Solved

Sharepoint 2010 Anonymous Access refuses to cooperate

Posted on 2013-11-15
7
378 Views
Last Modified: 2014-01-07
I have followed the steps in any of the hundreds of "basic steps to enabling SharePoint anonymous authentication" sites you will find (example).

I am doing this with a newly created Sharepoint 2010 web application, which I have extended into the "Internet" zone, and have enabled anonymous authentication on (both in the site collection and the web application).  When I try to access any of the .aspx pages, I get a 401 error.

However, I AM able to anonymously access other files on the site, such as graphic files.  So for example, if I punch this into a browser:
https://my.site.edu/sites/catalog/_layouts/images/blank.gif
or
https://my.site.edu/sites/catalog/Style%20Library/Images/Search_Arrow.jpg

They both pull up successfully.

So, something somewhere doesn't have the right permissions or something when it comes to pulling up actual full pages, but I have no idea where to even look.  I checked, and the master pages are all checked in, so are all the other pages I've looked at.  How do I track down what is causing this 401?
0
Comment
Question by:mgudites1
  • 4
  • 2
7 Comments
 
LVL 44

Assisted Solution

by:Rainer Jeschor
Rainer Jeschor earned 500 total points
ID: 39651318
Hi,
multiple areas you migh check:
- Review the IIS log for your web application - the status code should be at the end of each request
- Use a proxy like "Fiddler" to track each and every request and the return codes (alternatives are IE 11 (works beautiful) or Firefox or Chrome

Is this a publishing site / do you have activated any kind of approval processes?
It could be that an unpublished / unapproved page / element can cause this.

Anything else special on your page (e.g. third party web parts, custom master page ....)
Any reference added hard-coded to the internal url (which is not running anonymously)?

Thanks and HTH
Rainer
0
 
LVL 1

Author Comment

by:mgudites1
ID: 39651361
Hi Rainer,

To answer your questions:

In IIS, I do see hits, but I'm not sure if this is telling me anything:
2013-11-15 15:13:26 10.2.1.217 GET /sites/catalog/ - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 200 0 0 31
2013-11-15 15:13:26 10.2.1.217 GET /sites/catalog/Pages/SectionsHome.aspx - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 0 0 234
2013-11-15 15:13:39 10.2.1.217 GET /favicon.ico - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 404 0 2 203
2013-11-15 15:13:40 10.2.1.217 GET /sites/catalog/Pages/SectionsHome.aspx - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 0 0 234

Open in new window


I actually tried Fiddler, but I can't really make sense of anything that's in there...at least I don't see anything that screams "problem."

I'm not sure if this is what you meant but, Sharepoint Server Publishing feature is active on this site.  I can't find anything that isn't published or approved.  When I go to "Content and Structure Reports" and I look at the "All Draft Documents" report, no folder has any draft documents.  I have not activated any kind of approval processes at this point.

No third-party stuff on the page, and I even tried creating a new, blank page and I can't get that to open anonymously either.  I also tried swapping the master page, making sure I'm using one that's Microsoft-provided, and no dice.  

There's nothing on the page referencing the internal URL, and I also did a view-source to see if I saw any references to the internal URL in there as well...nothing.

stumped :-/
0
 
LVL 15

Expert Comment

by:Walter Curtis
ID: 39678978
Make that in IIS anonymous access is enabled for the extended SharePoint site.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:mgudites1
ID: 39678989
It is.
0
 
LVL 1

Accepted Solution

by:
mgudites1 earned 0 total points
ID: 39679154
We made a breakthrough today and found what is likely causing the problem; I will test it tonight during non-peak hours.

I found that in IIS, among our various SharePoint sites, one site in particular (one of our older sites) has a binding of *:443 instead of server.whatever.com:443.  This is the last site that was created prior to these new sites that I'm trying to get working with anonymous access.

The ApplicationHost.config file looks something like this:

    <site name="Our SharePoint Portal" id="1234" serverAutoStart="true">
                    <binding protocol="https" bindingInformation=":portal.whatever.com:443:" />
    </bindings>

    <site name="Another SharePoint Site" id="2020801276" serverAutoStart="true">
                    <binding protocol="https" bindingInformation="*:443:" />
    </bindings>

    <site name="New Anonymous Site" id="5678" serverAutoStart="true">
                    <binding protocol="https" bindingInformation="anon.whatever.com:443:" />
    </bindings>

Open in new window


The top two sites are working, but when requests for the new site anon.whatever.com are made, it's utilizing the middle entry (*:443) because technically, it's a match.  I found that I can disable the new IIS web site that was created for our new anonymous application, and it still works!!  Because, requests for it are actually going through the IIS instance for one of our other SharePoint applications.  So basically, this new web app is running through the IIS instance for the old web apps, even though we specifically specified for it to use new IIS sites.

In short, I think all I need to do is add a host header for the older site that is missing it (entry #2 in my code above), and then my new site should start running on the IIS instance that it's actually supposed to be running on.
0
 
LVL 15

Expert Comment

by:Walter Curtis
ID: 39679215
Great work. Keep in mind any modifications to Alternative Access Mapping in SharePoint you may have to make.
0
 
LVL 1

Author Closing Comment

by:mgudites1
ID: 39761633
We ended up figuring it out
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
There is one common problem that all we SharePoint developers share: custom solution deployment. This topic can't be covered fully in this short article, so all I want to do in this one is to review it from a development-to-operations perspectiv…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now