Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


SharePoint wss 3.0 renders blank page

Posted on 2011-03-06
Medium Priority
Last Modified: 2012-05-11
I have SharePoint wss 3.0 installed on two identical machines (one is development, the other is production).

On the development server, I have no problem.  I have implemented PKI with a CAC and it works perfectly.  Attached is a snippet of the web.config file (I changed only some of the literals).

On the production machine I have gone through the exact same steps to configure it but it is not working.  It prompts me for a certificate, prompts me for a CAC, prompts me for PIN number, and then after about 5 seconds of "thinking" I get a blank page.  It is truly a blank page (the HTML generated by IE for a blank page).

Does anyone have any clues?

I am physically in the office on a Sunday, so it's pretty important I get this working.

        <anonymousAuthentication enabled="false" />
        <basicAuthentication enabled="true" />
        <digestAuthentication enabled="false" />
        <windowsAuthentication enabled="false" />
        <iisClientCertificateMappingAuthentication enabled="true" manyToOneCertificateMappingsEnabled="true">
            <add name="Administrator (harper)" enabled="true" permissionMode="Allow" userName="admin" password="[enc:AesProvider:pEdQMgQnLDDpF0EnJieHsdUfkMGi86amMq9T3GOdMgdEbkKh+dTZs99SYLG8o:enc]">
                <add certificateField="Subject" certificateSubField="CN" matchCriteria="HARPER.GEOFF" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="O" matchCriteria="Franklin Mint" compareCaseSensitive="true" />
                <add certificateField="Subject" certificateSubField="OU" matchCriteria="Coins" compareCaseSensitive="true" />
      <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />

Open in new window

Question by:GeoffHarper
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4

Expert Comment

ID: 35052153
What it looks as is that you are trying to use the url on the same server where you have the site and please share if you are using a different host header name, If yes then you will have to add that host header in backward host header check or disable loopback check  in registry, Follow this article : 

Other than that Please check site is in trusted sites and if there is any error in ULS logs or event logs

Author Comment

ID: 35052940

No, I actually haven't tried to load the URL on the same server the site is on.  This is definitely behavior from the client computer.  As I said, the same setup works on a development server but not the production.  The development hostname is setup in DNS the same way production is, but with the letters "test" added to the machine name part.

I did earlier today add the host in that backward host header check but have not tried the disable loopback.
LVL 12

Expert Comment

ID: 35055256

Do you have an Alternative Access Mapping for the host header?  If not, your request is probably not getting passed from IIS to SharePoint.
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.


Author Comment

ID: 35055984

Thanks for the idea.  I was pretty sure I had configured (and I checked; I did) it but you're right, it is acting as if there was no Alternate Access Mappings.  I double-checked to make sure hoping it was blank, but, alas, I configured it.

Any other ideas are welcome, even if you think I must have already thought of them!
LVL 12

Accepted Solution

Hairbrush earned 2000 total points
ID: 35056390

How about trying this:

On your test/production server, fire up ULSViewer ( and then do an IISReset.  On your client, refresh your page.  Watch in ULSViewer to see what ULS log entries are written.  If nothing comes up, you know you've still got a config issue preventing your request getting to SharePoint.  If you do see entries, they might indicate the problem.

Author Comment

ID: 35056858

Ok, I'll try it.  Unfortunately, I won't be able to try it until lunchtime or after work because people are using the site.  They are currently using user/password to get in and my instructed goal is to allow logons by CAC only.

Author Comment

ID: 35063039

Ok, this was good in that it narrows it down!  I saw nothing.  Later I did observe the kind of stuff showing a bit of what SharePoint is doing when running it, so it was interesting.

I did this again just to make sure, and NOTHING.

So, the problem lies somewhere before the URL gets passed off to SharePoint, right?

I don't have a clue right now.  Also, a reminder that this whole thing works on my development machine, just not the production.

I have just spent some time comparing applicationHost.config and web.config files and other than the expected differences (test url name, machine name, etc.) they are the same.

Any ideas?
LVL 12

Expert Comment

ID: 35067939
To get the site onto the production machine, did you transfer it by backup and restore of the SQL database, and then you did you configure the different host header name in IIS?  If so, I think that is where the problem lies.  You should extend the site, following the procedure described in one or more of the pages below:{72C1C85B-1D2D-4A4A-90DE-CA74A7808184}&pID=804

Let me know how you get on.


Assisted Solution

GeoffHarper earned 0 total points
ID: 35069284

No, I didn't do a restore.  I actually only modified web.config and applicationHost.config on the development side to get this working, so I manually merged my changes into the same files on production.

However, that is now a moot point.  I have solved the issue.

The ULSViewer pointer really helped a lot because prior to running it, I was convinced that SharePoint was the culprit.

As I began to search for "IIS blank page" and the like, I found this link
which allowed me to see that there actually was an error 403 occurring!  I turned on the "detail" for "Error Pages" under the site's config GUI (BTW, "Failed Request Tracing" doesn't work on this machine; I get an error when I try to configure it or turn it on) and It said that the client's certificate was invalid, expired, revoked, or server couldn't verify it.

This clued me in to something I disabled about a year ago: The CRL (Certificate Revocation List) check.  We have a machine which is not on the Internet; it is only on a secured Intranet and there are no CRLs available so our only choice is to leave it disabled.  So, I thought that somehow it must have been turned back on so I ran my .BAT file which sets the registry entry (see 2nd comment: Then I rebooted (you have to for it to take effect).

I still had the same problem!  So, I went into the registry to actually look at the value under the "" key and it was "1" (which is disabled; correct)!  What I saw though, and had no idea existed, were parallel keys with the specific IP address spelled out.  That's the key IIS was looking at.  The value under that key needed to be set.  Once I changed that and rebooted, it all works perfectly!

Now, I am still new to this experts-exchange process of "Accept Solution" and "Accept and award points" so do you get the points because you helped me arrive at my answer, or don't get points because you didn't give the solution?

LVL 12

Expert Comment

ID: 35069468
Hi Geoff

Really glad you reached a solution.

There is a useful guide on how best to close a question here:

In this instance you could either:

Accept an Expert's Comment as the Solution on the basis that a particular comment "led you to the solution"


accept your own comment as the solution but click "Accept and Award Points" to award points for a comment that helped you

You are also asked to grade the solution.  An answer is worth an A, unless it doesn't resolve your issue. If it requires you to do a little more research, then it's worth a B.

Hope this helps!

Author Closing Comment

ID: 35120593
Expert really helped the process along by suggesting ULSViewer - this led to the solution.

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question