisClientCertificateMappingAuthentication enabled="true" manyToOneCertificateMappingsEnabled="true">
            <add name="Administrator (harper)" enabled="true" permissionMode="Allow" userName="admin" password="[enc:AesProvider:pEdQMgQnLDDpF0EnJieHsdUfkMGi86amMq9T3GOdMgdEbkKh+dTZs99SYLG8o:enc]">
                <add certificateField="Subject" certificateSubField="CN" matchCriteria="HARPER.GEOFF" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="O" matchCriteria="Franklin Mint" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="OU" matchCriteria="Coins" compareCaseSensitive="true" />
      <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />

Open in new window

Question by:GeoffHarper
  • 6
  • 4

Expert Comment

ID: 35052153
What it looks as is that you are trying to use the url on the same server where you have the site and please share if you are using a different host header name, If yes then you will have to add that host header in backward host header check or disable loopback check  in registry, Follow this article : http://support.microsoft.com/kb/896861 

Other than that Please check site is in trusted sites and if there is any error in ULS logs or event logs

Author Comment

ID: 35052940

No, I actually haven't tried to load the URL on the same server the site is on.  This is definitely behavior from the client computer.  As I said, the same setup works on a development server but not the production.  The development hostname is setup in DNS the same way production is, but with the letters "test" added to the machine name part.

I did earlier today add the host in that backward host header check but have not tried the disable loopback.
LVL 12

Expert Comment

ID: 35055256

Do you have an Alternative Access Mapping for the host header?  If not, your request is probably not getting passed from IIS to SharePoint.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 35055984

Thanks for the idea.  I was pretty sure I had configured (and I checked; I did) it but you're right, it is acting as if there was no Alternate Access Mappings.  I double-checked to make sure hoping it was blank, but, alas, I configured it.

Any other ideas are welcome, even if you think I must have already thought of them!
LVL 12

Accepted Solution

Hairbrush earned 2000 total points
ID: 35056390

How about trying this:

On your test/production server, fire up ULSViewer (http://www.harbar.net/archive/2010/10/06/ulsviewer-ndash-the-tool-that-no-sharepoint-practitioner-should-be.aspx) and then do an IISReset.  On your client, refresh your page.  Watch in ULSViewer to see what ULS log entries are written.  If nothing comes up, you know you've still got a config issue preventing your request getting to SharePoint.  If you do see entries, they might indicate the problem.

Author Comment

ID: 35056858

Ok, I'll try it.  Unfortunately, I won't be able to try it until lunchtime or after work because people are using the site.  They are currently using user/password to get in and my instructed goal is to allow logons by CAC only.

Author Comment

ID: 35063039

Ok, this was good in that it narrows it down!  I saw nothing.  Later I did observe the kind of stuff showing a bit of what SharePoint is doing when running it, so it was interesting.

I did this again just to make sure, and NOTHING.

So, the problem lies somewhere before the URL gets passed off to SharePoint, right?

I don't have a clue right now.  Also, a reminder that this whole thing works on my development machine, just not the production.

I have just spent some time comparing applicationHost.config and web.config files and other than the expected differences (test url name, machine name, etc.) they are the same.

Any ideas?
LVL 12

Expert Comment

ID: 35067939
To get the site onto the production machine, did you transfer it by backup and restore of the SQL database, and then you did you configure the different host header name in IIS?  If so, I think that is where the problem lies.  You should extend the site, following the procedure described in one or more of the pages below:





Let me know how you get on.


Assisted Solution

GeoffHarper earned 0 total points
ID: 35069284

No, I didn't do a restore.  I actually only modified web.config and applicationHost.config on the development side to get this working, so I manually merged my changes into the same files on production.

However, that is now a moot point.  I have solved the issue.

The ULSViewer pointer really helped a lot because prior to running it, I was convinced that SharePoint was the culprit.

As I began to search for "IIS blank page" and the like, I found this link http://blogs.msdn.com/b/allenwang/archive/2009/05/15/blank-ie-page-after-3-failed-authentication-attempts-iis-7-0-passthrough.aspx
which allowed me to see that there actually was an error 403 occurring!  I turned on the "detail" for "Error Pages" under the site's config GUI (BTW, "Failed Request Tracing" doesn't work on this machine; I get an error when I try to configure it or turn it on) and It said that the client's certificate was invalid, expired, revoked, or server couldn't verify it.

This clued me in to something I disabled about a year ago: The CRL (Certificate Revocation List) check.  We have a machine which is not on the Internet; it is only on a secured Intranet and there are no CRLs available so our only choice is to leave it disabled.  So, I thought that somehow it must have been turned back on so I ran my .BAT file which sets the registry entry (see 2nd comment: http://forums.iis.net/t/1100044.aspx). Then I rebooted (you have to for it to take effect).

I still had the same problem!  So, I went into the registry to actually look at the value under the "" key and it was "1" (which is disabled; correct)!  What I saw though, and had no idea existed, were parallel keys with the specific IP address spelled out.  That's the key IIS was looking at.  The value under that key needed to be set.  Once I changed that and rebooted, it all works perfectly!

Now, I am still new to this experts-exchange process of "Accept Solution" and "Accept and award points" so do you get the points because you helped me arrive at my answer, or don't get points because you didn't give the solution?

LVL 12

Expert Comment

ID: 35069468
Hi Geoff

Really glad you reached a solution.

There is a useful guide on how best to close a question here: http://www.experts-exchange.com/help.jsp#hs=26&hi=366

In this instance you could either:

Accept an Expert's Comment as the Solution on the basis that a particular comment "led you to the solution"


accept your own comment as the solution but click "Accept and Award Points" to award points for a comment that helped you

You are also asked to grade the solution.  An answer is worth an A, unless it doesn't resolve your issue. If it requires you to do a little more research, then it's worth a B.

Hope this helps!

Author Closing Comment

ID: 35120593
Expert really helped the process along by suggesting ULSViewer - this led to the solution.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Excel can be a tricky bit of software to get your head around. Whilst you’ll be able to eventually get to grips with the basic understanding of how to get by, there are a few Excel tips that not everybody will even know about let alone know how to d…
Having trouble getting your hands on Dynamics 365 Field Service or Project Service trial? Worry No More!!!
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question