Sharepoint 2010 Users Access Denied

SharePoint 2010 SP2 64 Bit
Windows 2012 R2 Standard 64 bit
SQL 2008 on Windows 2008 R2
Clients Windows 7 8 and Vista
IIS 8.5

All clients can browse using IE http://server13:29431  for Central Administration

No client can access the Site Collection created      http://server13/sites/sharepoint2010
Just simple now I have a DNS record for the server13 http://sharepointsite.com/sites/sharepoint2010

Both do not work.  ERROR: Access Denied

IIS logs reflex the same error ACCESS Denied

On the server when I do http://server13:29431 I get into Central Administration  I can find sites/sharepoint anywhere?

When I go the Site actions choose site permissions  it is just for Central Administation

I ran this in powershell   Get-SPWeb -Identity http://server13/sites/sharepoint2010  (see attached)

What am I missing here?

Please help

Thanks

Tom
sharepoint-2010-get-spweb.txt
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jamie McAllister MVPSharePoint ConsultantCommented:
Check the App Pool credentials in IIS are OK for this site.

Use Fiddler to see what is being denied, might be a specific resource. (www.fiddler2.com)

Login as one of the Site Collection Admin users. Same issue?

Set a policy in the Web Application via Central Admin to allow read. Can you get in now?
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

First thank you for the quick response.

1. Check the App Pool credentials in IIS are OK for this site.
I am new to IIS 8.5 where do I look for the App Pool credentials?
Do you mean the security settings on the site I have WSS_ADMIN_WPG and WSS_WPG both are on the local server even tho this is in a domain. I added my account and the domain administrator account into those groups no luck yet.

2. Use Fiddler to see what is being denied, might be a specific resource
Downloaded fiddler will try that later.

3. Login as one of the Site Collection Admin users. Same issue?
Yes no matter what account I use I get same error access denied.

4. Set a policy in the Web Application via Central Admin to allow read. Can you get in now?
You mean Policy for Web Application?  
In there I have three entries
All Zones NT Authority\Local Service   NT Authority\Local Service    Full Read
All Zones Search Crawling Account  My domain user id                      Full Read, Full Control
All Zones Mydomain\SPGroup           Mydomain\SPGroup                  Full Read

Last one is a Domain Group with several users listed.

Thoughts?
martushaProduct managerCommented:
What is your content access account for that web application? It is the same as search crawling account? If different - in that policy it also should be with Full Read permissions. Also Farm account as well.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Yes both are the same but thanks for pointing me to this I have a domain user account mine as this.
Going to change to a service type account.

What do you mean by this?

"Also Farm account as well."
Jamie McAllister MVPSharePoint ConsultantCommented:
1. Same place as previous IIS versions. Open the machine name in IIS, then click Application Pools. Look at the identity column for each and double check those accounts and credentials are all still OK.

2. Any Fiddler results?

3. OK

4. Create a policy for your own UID Full Read for the Application. If you can't get in after that you know it's not access denied for your own account. Refer to point 1.

5. Random question; Is there a firewall between the farm and DC?
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

1. Found Application Pools thanks

2.  Where should I run and install Fiddler?

3.

4.  My user account was in No 1 above. going to change that to a service type account.

5. Yes firewall running on the Windows 2012 Server where SharePoint is installed , Do not believe the Firewall is the issue SharePoint Web is using port 80 which is open I have other sites using port 80  on same IIS 8.5 which work fine.

Thoughts?
Jamie McAllister MVPSharePoint ConsultantCommented:
2. Go to www.fiddler2.com and install on your PC. Visit the troublesome site and see what you're getting 401's on.

