Solved

Sharepoint 2010 Anonymous Access refuses to cooperate

Posted on 2013-11-15
7
362 Views
Last Modified: 2014-01-07
I have followed the steps in any of the hundreds of "basic steps to enabling SharePoint anonymous authentication" sites you will find (example).

I am doing this with a newly created Sharepoint 2010 web application, which I have extended into the "Internet" zone, and have enabled anonymous authentication on (both in the site collection and the web application).  When I try to access any of the .aspx pages, I get a 401 error.

However, I AM able to anonymously access other files on the site, such as graphic files.  So for example, if I punch this into a browser:
https://my.site.edu/sites/catalog/_layouts/images/blank.gif
or
https://my.site.edu/sites/catalog/Style%20Library/Images/Search_Arrow.jpg

They both pull up successfully.

So, something somewhere doesn't have the right permissions or something when it comes to pulling up actual full pages, but I have no idea where to even look.  I checked, and the master pages are all checked in, so are all the other pages I've looked at.  How do I track down what is causing this 401?
0
Comment
Question by:mgudites1
  • 4
  • 2
7 Comments
 
LVL 44

Assisted Solution

by:Rainer Jeschor
Rainer Jeschor earned 500 total points
Comment Utility
Hi,
multiple areas you migh check:
- Review the IIS log for your web application - the status code should be at the end of each request
- Use a proxy like "Fiddler" to track each and every request and the return codes (alternatives are IE 11 (works beautiful) or Firefox or Chrome

Is this a publishing site / do you have activated any kind of approval processes?
It could be that an unpublished / unapproved page / element can cause this.

Anything else special on your page (e.g. third party web parts, custom master page ....)
Any reference added hard-coded to the internal url (which is not running anonymously)?

Thanks and HTH
Rainer
0
 
LVL 1

Author Comment

by:mgudites1
Comment Utility
Hi Rainer,

To answer your questions:

In IIS, I do see hits, but I'm not sure if this is telling me anything:
2013-11-15 15:13:26 10.2.1.217 GET /sites/catalog/ - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 200 0 0 31
2013-11-15 15:13:26 10.2.1.217 GET /sites/catalog/Pages/SectionsHome.aspx - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 0 0 234
2013-11-15 15:13:39 10.2.1.217 GET /favicon.ico - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 404 0 2 203
2013-11-15 15:13:40 10.2.1.217 GET /sites/catalog/Pages/SectionsHome.aspx - 443 - 10.1.0.40 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 0 0 234

Open in new window


I actually tried Fiddler, but I can't really make sense of anything that's in there...at least I don't see anything that screams "problem."

I'm not sure if this is what you meant but, Sharepoint Server Publishing feature is active on this site.  I can't find anything that isn't published or approved.  When I go to "Content and Structure Reports" and I look at the "All Draft Documents" report, no folder has any draft documents.  I have not activated any kind of approval processes at this point.

No third-party stuff on the page, and I even tried creating a new, blank page and I can't get that to open anonymously either.  I also tried swapping the master page, making sure I'm using one that's Microsoft-provided, and no dice.  

There's nothing on the page referencing the internal URL, and I also did a view-source to see if I saw any references to the internal URL in there as well...nothing.

stumped :-/
0
 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
Make that in IIS anonymous access is enabled for the extended SharePoint site.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:mgudites1
Comment Utility
It is.
0
 
LVL 1

Accepted Solution

by:
mgudites1 earned 0 total points
Comment Utility
We made a breakthrough today and found what is likely causing the problem; I will test it tonight during non-peak hours.

I found that in IIS, among our various SharePoint sites, one site in particular (one of our older sites) has a binding of *:443 instead of server.whatever.com:443.  This is the last site that was created prior to these new sites that I'm trying to get working with anonymous access.

The ApplicationHost.config file looks something like this:

    <site name="Our SharePoint Portal" id="1234" serverAutoStart="true">
                    <binding protocol="https" bindingInformation=":portal.whatever.com:443:" />
    </bindings>

    <site name="Another SharePoint Site" id="2020801276" serverAutoStart="true">
                    <binding protocol="https" bindingInformation="*:443:" />
    </bindings>

    <site name="New Anonymous Site" id="5678" serverAutoStart="true">
                    <binding protocol="https" bindingInformation="anon.whatever.com:443:" />
    </bindings>

Open in new window


The top two sites are working, but when requests for the new site anon.whatever.com are made, it's utilizing the middle entry (*:443) because technically, it's a match.  I found that I can disable the new IIS web site that was created for our new anonymous application, and it still works!!  Because, requests for it are actually going through the IIS instance for one of our other SharePoint applications.  So basically, this new web app is running through the IIS instance for the old web apps, even though we specifically specified for it to use new IIS sites.

In short, I think all I need to do is add a host header for the older site that is missing it (entry #2 in my code above), and then my new site should start running on the IIS instance that it's actually supposed to be running on.
0
 
LVL 14

Expert Comment

by:SneekCo
Comment Utility
Great work. Keep in mind any modifications to Alternative Access Mapping in SharePoint you may have to make.
0
 
LVL 1

Author Closing Comment

by:mgudites1
Comment Utility
We ended up figuring it out
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Last week I faced a strange issue recently, i have deployed SharePoint 2003 servers for one project and one of the requirements was to open SharePoint site from same server. when i was trying to open site from the same server i was getting authentic…
Pimping Sharepoint 2007 without Server-Side Code Part 1 One of my biggest frustrations with Sharepoint 2007 in the corporate world is that while good-intentioned managers lock down the more interesting capabilities of Sharepoint programming in…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now