Solved

Sharepoint 2010 Anonymous Access refuses to cooperate

Posted on 2013-11-15
7
386 Views
Last Modified: 2014-01-07
I have followed the steps in any of the hundreds of "basic steps to enabling SharePoint anonymous authentication" sites you will find (example).

I am doing this with a newly created Sharepoint 2010 web application, which I have extended into the "Internet" zone, and have enabled anonymous authentication on (both in the site collection and the web application).  When I try to access any of the .aspx pages, I get a 401 error.

However, I AM able to anonymously access other files on the site, such as graphic files.  So for example, if I punch this into a browser:
https://my.site.edu/sites/catalog/_layouts/images/blank.gif
or
https://my.site.edu/sites/catalog/Style%20Library/Images/Search_Arrow.jpg

They both pull up successfully.

So, something somewhere doesn't have the right permissions or something when it comes to pulling up actual full pages, but I have no idea where to even look.  I checked, and the master pages are all checked in, so are all the other pages I've looked at.  How do I track down what is causing this 401?
0
Comment
Question by:mgudites1
  • 4
  • 2
7 Comments
 
LVL 44

Assisted Solution

by:Rainer Jeschor
Rainer Jeschor earned 500 total points
ID: 39651318
Hi,
multiple areas you migh check:
- Review the IIS log for your web application - the status code should be at the end of each request
- Use a proxy like "Fiddler" to track each and every request and the return codes (alternatives are IE 11 (works beautiful) or Firefox or Chrome

Is this a publishing site / do you have activated any kind of approval processes?
It could be that an unpublished / unapproved page / element can cause this.

Anything else special on your page (e.g. third party web parts, custom master page ....)
Any reference added hard-coded to the internal url (which is not running anonymously)?

Thanks and HTH
Rainer
0
 
LVL 1

Author Comment

by:mgudites1
ID: 39651361
Hi Rainer,

To answer your questions:

In IIS, I do see hits, but I'm not sure if this is telling me anything:
2013-11-15 15:13:26 10.2.1.217 GET /sites/catalog/ - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 200 0 0 31
2013-11-15 15:13:26 10.2.1.217 GET /sites/catalog/Pages/SectionsHome.aspx - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 0 0 234
2013-11-15 15:13:39 10.2.1.217 GET /favicon.ico - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 404 0 2 203
2013-11-15 15:13:40 10.2.1.217 GET /sites/catalog/Pages/SectionsHome.aspx - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 0 0 234

Open in new window


I actually tried Fiddler, but I can't really make sense of anything that's in there...at least I don't see anything that screams "problem."

I'm not sure if this is what you meant but, Sharepoint Server Publishing feature is active on this site.  I can't find anything that isn't published or approved.  When I go to "Content and Structure Reports" and I look at the "All Draft Documents" report, no folder has any draft documents.  I have not activated any kind of approval processes at this point.

No third-party stuff on the page, and I even tried creating a new, blank page and I can't get that to open anonymously either.  I also tried swapping the master page, making sure I'm using one that's Microsoft-provided, and no dice.  

There's nothing on the page referencing the internal URL, and I also did a view-source to see if I saw any references to the internal URL in there as well...nothing.

stumped :-/
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39678978
Make that in IIS anonymous access is enabled for the extended SharePoint site.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 1

Author Comment

by:mgudites1
ID: 39678989
It is.
0
 
LVL 1

Accepted Solution

by:
mgudites1 earned 0 total points
ID: 39679154
We made a breakthrough today and found what is likely causing the problem; I will test it tonight during non-peak hours.

I found that in IIS, among our various SharePoint sites, one site in particular (one of our older sites) has a binding of *:443 instead of server.whatever.com:443.  This is the last site that was created prior to these new sites that I'm trying to get working with anonymous access.

The ApplicationHost.config file looks something like this:

    <site name="Our SharePoint Portal" id="1234" serverAutoStart="true">
                    <binding protocol="https" bindingInformation=":portal.whatever.com:443:" />
    </bindings>

    <site name="Another SharePoint Site" id="2020801276" serverAutoStart="true">
                    <binding protocol="https" bindingInformation="*:443:" />
    </bindings>

    <site name="New Anonymous Site" id="5678" serverAutoStart="true">
                    <binding protocol="https" bindingInformation="anon.whatever.com:443:" />
    </bindings>

Open in new window


The top two sites are working, but when requests for the new site anon.whatever.com are made, it's utilizing the middle entry (*:443) because technically, it's a match.  I found that I can disable the new IIS web site that was created for our new anonymous application, and it still works!!  Because, requests for it are actually going through the IIS instance for one of our other SharePoint applications.  So basically, this new web app is running through the IIS instance for the old web apps, even though we specifically specified for it to use new IIS sites.

In short, I think all I need to do is add a host header for the older site that is missing it (entry #2 in my code above), and then my new site should start running on the IIS instance that it's actually supposed to be running on.
0
 
LVL 16

Expert Comment

by:Walter Curtis
ID: 39679215
Great work. Keep in mind any modifications to Alternative Access Mapping in SharePoint you may have to make.
0
 
LVL 1

Author Closing Comment

by:mgudites1
ID: 39761633
We ended up figuring it out
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last week I faced a strange issue recently, i have deployed SharePoint 2003 servers for one project and one of the requirements was to open SharePoint site from same server. when i was trying to open site from the same server i was getting authentic…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question