5. Is there a firewall between your SharePoint servers and your DC?
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

2. OK

5. Yes firewall running on the Windows 2012 Server where SharePoint is installed , Do not believe the Firewall is the issue SharePoint Web is using port 80 which is open I have other sites using port 80  on same IIS 8.5 which work fine.
Jamie McAllister MVPSharePoint ConsultantCommented:
Authentication via your DC doesn't operate on port 80, this is why I asked.
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

OK then what needs to be opened on the firewall running on my windows 2012 server for sharepoint 2010?
Jamie McAllister MVPSharePoint ConsultantCommented:
Honestly when diagnosing something like this I'd turn the firewall off briefly and see if the issue resolves. If not, re-enable and forget that avenue.

This sort of general access denied, my money is still on App Pool or other service accounts having an expired or wrong password. Though I'm biased due to a recent incident in one of my own farms...
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

When you turn off the firewall you loose all network access that is not an option.

Way too many things in the firewall settings that will cause issues.

I agree the APP Pool changes may fix this will get to that later tonight. Off site now.
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

Ran Fiddler

#      Result      Protocol      Host      URL      Body      Caching      Content-Type      Process      Comments      Custom      
4      401      HTTP      sharepointtgcs.com      /sites/sharepoint2010      0                  iexplore:16008                  
#      Result      Protocol      Host      URL      Body      Caching      Content-Type      Process      Comments      Custom      
5      401      HTTP      sharepointtgcs.com      /sites/sharepoint2010      0                  iexplore:16008                  
#      Result      Protocol      Host      URL      Body      Caching      Content-Type      Process      Comments      Custom      
6      302      HTTP      sharepointtgcs.com      /sites/sharepoint2010      189            text/html; charset=UTF-8      iexplore:16008            #      Result      Protocol      Host      URL      Body      Caching      Content-Type      Process      Comments      Custom      
7      302      HTTP      sharepointtgcs.com      /sites/sharepoint2010/SitePages/Home.aspx      282      private      text/html; charset=utf-8      iexplore:16008                  
#      Result      Protocol      Host      URL      Body      Caching      Content-Type      Process      Comments      Custom      
8      200      HTTP      sharepointtgcs.com      /sites/Sharepoint2010/_layouts/AccessDenied.aspx?Source=http%3A%2F%2Fsharepointtgcs%2Ecom%2Fsites%2Fsharepoint2010%2FSitePages%2FHome%2Easpx      3,999      private      text/html; charset=utf-8      iexplore:16008                  

Made the App pool changes did an iisreset /noforce

And above are the results access denied

My url is http://sharepointtgcs.com/sites/sharepoint2010

In fiddler it goes to
http://sharepointtgcs.com/sites/sharepoint2010/SitePages/Home.aspx

That is why error 404 I think do not know where that file is?


After I changed the content access account to match the search crawling account

Do I need to restart the sharepoint services?
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

On the firewall question you had.

I do not believe it is a firewall issue

My reason is

I get the same ERROR access denied when I try to access the site on the same server that I am running sharepoint on

On the SharePoint server I have tried several different accounts same results access denied.

If I can not access the site from the sharepoint server then I do not think I have a firewall issue

It is a security setting somewhere in sharepoint a service account or something not correct

Really need help on this.

Thanks
Jamie McAllister MVPSharePoint ConsultantCommented:
Go to Central Administration -> Site Collection -> Quotas and Locks" and check that your site collection isn't in a "no access" state

Check your cache settings as detailed here; http://brainlitter.com/2011/08/30/resolution-for-site-collection-admins-in-new-site-collection-get-access-denied/

Check your site collection actually got created (I think you're fine, but wording on original question made me wonder);

http://sharepoint.stackexchange.com/questions/26568/going-to-a-site-collection-homepage-gives-a-404

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

Thanks will check that out later today.
Thomas GrassiSystems AdministratorAuthor Commented:
Jamie

The site was not locked.

This lead me to the fix
Check your cache settings as detailed here; http://brainlitter.com/2011/08/30/resolution-for-site-collection-admins-in-new-site-collection-get-access-denied/


Had to add sp.superuser full control and sp.superreader full read and all the users with full read to the policy of the site

No have access from all computers and browsers.

Thanks for your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.